Return to HTTPAuthenticatorDelegator.cpp CVS log | Up to [Pegasus] / pegasus / src / WMIMapper / PegServer |
File: [Pegasus] / pegasus / src / WMIMapper / PegServer / HTTPAuthenticatorDelegator.cpp
(download)
Revision: 1.26, Tue Apr 8 16:15:39 2014 UTC (10 years, 2 months ago) by dl.meetei Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, HEAD Changes since 1.25: +1 -245 lines BUG#: 9756 TITLE: build fails when PEGASUS_KERBEROS_AUTHENTICATION defined DESCRIPTION: |
//%LICENSE//////////////////////////////////////////////////////////////// // // Licensed to The Open Group (TOG) under one or more contributor license // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with // this work for additional information regarding copyright ownership. // Each contributor licenses this file to you under the OpenPegasus Open // Source License; you may not use this file except in compliance with the // License. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the "Software"), // to deal in the Software without restriction, including without limitation // the rights to use, copy, modify, merge, publish, distribute, sublicense, // and/or sell copies of the Software, and to permit persons to whom the // Software is furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // ////////////////////////////////////////////////////////////////////////// // //%//////////////////////////////////////////////////////////////////////////// #include <Pegasus/Common/Constants.h> #include <Pegasus/Common/HTTPAcceptor.h> #include <Pegasus/Common/HTTPConnection.h> #include <Pegasus/Common/HTTPMessage.h> #include <Pegasus/Common/XmlWriter.h> #include "HTTPAuthenticatorDelegator.h" PEGASUS_USING_STD; PEGASUS_NAMESPACE_BEGIN HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( Uint32 cimOperationMessageQueueId, Uint32 cimExportMessageQueueId, CIMRepository* repository) : Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, MessageQueue::getNextQueueId()), _cimOperationMessageQueueId(cimOperationMessageQueueId), _cimExportMessageQueueId(cimExportMessageQueueId), _wsmanOperationMessageQueueId(PEG_NOT_FOUND), _repository(repository) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator"); _authenticationManager.reset(new AuthenticationManager()); PEG_METHOD_EXIT(); } HTTPAuthenticatorDelegator::~HTTPAuthenticatorDelegator() { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::~HTTPAuthenticatorDelegator"); PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::enqueue(Message* message) { handleEnqueue(message); } void HTTPAuthenticatorDelegator::_sendResponse( Uint32 queueId, Buffer& message, Boolean closeConnect) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendResponse"); MessageQueue* queue = MessageQueue::lookup(queueId); if (queue) { AutoPtr<HTTPMessage> httpMessage(new HTTPMessage(message)); httpMessage->dest = queue->getQueueId(); queue->enqueue(httpMessage.release()); } PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::_sendChallenge( Uint32 queueId, const String& authResponse, Boolean closeConnect) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendChallenge"); // // build unauthorized (401) response message // Buffer message; XmlWriter::appendUnauthorizedResponseHeader(message, authResponse); _sendResponse(queueId, message, false); PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::_sendHttpError( Uint32 queueId, const String& status, const String& cimError, const String& pegasusError, Boolean closeConnect) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendHttpError"); // // build error response message // Buffer message; message = XmlWriter::formatHttpErrorRspMessage( status, cimError, pegasusError); _sendResponse(queueId, message, false); PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::handleEnqueue(Message *message) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleEnqueue"); if (!message) { PEG_METHOD_EXIT(); return; } // Flag indicating whether the message should be deleted after handling. // This should be set to false by handleHTTPMessage when the message is // passed as is to another queue. Boolean deleteMessage = true; if (message->getType() == HTTP_MESSAGE) { handleHTTPMessage((HTTPMessage*)message, deleteMessage); } if (deleteMessage) { delete message; } PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::handleEnqueue() { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleEnqueue"); Message* message = dequeue(); if(message) handleEnqueue(message); PEG_METHOD_EXIT(); } void HTTPAuthenticatorDelegator::handleHTTPMessage( HTTPMessage* httpMessage, Boolean & deleteMessage) { PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleHTTPMessage"); Boolean authenticated = false; deleteMessage = true; // ATTN-RK-P3-20020408: This check probably shouldn't be necessary, but // we're getting an empty message when the client closes the connection if (httpMessage->message.size() == 0) { // The message is empty; just drop it PEG_METHOD_EXIT(); return; } // // get the configured authentication flag // // WMI MAPPER SPECIFIC: AUTHENTICATION ALWAYS ENABLED: Boolean enableAuthentication = true; /* NORMAL METHOD OF LOOKING UP AUTHENTICATION CONFIGURATION: Boolean enableAuthentication = ConfigManager::parseBooleanValue( ConfigManager::getInstance()->getCurrentValue("enableAuthentication")); */ // // Save queueId: // Uint32 queueId = httpMessage->queueId; // // Parse the HTTP message: // String startLine; Array<HTTPHeader> headers; Uint32 contentLength; httpMessage->parse(startLine, headers, contentLength); // // Parse the request line: // String methodName; String requestUri; String httpVersion; HttpMethod httpMethod = HTTP_METHOD__POST; HTTPMessage::parseRequestLine( startLine, methodName, requestUri, httpVersion); // // Set HTTP method for the request // if (methodName == "M-POST") { httpMethod = HTTP_METHOD_M_POST; } if (methodName != "M-POST" && methodName != "POST") { // Only POST and M-POST are implemented by this server _sendHttpError(queueId, HTTP_STATUS_NOTIMPLEMENTED); } else if ((httpMethod == HTTP_METHOD_M_POST) && (httpVersion == "HTTP/1.0")) { // // M-POST method is not valid with version 1.0 // _sendHttpError(queueId, HTTP_STATUS_BADREQUEST); } else { // // Process M-POST and POST messages: // PEG_TRACE_CSTRING( TRC_HTTP, Tracer::LEVEL3, "HTTPAuthenticatorDelegator - M-POST/POST processing start"); // // Search for Authorization header: // String authorization; // // Do not require authentication for indication delivery // const char* cimExport; if (enableAuthentication && HTTPMessage::lookupHeader( headers, "CIMExport", cimExport, true)) { enableAuthentication = false; } if ( HTTPMessage::lookupHeader( headers, "PegasusAuthorization", authorization, false) && enableAuthentication ) { try { // // Do pegasus/local authentication // authenticated = _authenticationManager->performPegasusAuthentication( authorization, httpMessage->authInfo); if (!authenticated) { String authChallenge; String authResp; authResp = _authenticationManager->getPegasusAuthResponseHeader( authorization, httpMessage->authInfo); if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp, false); } else { _sendHttpError(queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, "Authorization header error"); } PEG_METHOD_EXIT(); return; } } catch (CannotOpenFile &cof) { _sendHttpError(queueId, HTTP_STATUS_INTERNALSERVERERROR); PEG_METHOD_EXIT(); return; } } if ( HTTPMessage::lookupHeader( headers, "Authorization", authorization, false) && enableAuthentication ) { // // Do http authentication if not authenticated already // if (!authenticated) { authenticated = _authenticationManager->performHttpAuthentication( authorization, httpMessage->authInfo); if (!authenticated) { //ATTN: the number of challenges get sent for a // request on a connection can be pre-set. String authResp = _authenticationManager->getHttpAuthResponseHeader(); if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp, false); } else { _sendHttpError(queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, "Authorization header error"); } PEG_METHOD_EXIT(); return; } } // first not authenticated check } // "Authorization" header check if ( authenticated || !enableAuthentication ) { // // Search for "CIMOperation" header: // const char* cimOperation; if (HTTPMessage::lookupHeader( headers, "CIMOperation", cimOperation, true)) { PEG_TRACE(( TRC_HTTP, Tracer::LEVEL3, "HTTPAuthenticatorDelegator - CIMOperation: %s", cimOperation)); MessageQueue* queue = MessageQueue::lookup(_cimOperationMessageQueueId); if (queue) { httpMessage->dest = queue->getQueueId(); try { queue->enqueue(httpMessage); } catch(exception & e) { delete httpMessage; _sendHttpError(queueId, HTTP_STATUS_REQUEST_TOO_LARGE); PEG_METHOD_EXIT(); deleteMessage = false; return; } deleteMessage = false; } } else if (HTTPMessage::lookupHeader( headers, "CIMExport", cimOperation, true)) { PEG_TRACE(( TRC_HTTP, Tracer::LEVEL3, "HTTPAuthenticatorDelegator - CIMExport: $0", cimOperation)); MessageQueue* queue = MessageQueue::lookup(_cimExportMessageQueueId); if (queue) { httpMessage->dest = queue->getQueueId(); queue->enqueue(httpMessage); deleteMessage = false; } } else { // We don't recognize this request message type // The Specification for CIM Operations over HTTP reads: // // 3.3.4. CIMOperation // // If a CIM Server receives a CIM Operation request without // this [CIMOperation] header, it MUST NOT process it as if // it were a CIM Operation Request. The status code // returned by the CIM Server in response to such a request // is outside of the scope of this specification. // // 3.3.5. CIMExport // // If a CIM Listener receives a CIM Export request without // this [CIMExport] header, it MUST NOT process it. The // status code returned by the CIM Listener in response to // such a request is outside of the scope of this // specification. // // The author has chosen to send a 400 Bad Request error, but // without the CIMError header since this request must not be // processed as a CIM request. _sendHttpError(queueId, HTTP_STATUS_BADREQUEST); PEG_METHOD_EXIT(); return; } // bad request } // authenticated and enableAuthentication check else { // client not authenticated; send challenge String authResp = _authenticationManager->getHttpAuthResponseHeader(); if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp, false); } else { _sendHttpError(queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, "Authorization header error"); } } } // M-POST and POST processing PEG_METHOD_EXIT(); } PEGASUS_NAMESPACE_END
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |