version 1.56, 2005/11/22 21:07:16
|
version 1.57, 2005/12/05 16:25:06
|
|
|
Boolean enableAuthentication = false; | Boolean enableAuthentication = false; |
Boolean authenticated = false; | Boolean authenticated = false; |
| |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
CIMKerberosSecurityAssociation *sa = NULL; |
|
// The presence of a Security Association indicates that Kerberos is being used |
|
// Reset flag for subsequent calls to indicate that no Authorization |
|
// record was sent. If one was sent the flag will be appropriately reset later. |
|
// The sa is maintained while the connection is active. |
|
sa = httpMessage->authInfo->getSecurityAssociation(); |
|
if (sa) |
|
{ |
|
sa->setClientSentAuthorization(false); |
|
} |
|
#endif |
|
|
|
|
if (String::equal( | if (String::equal( |
configManager->getCurrentValue( | configManager->getCurrentValue( |
_CONFIG_PARAM_ENABLEAUTHENTICATION), _TRUE)) | _CONFIG_PARAM_ENABLEAUTHENTICATION), _TRUE)) |
{ | { |
enableAuthentication = true; | enableAuthentication = true; |
|
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
// If we are using Kerberos (sa pointer is set), the client has already authenticated, and the client is NOT attempting to re-authenticate (dermined by an Authorization record being sent), then we want to set the local authenticate flag to true so that the authentication logic is skipped. |
|
String authstr = String::EMPTY; |
|
if (sa && sa->getClientAuthenticated() && |
|
!HTTPMessage::lookupHeader(headers, "Authorization", authstr, false)) |
|
{ |
|
authenticated = true; |
|
} |
|
if (!sa) |
|
{ |
|
authenticated = httpMessage->authInfo->isAuthenticated(); |
|
} |
|
#else |
// Client may have already authenticated via SSL. | // Client may have already authenticated via SSL. |
// In this case, no further attempts to authenticate the client are made | // In this case, no further attempts to authenticate the client are made |
authenticated = httpMessage->authInfo->isAuthenticated(); | authenticated = httpMessage->authInfo->isAuthenticated(); |
|
#endif |
// If the request was authenticated via SSL, append the username to the IdentityContainer | // If the request was authenticated via SSL, append the username to the IdentityContainer |
String cimOperation; | String cimOperation; |
if (authenticated && | if (authenticated && |
|
|
} | } |
} | } |
| |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION |
|
// The presence of a Security Association indicates that Kerberos is being used |
|
// Reset flag for subsequent calls to indicate that no Authorization |
|
// record was sent. If one was sent the flag will be appropriately reset later. |
|
// The sa is maintained while the connection is active. |
|
CIMKerberosSecurityAssociation *sa = httpMessage->authInfo->getSecurityAssociation(); |
|
if (sa) |
|
{ |
|
sa->setClientSentAuthorization(false); |
|
} |
|
#endif |
|
| |
if ( HTTPMessage::lookupHeader( | if ( HTTPMessage::lookupHeader( |
headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && | headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && |
|
|
} | } |
} // first not authenticated check | } // first not authenticated check |
} // "Authorization" header check | } // "Authorization" header check |
|
} //end if(!authenticated && enableAuthentication) |
#ifdef PEGASUS_KERBEROS_AUTHENTICATION | #ifdef PEGASUS_KERBEROS_AUTHENTICATION |
// The pointer to the sa is created in the authenticator so we need to also | // The pointer to the sa is created in the authenticator so we need to also |
// assign it here. | // assign it here. |
|
|
} | } |
#endif | #endif |
| |
} //end if(!authenticated && enableAuthentication) |
|
| |
| |
if ( authenticated || !enableAuthentication ) | if ( authenticated || !enableAuthentication ) |