tog-pegasus/pegasus-2.9.0-local-or-remote-auth.patch

536 lines
22 KiB
Diff
Raw Normal View History

diff -up pegasus/src/Executor/Messages.h.orig pegasus/src/Executor/Messages.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Executor/Messages.h.orig 2013-08-27 13:31:54.792029310 +0200
+++ pegasus/src/Executor/Messages.h 2013-08-27 13:32:20.294122741 +0200
@@ -199,6 +199,7 @@ struct ExecutorAuthenticatePasswordReque
{
char username[EXECUTOR_BUFFER_SIZE];
char password[EXECUTOR_BUFFER_SIZE];
+ Boolean isRemoteUser;
};
struct ExecutorAuthenticatePasswordResponse
diff -up pegasus/src/Executor/PAMAuth.h.orig pegasus/src/Executor/PAMAuth.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Executor/PAMAuth.h.orig 2013-08-27 13:32:39.064191519 +0200
+++ pegasus/src/Executor/PAMAuth.h 2013-08-27 13:47:11.267390738 +0200
2009-06-16 12:09:03 +00:00
@@ -49,6 +49,9 @@
#include <Executor/Defines.h>
#include <Executor/Socket.h>
+#include <syslog.h>
+typedef bool Boolean;
+
#ifdef PEGASUS_FLAVOR
# define PAM_CONFIG_FILE "wbem" PEGASUS_FLAVOR
#else
2013-09-03 10:30:53 +00:00
@@ -397,7 +400,7 @@ static int PAMValidateUserCallback(
*/
static int PAMAuthenticateInProcess(
- const char* username, const char* password)
+ const char* username, const char* password, const Boolean isRemoteUser)
{
PAMData data;
struct pam_conv pconv;
2013-09-03 10:30:53 +00:00
@@ -412,24 +415,54 @@ static int PAMAuthenticateInProcess(
/* intentionally for testing purposes */
/* return PAM_SERVICE_ERR; */
2013-09-03 10:30:53 +00:00
- pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &handle);
+ // NOTE: if any pam call should log anything, our syslog socket will be redirected
+ // to the AUTH facility, so we need to redirect it back after each pam call.
2013-09-03 10:30:53 +00:00
- if (pam_rc != PAM_SUCCESS)
+ if ((pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &handle)) != PAM_SUCCESS)
{
- return pam_rc;
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_start failed: %s", pam_strerror(handle, pam_rc));
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local", username);
+ return -1;
2013-09-03 10:30:53 +00:00
}
2013-09-03 10:30:53 +00:00
- pam_rc = pam_authenticate(handle, 0);
- if (pam_rc != PAM_SUCCESS)
+ if ((pam_rc = pam_set_item(handle, PAM_TTY, isRemoteUser ? "wbemNetwork" : "wbemLocal")) != PAM_SUCCESS)
{
pam_end(handle, 0);
- return pam_rc;
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_set_item(PAM_TTY=wbem) failed: %s", pam_strerror(handle, pam_rc));
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local", username);
2013-09-03 10:30:53 +00:00
+ return -1;
}
2013-09-03 10:30:53 +00:00
- pam_rc = pam_acct_mgmt(handle, 0);
+ if ((pam_rc = pam_authenticate(handle, 0)) != PAM_SUCCESS)
+ {
+ pam_end(handle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_authenticate failed: %s",pam_strerror(handle, pam_rc));
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local", username);
2013-09-03 10:30:53 +00:00
+ return -1;
+ }
+
+ if ((pam_rc = pam_acct_mgmt(handle, 0)) != PAM_SUCCESS)
+ {
+ pam_end(handle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_acct_mgmt failed: %s",pam_strerror(handle, pam_rc));
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local", username);
2013-09-03 10:30:53 +00:00
+ return -1;
+ }
2013-09-03 10:30:53 +00:00
pam_end(handle, 0);
- return pam_rc;
+ return 0;
}
2013-09-03 10:30:53 +00:00
/*
@@ -452,16 +485,34 @@ static int PAMValidateUserInProcess(cons
pconv.conv = PAMValidateUserCallback;
pconv.appdata_ptr = &data;
2013-09-03 10:30:53 +00:00
- pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &phandle);
- if (pam_rc != PAM_SUCCESS)
+ if ((pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &phandle)) != PAM_SUCCESS)
{
- return pam_rc;
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_start() failed: %s", pam_strerror(phandle, pam_rc));
+ return -1;
}
- pam_rc = pam_acct_mgmt(phandle, 0);
+ if ((pam_rc = pam_set_item(phandle, PAM_TTY, "wbemLocal")) != PAM_SUCCESS)
+ {
2013-09-03 10:30:53 +00:00
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_set_item(PAM_TTY=wbemLocal) failed: %s", pam_strerror(phandle, pam_rc));
+ return -1;
+ }
+
2013-09-03 10:30:53 +00:00
+ if ((pam_rc = pam_acct_mgmt(phandle, 0)) != PAM_SUCCESS)
+ {
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
2013-09-03 10:30:53 +00:00
+ syslog(LOG_ERR, "pam_acct_mgmt() failed: %s", pam_strerror(phandle, pam_rc));
+ return -1;
+ }
2013-09-03 10:30:53 +00:00
pam_end(phandle, 0);
- return pam_rc;
+ return 0;
}
2013-09-03 10:30:53 +00:00
/*
@@ -474,12 +525,12 @@ static int PAMValidateUserInProcess(cons
**==============================================================================
*/
-static int PAMAuthenticate(const char* username, const char* password)
+static int PAMAuthenticate(const char* username, const char* password, const Boolean isRemoteUser)
{
#ifdef PEGASUS_USE_PAM_STANDALONE_PROC
return CimserveraProcessOperation("authenticate", username, password);
#else
- return PAMAuthenticateInProcess(username, password);
+ return PAMAuthenticateInProcess(username, password, isRemoteUser);
#endif
}
diff -up pegasus/src/Executor/Parent.c.orig pegasus/src/Executor/Parent.c
2013-09-03 10:30:53 +00:00
--- pegasus/src/Executor/Parent.c.orig 2013-08-27 13:51:12.419277041 +0200
+++ pegasus/src/Executor/Parent.c 2013-08-27 13:52:50.434650395 +0200
@@ -634,7 +634,7 @@ static void HandleAuthenticatePasswordRe
2011-05-19 13:50:06 +00:00
#if defined(PEGASUS_PAM_AUTHENTICATION)
2013-09-03 10:30:53 +00:00
- status = PAMAuthenticate(request.username, request.password);
+ status = PAMAuthenticate(request.username, request.password, request.isRemoteUser);
if (status == PAM_SUCCESS)
2011-05-19 13:50:06 +00:00
{
diff -up pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c
2013-09-03 10:30:53 +00:00
--- pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig 2013-08-27 13:53:14.882743374 +0200
+++ pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c 2013-08-27 13:53:39.089835311 +0200
2011-05-19 13:50:06 +00:00
@@ -49,7 +49,7 @@ int main()
sprintf(prompt, "Enter password for %s: ", PEGASUS_CIMSERVERMAIN_USER);
pw = getpass(prompt);
- if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw) == 0)
+ if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw, 0) == 0)
printf("Correct password\n");
else
printf("Wrong password\n");
diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig pegasus/src/Pegasus/Common/AuthenticationInfo.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig 2013-08-27 13:54:15.842974734 +0200
+++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2013-08-27 13:55:32.977266918 +0200
@@ -353,6 +353,22 @@ public:
return _rep->getRemotePrivilegedUserAccessChecked();
}
2009-06-16 12:09:03 +00:00
+ /** Indicate whether the user is Remote
+ */
+ Boolean isRemoteUser() const
+ {
+ CheckRep(_rep);
+ return _rep->isRemoteUser();
+ }
+
2009-06-16 12:09:03 +00:00
+ /** Set the Remote User flag
+ */
+ void setRemoteUser(Boolean isRemoteUser)
+ {
+ CheckRep(_rep);
+ _rep->setRemoteUser(isRemoteUser);
+ }
+
2013-09-03 10:30:53 +00:00
void setAuthHandle(const AuthHandle & authHandle)
{
CheckRep(_rep);
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig 2013-08-27 13:56:01.394374402 +0200
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2013-08-27 13:59:22.129131385 +0200
@@ -47,6 +47,7 @@ const String AuthenticationInfoRep::AUTH
AuthenticationInfoRep::AuthenticationInfoRep()
: _connectionAuthenticated(false),
2013-09-03 10:30:53 +00:00
_wasRemotePrivilegedUserAccessChecked(false),
+ _isRemoteUser(true),
_authHandle(),
_isExpiredPassword(false)
{
2013-09-03 10:30:53 +00:00
@@ -81,6 +82,16 @@ AuthenticationInfoRep::~AuthenticationIn
PEG_METHOD_EXIT();
}
2009-06-16 12:09:03 +00:00
+void AuthenticationInfoRep::setRemoteUser(Boolean isRemoteUser)
+{
+ PEG_METHOD_ENTER(TRC_AUTHENTICATION,
+ "AuthenticationInfoRep::setRemoteUser");
+
+ _isRemoteUser = isRemoteUser;
+
+ PEG_METHOD_EXIT();
+}
+
void AuthenticationInfoRep::setConnectionAuthenticated(
Boolean connectionAuthenticated)
{
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig 2013-08-27 13:59:47.458226631 +0200
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2013-08-27 14:01:27.744603255 +0200
2009-06-16 12:09:03 +00:00
@@ -147,6 +147,13 @@ public:
void setSecurityAssociation();
#endif
+ Boolean isRemoteUser() const
+ {
+ return _isRemoteUser;
+ }
+
+ void setRemoteUser(Boolean isRemoteUser);
+
Array<SSLCertificateInfo*> getClientCertificateChain()
{
return _clientCertificate;
2013-09-03 10:30:53 +00:00
@@ -218,6 +225,8 @@ private:
Array<SSLCertificateInfo*> _clientCertificate;
2013-09-03 10:30:53 +00:00
+ Boolean _isRemoteUser;
+
AuthHandle _authHandle;
String _userRole;
Boolean _isExpiredPassword;
diff -up pegasus/src/Pegasus/Common/Executor.cpp.orig pegasus/src/Pegasus/Common/Executor.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/Executor.cpp.orig 2013-08-27 14:01:50.929690223 +0200
+++ pegasus/src/Pegasus/Common/Executor.cpp 2013-08-27 14:07:28.655952891 +0200
2011-05-19 13:50:06 +00:00
@@ -126,7 +126,8 @@ public:
virtual int authenticatePassword(
const char* username,
- const char* password) = 0;
+ const char* password,
+ Boolean isRemoteUser) = 0;
virtual int validateUser(
const char* username) = 0;
2013-09-03 10:30:53 +00:00
@@ -562,9 +563,10 @@ public:
#if defined(PEGASUS_PAM_AUTHENTICATION)
virtual int authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
- return PAMAuthenticate(username, password);
+ return PAMAuthenticate(username, password, isRemoteUser);
2013-09-03 10:30:53 +00:00
}
virtual int validateUser(
@@ -912,7 +914,8 @@ public:
virtual int authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
AutoMutex autoMutex(_mutex);
2013-09-03 10:30:53 +00:00
@@ -930,6 +933,7 @@ public:
memset(&request, 0, sizeof(request));
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);
Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE);
+ request.isRemoteUser = isRemoteUser;
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))
return -1;
2013-09-03 10:30:53 +00:00
@@ -1181,10 +1185,11 @@ int Executor::reapProviderAgent(
int Executor::authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
once(&_executorImplOnce, _initExecutorImpl);
- return _executorImpl->authenticatePassword(username, password);
+ return _executorImpl->authenticatePassword(username, password, isRemoteUser);
}
int Executor::validateUser(
diff -up pegasus/src/Pegasus/Common/Executor.h.orig pegasus/src/Pegasus/Common/Executor.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/Executor.h.orig 2013-08-27 14:09:28.767397015 +0200
+++ pegasus/src/Pegasus/Common/Executor.h 2013-08-27 14:10:55.934717862 +0200
2011-05-19 13:50:06 +00:00
@@ -184,7 +184,8 @@ public:
*/
static int authenticatePassword(
const char* username,
- const char* password);
+ const char* password,
+ Boolean isRemoteUser);
/** Check whether the given user is valid for the underlying authentcation
mechanism.
diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig pegasus/src/Pegasus/Common/HTTPConnection.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig 2013-08-27 14:11:11.103773653 +0200
+++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2013-08-27 14:12:27.743055754 +0200
@@ -2305,6 +2305,70 @@ void HTTPConnection::_handleReadEvent()
message->contentLanguages = contentLanguages;
message->dest = _outputMessageQueue->getQueueId();
+ // Allow authenticators to differentiate Remote and Local users:
+ struct sockaddr_storage sin_peer, sin_svr;
+ socklen_t slen1 = sizeof (struct sockaddr_storage), slen2 = sizeof (struct sockaddr_storage);
+ uint32_t sock = _socket.get()->getSocket() ;
+ memset(&sin_peer,'\0',slen1);
+ memset(&sin_svr, '\0',slen2);
+ if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 )
+ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 )
+ )
+ {
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "sin_peer.ss_family: %d",
+ sin_peer.ss_family));
+ if( sin_peer.ss_family == AF_INET )
+ {
+ struct sockaddr_in *s = (struct sockaddr_in *)&sin_peer;
+ if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent FROM localhost interface
+ message->isFromRemoteHost = false;
+ }
+ if( sin_peer.ss_family == AF_INET6 )
+ {
+ char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_peer;
+ static const unsigned char localhost_bytes[] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
+ inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr));
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "Peer IP address: %s",
+ straddr));
+ if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0)
+ // message was sent FROM localhost interface
+ message->isFromRemoteHost = false;
+ }
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "sin_svr.ss_family: %d",
+ sin_svr.ss_family));
+ if( sin_svr.ss_family == AF_INET )
+ {
+ struct sockaddr_in *s = (struct sockaddr_in *)&sin_svr;
+ if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 )
+ // message was sent TO localhost interface
+ message->isFromRemoteHost = false;
+ }
+ if( sin_svr.ss_family == AF_INET6 )
+ {
+ char straddr[INET6_ADDRSTRLEN];
+ struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_svr;
+ static const unsigned char localhost_bytes[] =
+ { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 };
+ inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr));
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "svr IP address: %s",
+ straddr));
+ if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0)
+ // message was sent TO localhost interface
+ message->isFromRemoteHost = false;
+ }
+ }
+
+ PEG_TRACE((TRC_HTTP, Tracer::LEVEL4,
+ "isFromRemoteHost: %d",
+ message->isFromRemoteHost));
+
//
// The _closeConnection method sets the _connectionClosePending flag.
// If we are executing on the client side and the
diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig pegasus/src/Pegasus/Common/HTTPMessage.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig 2013-08-27 14:12:39.200097953 +0200
+++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2013-08-27 14:13:05.903196184 +0200
@@ -133,7 +133,8 @@ HTTPMessage::HTTPMessage(
authInfo(0),
acceptLanguagesDecoded(false),
2011-05-19 13:50:06 +00:00
contentLanguagesDecoded(false),
- binaryResponse(false)
+ binaryResponse(false),
+ isFromRemoteHost(true)
{
if (cimException_)
cimException = *cimException_;
diff -up pegasus/src/Pegasus/Common/HTTPMessage.h.orig pegasus/src/Pegasus/Common/HTTPMessage.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/HTTPMessage.h.orig 2013-08-27 14:13:16.272234342 +0200
+++ pegasus/src/Pegasus/Common/HTTPMessage.h 2013-08-27 14:13:52.605368078 +0200
2009-06-16 12:09:03 +00:00
@@ -73,6 +73,7 @@ public:
ContentLanguageList contentLanguages;
Boolean acceptLanguagesDecoded;
Boolean contentLanguagesDecoded;
+ Boolean isFromRemoteHost;
CIMException cimException;
2011-05-19 13:50:06 +00:00
bool binaryResponse;
diff -up pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig 2013-08-27 14:14:16.255455117 +0200
+++ pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp 2013-08-27 14:15:54.285815870 +0200
2009-06-16 12:09:03 +00:00
@@ -76,7 +76,7 @@ void testExecutorLoopbackImpl()
#endif
PEGASUS_TEST_ASSERT(Executor::authenticatePassword(
2013-09-03 10:30:53 +00:00
- "xnonexistentuserx", "wrongpassword") != 0);
+ "xnonexistentuserx", "wrongpassword", true) != 0);
PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") != 0);
char challengeFilePath[EXECUTOR_BUFFER_SIZE];
2009-06-16 12:09:03 +00:00
@@ -115,7 +115,7 @@ void testExecutorSocketImpl()
PEGASUS_TEST_ASSERT(Executor::reapProviderAgent(123) == 0);
PEGASUS_TEST_ASSERT(Executor::authenticatePassword(
- "xnonexistentuserx", "wrongpassword") == -1);
+ "xnonexistentuserx", "wrongpassword", true) == -1);
PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1);
char challengeFilePath[EXECUTOR_BUFFER_SIZE];
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig 2013-08-27 14:16:28.110940302 +0200
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2013-08-27 14:18:41.085429677 +0200
@@ -157,6 +157,7 @@ AuthenticationStatus BasicAuthentication
_basicAuthenticator->authenticate(
userName,
password,
+ authInfo->isRemoteUser(),
authInfo);
// Log audit message.
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig 2013-08-27 14:18:53.678475974 +0200
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2013-08-27 14:19:37.740638125 +0200
@@ -65,6 +65,7 @@ public:
virtual AuthenticationStatus authenticate(
2009-06-16 12:09:03 +00:00
const String& userName,
2013-09-03 10:30:53 +00:00
const String& password,
+ Boolean isRemoteUser,
AuthenticationInfo* authInfo) = 0;
/** Construct and return the HTTP Basic authentication challenge header
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig 2013-08-27 14:20:05.917741881 +0200
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2013-08-27 14:20:47.564895056 +0200
@@ -54,6 +54,7 @@ public:
AuthenticationStatus authenticate(
2009-06-16 12:09:03 +00:00
const String& userName,
2013-09-03 10:30:53 +00:00
const String& password,
+ Boolean isRemoteUser,
AuthenticationInfo* authInfo);
2013-09-03 10:30:53 +00:00
AuthenticationStatus validateUser(
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig 2013-08-27 14:20:55.805925482 +0200
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2013-08-27 14:21:25.421034454 +0200
@@ -74,6 +74,7 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
AuthenticationStatus PAMBasicAuthenticator::authenticate(
2009-06-16 12:09:03 +00:00
const String& userName,
2013-09-03 10:30:53 +00:00
const String& password,
+ Boolean isRemoteUser,
AuthenticationInfo* authInfo)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig 2013-08-27 14:21:41.870094885 +0200
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2013-08-27 14:22:36.012294104 +0200
@@ -66,6 +66,7 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
AuthenticationStatus PAMBasicAuthenticator::authenticate(
2009-06-16 12:09:03 +00:00
const String& userName,
2013-09-03 10:30:53 +00:00
const String& password,
+ Boolean isRemoteUser,
AuthenticationInfo* authInfo)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
2013-09-03 10:30:53 +00:00
@@ -74,7 +75,8 @@ AuthenticationStatus PAMBasicAuthenticat
int pam_rc =
Executor::authenticatePassword(
userName.getCString(),
- password.getCString());
+ password.getCString(),
+ isRemoteUser);
// return code of -1 will be translated to AUTHSC_UNAUTHORIZED
AuthenticationStatus authStatus = _getAuthStatusFromPAM_RC(pam_rc);
diff -up pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig 2013-08-27 14:22:56.429369205 +0200
+++ pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp 2013-08-27 14:23:20.267456931 +0200
@@ -237,7 +237,7 @@ AuthenticationStatus SecureBasicAuthenti
if (Executor::detectExecutor() == 0)
{
if (Executor::authenticatePassword(
- userName.getCString(), password.getCString()) == 0)
+ userName.getCString(), password.getCString(), true) == 0)
{
authenticated = true;
}
diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
2013-09-03 10:30:53 +00:00
--- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig 2013-08-27 14:23:47.293556300 +0200
+++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2013-08-27 14:24:18.748672110 +0200
@@ -430,6 +430,9 @@ void HTTPAuthenticatorDelegator::handleH
2009-06-16 12:09:03 +00:00
Tracer::LEVEL3,
"HTTPAuthenticatorDelegator - Authentication processing start");
+ // Let Authenticators know whether this user is Local or Remote:
+ httpMessage->authInfo->setRemoteUser( httpMessage->isFromRemoteHost );
+
//
// Handle authentication:
//