diff --git a/pegasus-2.6.1-local-or-remote-auth.patch b/pegasus-2.6.1-local-or-remote-auth.patch deleted file mode 100644 index 4fdba8e..0000000 --- a/pegasus-2.6.1-local-or-remote-auth.patch +++ /dev/null @@ -1,426 +0,0 @@ -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfo.h pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfo.h ---- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfo.h 2007-03-23 10:36:53.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfo.h 2007-08-17 11:18:15.000000000 -0700 -@@ -343,6 +343,22 @@ - return _rep->getRemotePrivilegedUserAccessChecked(); - } - -+ /** Indicate whether the user is Remote -+ */ -+ Boolean isRemoteUser() const -+ { -+ _checkRep(); -+ return _rep->isRemoteUser(); -+ } -+ -+ /** Set the Remote User flag -+ */ -+ void setRemoteUser(Boolean remoteUser) -+ { -+ _checkRep(); -+ _rep->setRemoteUser(remoteUser); -+ } -+ - private: - - AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep) -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.cpp pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.cpp 2007-03-23 10:36:53.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.cpp 2007-08-17 11:26:28.000000000 -0700 -@@ -51,7 +51,8 @@ - _privileged(false), - _authType(String::EMPTY), - _connectionAuthenticated(false), -- _wasRemotePrivilegedUserAccessChecked(false) -+ _wasRemotePrivilegedUserAccessChecked(false), -+ _remoteUser(true) - { - PEG_METHOD_ENTER( - TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep"); -@@ -59,6 +60,15 @@ - PEG_METHOD_EXIT(); - } - -+void AuthenticationInfoRep::setRemoteUser(Boolean remoteUser) -+{ -+ PEG_METHOD_ENTER(TRC_AUTHENTICATION, -+ "AuthenticationInfoRep::setRemoteUser"); -+ -+ _remoteUser = remoteUser; -+ -+ PEG_METHOD_EXIT(); -+} - - AuthenticationInfoRep::~AuthenticationInfoRep() - { -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.h pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.h ---- pegasus-2.6.1.orig/src/Pegasus/Common/AuthenticationInfoRep.h 2007-03-23 10:36:53.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/AuthenticationInfoRep.h 2007-08-17 11:18:15.000000000 -0700 -@@ -136,6 +136,13 @@ - void setSecurityAssociation(); - #endif - -+ Boolean isRemoteUser() const -+ { -+ return _remoteUser; -+ } -+ -+ void setRemoteUser(Boolean remoteUser); -+ - //PEP187 - Array getClientCertificateChain() - { -@@ -180,6 +187,7 @@ - Boolean _wasRemotePrivilegedUserAccessChecked; - - Array _clientCertificate; -+ Boolean _remoteUser; - }; - - PEGASUS_NAMESPACE_END -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPConnection.cpp pegasus-2.6.1/src/Pegasus/Common/HTTPConnection.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPConnection.cpp 2007-08-02 01:08:02.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/HTTPConnection.cpp 2007-08-17 11:18:15.000000000 -0700 -@@ -2042,6 +2042,30 @@ - #endif - } - -+ // Allow authenticators to differentiate Remote and Local users: -+ struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ... -+ socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in); -+ uint32_t sock = _socket.get()->getSocket() ; -+ memset(&sin_peer,'\0',slen1); -+ memset(&sin_svr, '\0',slen2); -+ if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 ) -+ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 ) -+ ) -+ { -+ if( sin_peer.sin_family == AF_INET ) -+ { -+ if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) -+ // message was sent FROM localhost interface -+ message->fromRemoteHost = false; -+ } -+ if( sin_svr.sin_family == AF_INET ) -+ { -+ if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) -+ // message was sent TO localhost interface -+ message->fromRemoteHost = false; -+ } -+ } -+ - // - // increment request count - // -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.cpp pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.cpp 2007-05-25 10:39:01.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.cpp 2007-08-17 11:18:15.000000000 -0700 -@@ -120,7 +120,8 @@ - queueId(queueId_), - authInfo(0), - acceptLanguagesDecoded(false), -- contentLanguagesDecoded(false) -+ contentLanguagesDecoded(false), -+ fromRemoteHost(true) - { - if (cimException_) - cimException = *cimException_; -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.h pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.h ---- pegasus-2.6.1.orig/src/Pegasus/Common/HTTPMessage.h 2007-05-25 10:39:01.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Common/HTTPMessage.h 2007-08-17 11:18:15.000000000 -0700 -@@ -75,6 +75,7 @@ - ContentLanguageList contentLanguages; - Boolean acceptLanguagesDecoded; - Boolean contentLanguagesDecoded; -+ Boolean fromRemoteHost; - CIMException cimException; - - void parse( -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2006-11-08 04:41:28.000000000 -0800 -+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2007-08-17 11:18:15.000000000 -0700 -@@ -139,7 +139,7 @@ - } - authInfo->setRemotePrivilegedUserAccessChecked(); - -- authenticated = _basicAuthenticator->authenticate(userName, password); -+ authenticated = _basicAuthenticator->authenticate(userName, password, authInfo->isRemoteUser()); - - // Log audit message. - PEG_AUDIT_LOG(logBasicAuthentication( -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticator.h pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticator.h ---- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2006-01-30 08:18:28.000000000 -0800 -+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2007-08-17 11:18:15.000000000 -0700 -@@ -67,7 +67,8 @@ - */ - virtual Boolean authenticate( - const String& userName, -- const String& password) = 0; -+ const String& password, -+ Boolean isRemoteUser) = 0; - - /** Construct and return the HTTP Basic authentication challenge header - @return A string containing the authentication challenge header. -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h ---- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2006-08-09 14:13:04.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2007-08-17 11:18:15.000000000 -0700 -@@ -73,7 +73,8 @@ - */ - Boolean authenticate( - const String& userName, -- const String& password); -+ const String& password, -+ Boolean isRemoteUser); - - /** Verify PAM account management for the requesting user. - @param userName String containing the user name -@@ -102,7 +103,8 @@ - - Boolean _authenticateByPAM( - const String& userName, -- const String& password); -+ const String& password, -+ Boolean isRemoteUser); - - void _createPAMStandalone(); - -@@ -158,7 +160,8 @@ - */ - Boolean authenticate( - const String& userName, -- const String& password); -+ const String& password, -+ Boolean isRemoteUser); - - /** Verify whether the user is valid. - @param userName String containing the user name -@@ -220,7 +223,8 @@ - - Boolean _authenticateByPAM( - const String& userName, -- const String& password); -+ const String& password, -+ Boolean isRemoteUser); - - #if defined(PEGASUS_USE_PAM_STANDALONE_PROC) - PAMBasicAuthenticatorStandAlone _pamBasicAuthenticatorStandAlone; -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2006-01-30 08:18:28.000000000 -0800 -+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2007-08-17 11:18:15.000000000 -0700 -@@ -92,7 +92,8 @@ - - Boolean PAMBasicAuthenticator::authenticate( - const String& userName, -- const String& password) -+ const String& password, -+ Boolean isRemoteUser) - { - PEG_METHOD_ENTER(TRC_AUTHENTICATION, - "PAMBasicAuthenticator::authenticate()"); -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2007-04-04 04:04:52.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2007-08-17 11:38:49.000000000 -0700 -@@ -48,6 +48,8 @@ - #include - #endif - -+#include -+ - #if defined (PEGASUS_USE_PAM_STANDALONE_PROC) - #include - #include -@@ -130,7 +132,8 @@ - - Boolean PAMBasicAuthenticator::authenticate( - const String& userName, -- const String& password) -+ const String& password, -+ Boolean isRemoteUser) - { - PEG_METHOD_ENTER(TRC_AUTHENTICATION, - "PAMBasicAuthenticator::authenticate()"); -@@ -138,7 +141,7 @@ - Boolean authenticated; - - #if !defined(PEGASUS_USE_PAM_STANDALONE_PROC) -- authenticated = _authenticateByPAM(userName, password); -+ authenticated = _authenticateByPAM(userName, password, isRemoteUser); - #else - // - // Mutex to Serialize Authentication calls. -@@ -156,7 +159,8 @@ - - Boolean PAMBasicAuthenticator::_authenticateByPAM( - const String& userName, -- const String& password) -+ const String& password, -+ Boolean isRemoteUser) - { - PEG_METHOD_ENTER(TRC_AUTHENTICATION, - "PAMBasicAuthenticator::_authenticateByPAM()"); -@@ -166,6 +170,7 @@ - pam_handle_t *phandle; - char *name; - APP_DATA mydata; -+ int retcode; - - // - // Store the password for PAM authentication -@@ -180,12 +185,28 @@ - // "PAMBasicAuthenticator::_authenticateByPAM() - userName = %s; userPassword = %s", - // (const char *)userName.getCString(), (const char *)password.getCString())); - -+ // NOTE: if any pam call should log anything, our syslog socket will be redirected -+ // to the AUTH facility, so we need to redirect it back after each pam call. -+ - // - //Call pam_start since you need to before making any other PAM calls - // -- if ( ( pam_start(service, -+ if ( ( retcode = pam_start(service, - (const char *)userName.getCString(), &pconv, &phandle) ) != PAM_SUCCESS ) - { -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog( LOG_ERR, "pam_start failed: %s", pam_strerror(phandle, retcode)); -+ PEG_METHOD_EXIT(); -+ return (authenticated); -+ } -+ -+ if ( (retcode = pam_set_item(phandle, PAM_TTY, isRemoteUser ? "wbemNetwork" : "wbemLocal")) != PAM_SUCCESS ) -+ { -+ pam_end(phandle, 0); -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog( LOG_ERR, "pam_set_item(PAM_TTY=wbem) failed: %s", pam_strerror(phandle, retcode)); - PEG_METHOD_EXIT(); - return (authenticated); - } -@@ -193,7 +214,7 @@ - // - //Call pam_authenticate to authenticate the user - // -- if ( ( pam_authenticate(phandle, 0) ) == PAM_SUCCESS ) -+ if ( ( retcode = pam_authenticate(phandle, 0) ) == PAM_SUCCESS ) - { - PEG_TRACE_CSTRING(TRC_AUTHENTICATION, Tracer::LEVEL4, - "pam_authenticate successful."); -@@ -202,21 +223,41 @@ - //checking for password and account expiration, as well as verifying access - //hour restrictions. - // -- if ( ( pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS ) -+ if ( ( retcode = pam_acct_mgmt(phandle, 0) ) == PAM_SUCCESS ) - { - PEG_TRACE_CSTRING(TRC_AUTHENTICATION, Tracer::LEVEL4, - "pam_acct_mgmt successful."); - authenticated = true; - } -+ else -+ { -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog(LOG_ERR, "pam_acct_mgmt failed: %s",pam_strerror(phandle, retcode)); -+ } -+ } -+ else -+ { -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog(LOG_ERR, "pam_authenticate failed: %s",pam_strerror(phandle, retcode)); - } - - // - //Call pam_end to end our PAM work - // - pam_end(phandle, 0); -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); - - PEG_METHOD_EXIT(); - -+ if ( ! authenticated ) -+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s", -+ isRemoteUser ? "remote" : "local", -+ (const char*)userName.getCString() -+ ); -+ - return (authenticated); - } - -@@ -232,6 +273,7 @@ - pam_handle_t *phandle; - char *name; - APP_DATA mydata; -+ int retcode; - - const char *service = "wbem"; - pconv.conv = PAMBasicAuthenticator::pamValidateUserCallback; -@@ -240,9 +282,22 @@ - // - // Call pam_start since you need to before making any other PAM calls - // -- if ( pam_start(service, -- (const char *)userName.getCString(), &pconv, &phandle) != PAM_SUCCESS) -+ if ( (retcode = pam_start(service, -+ (const char *)userName.getCString(), &pconv, &phandle)) != PAM_SUCCESS) -+ { -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog( LOG_ERR, "pam_start() failed: %s", pam_strerror(phandle, retcode)); -+ PEG_METHOD_EXIT(); -+ return (authenticated); -+ } -+ -+ if ( (retcode = pam_set_item(phandle, PAM_TTY, "wbemLocal")) != PAM_SUCCESS ) - { -+ pam_end(phandle, 0); -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog( LOG_ERR, "pam_set_item(PAM_TTY=wbemLocal) failed: %s", pam_strerror(phandle, retcode)); - PEG_METHOD_EXIT(); - return (authenticated); - } -@@ -252,16 +307,28 @@ - // checking for account expiration, as well as verifying access - // hour restrictions. - // -- if ( pam_acct_mgmt(phandle, 0) == PAM_SUCCESS ) -+ if ( (retcode = pam_acct_mgmt(phandle, 0)) == PAM_SUCCESS ) - { - authenticated = true; - } -+ else -+ { -+ pam_end(phandle, 0); -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ syslog( LOG_ERR, "pam_acct_mgmt() failed: %s", pam_strerror(phandle, retcode)); -+ PEG_METHOD_EXIT(); -+ return (authenticated); -+ } - - // - //Call pam_end to end our PAM work - // - pam_end(phandle, 0); - -+ closelog(); -+ openlog("cimserver", LOG_PID, LOG_DAEMON); -+ - #else - // - // Mutex to Serialize Authentication calls. -diff -Nur pegasus-2.6.1.orig/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp pegasus-2.6.1/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp ---- pegasus-2.6.1.orig/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2007-04-04 04:04:52.000000000 -0700 -+++ pegasus-2.6.1/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2007-08-17 11:18:15.000000000 -0700 -@@ -274,6 +274,9 @@ - } - } - -+ // Let Authenticators know whether this user is Local or Remote: -+ httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost ); -+ - // - // Handle authentication: - // diff --git a/pegasus-2.7.0-local-or-remote-auth.patch b/pegasus-2.7.0-local-or-remote-auth.patch new file mode 100644 index 0000000..b1c1c10 --- /dev/null +++ b/pegasus-2.7.0-local-or-remote-auth.patch @@ -0,0 +1,225 @@ +diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp +--- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old 2008-01-14 16:27:44.000000000 +0100 ++++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2008-01-14 16:30:46.000000000 +0100 +@@ -403,6 +403,9 @@ void HTTPAuthenticatorDelegator::handleH + Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, + "HTTPAuthenticatorDelegator - Authentication processing start")); + ++ // Let Authenticators know whether this user is Local or Remote: ++ httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost ); ++ + // + // Handle authentication: + // +diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h_old pegasus/src/Pegasus/Common/AuthenticationInfo.h +--- pegasus/src/Pegasus/Common/AuthenticationInfo.h_old 2008-01-14 16:03:49.000000000 +0100 ++++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2008-01-14 16:05:06.000000000 +0100 +@@ -356,6 +356,22 @@ public: + return _rep->getRemotePrivilegedUserAccessChecked(); + } + ++ /** Indicate whether the user is Remote ++ */ ++ Boolean isRemoteUser() const ++ { ++ _checkRep(); ++ return _rep->isRemoteUser(); ++ } ++ ++ /** Set the Remote User flag ++ */ ++ void setRemoteUser(Boolean remoteUser) ++ { ++ _checkRep(); ++ _rep->setRemoteUser(remoteUser); ++ } ++ + private: + + AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep) +diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp_old pegasus/src/Pegasus/Common/HTTPConnection.cpp +--- pegasus/src/Pegasus/Common/HTTPConnection.cpp_old 2008-01-14 16:08:30.000000000 +0100 ++++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2008-01-14 16:12:45.000000000 +0100 +@@ -2039,6 +2039,30 @@ void HTTPConnection::_handleReadEvent() + _incomingBuffer).get())); + } + ++ // Allow authenticators to differentiate Remote and Local users: ++ struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ... ++ socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in); ++ uint32_t sock = _socket.get()->getSocket() ; ++ memset(&sin_peer,'\0',slen1); ++ memset(&sin_svr, '\0',slen2); ++ if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 ) ++ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 ) ++ ) ++ { ++ if( sin_peer.sin_family == AF_INET ) ++ { ++ if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) ++ // message was sent FROM localhost interface ++ message->fromRemoteHost = false; ++ } ++ if( sin_svr.sin_family == AF_INET ) ++ { ++ if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 ) ++ // message was sent TO localhost interface ++ message->fromRemoteHost = false; ++ } ++ } ++ + // + // increment request count + // +diff -up pegasus/src/Pegasus/Common/HTTPMessage.h_old pegasus/src/Pegasus/Common/HTTPMessage.h +--- pegasus/src/Pegasus/Common/HTTPMessage.h_old 2008-01-14 16:13:39.000000000 +0100 ++++ pegasus/src/Pegasus/Common/HTTPMessage.h 2008-01-14 16:14:02.000000000 +0100 +@@ -75,6 +75,7 @@ public: + ContentLanguageList contentLanguages; + Boolean acceptLanguagesDecoded; + Boolean contentLanguagesDecoded; ++ Boolean fromRemoteHost; + CIMException cimException; + + void parse( +diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.h +--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old 2008-01-14 16:06:42.000000000 +0100 ++++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2008-01-14 16:08:22.000000000 +0100 +@@ -149,6 +149,13 @@ public: + void setSecurityAssociation(); + #endif + ++ Boolean isRemoteUser() const ++ { ++ return _remoteUser; ++ } ++ ++ void setRemoteUser(Boolean remoteUser); ++ + Array getClientCertificateChain() + { + return _clientCertificate; +@@ -192,6 +199,7 @@ private: + Boolean _wasRemotePrivilegedUserAccessChecked; + + Array _clientCertificate; ++ Boolean _remoteUser; + }; + + PEGASUS_NAMESPACE_END +diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp +--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old 2008-01-14 16:05:14.000000000 +0100 ++++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2008-01-14 16:06:34.000000000 +0100 +@@ -46,7 +46,8 @@ const String AuthenticationInfoRep::AUTH + + AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag) + : _connectionAuthenticated(false), +- _wasRemotePrivilegedUserAccessChecked(false) ++ _wasRemotePrivilegedUserAccessChecked(false), ++ _remoteUser(true) + { + PEG_METHOD_ENTER( + TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep"); +@@ -54,6 +55,16 @@ AuthenticationInfoRep::AuthenticationInf + PEG_METHOD_EXIT(); + } + ++void AuthenticationInfoRep::setRemoteUser(Boolean remoteUser) ++{ ++ PEG_METHOD_ENTER(TRC_AUTHENTICATION, ++ "AuthenticationInfoRep::setRemoteUser"); ++ ++ _remoteUser = remoteUser; ++ ++ PEG_METHOD_EXIT(); ++} ++ + AuthenticationInfoRep::~AuthenticationInfoRep() + { + PEG_METHOD_ENTER( +diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp_old pegasus/src/Pegasus/Common/HTTPMessage.cpp +--- pegasus/src/Pegasus/Common/HTTPMessage.cpp_old 2008-01-14 16:13:00.000000000 +0100 ++++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2008-01-14 16:13:27.000000000 +0100 +@@ -120,7 +120,8 @@ HTTPMessage::HTTPMessage( + queueId(queueId_), + authInfo(0), + acceptLanguagesDecoded(false), +- contentLanguagesDecoded(false) ++ contentLanguagesDecoded(false), ++ fromRemoteHost(true) + { + if (cimException_) + cimException = *cimException_; +diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h +--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old 2008-01-14 16:15:56.000000000 +0100 ++++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2008-01-14 16:16:41.000000000 +0100 +@@ -55,7 +55,8 @@ public: + + Boolean authenticate( + const String& userName, +- const String& password); ++ const String& password, ++ Boolean isRemoteUser); + + Boolean validateUser(const String& userName); + +diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp +--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old 2008-01-14 16:22:01.000000000 +0100 ++++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2008-01-14 16:22:31.000000000 +0100 +@@ -85,7 +85,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti + + Boolean PAMBasicAuthenticator::authenticate( + const String& userName, +- const String& password) ++ const String& password, ++ Boolean isRemoteUser) + { + PEG_METHOD_ENTER(TRC_AUTHENTICATION, + "PAMBasicAuthenticator::authenticate()"); +diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h +--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old 2008-01-14 16:14:59.000000000 +0100 ++++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2008-01-14 16:15:46.000000000 +0100 +@@ -67,7 +67,8 @@ public: + */ + virtual Boolean authenticate( + const String& userName, +- const String& password) = 0; ++ const String& password, ++ Boolean isRemoteUser) = 0; + + /** Construct and return the HTTP Basic authentication challenge header + @return A string containing the authentication challenge header. +diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp +--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old 2008-01-14 16:22:42.000000000 +0100 ++++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2008-01-14 16:25:46.000000000 +0100 +@@ -36,6 +36,8 @@ + #include + #include "PAMBasicAuthenticator.h" + ++#include ++ + PEGASUS_USING_STD; + + PEGASUS_NAMESPACE_BEGIN +@@ -72,7 +74,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti + + Boolean PAMBasicAuthenticator::authenticate( + const String& userName, +- const String& password) ++ const String& password, ++ Boolean isRemoteUser) + { + PEG_METHOD_ENTER(TRC_AUTHENTICATION, + "PAMBasicAuthenticator::authenticate()"); +diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp +--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old 2008-01-14 16:14:09.000000000 +0100 ++++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2008-01-14 16:14:42.000000000 +0100 +@@ -164,7 +164,7 @@ Boolean BasicAuthenticationHandler::auth + } + authInfo->setRemotePrivilegedUserAccessChecked(); + +- authenticated = _basicAuthenticator->authenticate(userName, password); ++ authenticated = _basicAuthenticator->authenticate(userName, password, authInfo->isRemoteUser()); + + // Log audit message. + PEG_AUDIT_LOG(logBasicAuthentication( diff --git a/pegasus-2.7.0-no_snmp_tests.patch b/pegasus-2.7.0-no_snmp_tests.patch new file mode 100644 index 0000000..b7045df --- /dev/null +++ b/pegasus-2.7.0-no_snmp_tests.patch @@ -0,0 +1,35 @@ +diff -up pegasus/Makefile.ReleaseTest_old pegasus/Makefile.ReleaseTest +--- pegasus/Makefile.ReleaseTest_old 2008-01-15 14:18:29.000000000 +0100 ++++ pegasus/Makefile.ReleaseTest 2008-01-15 14:23:30.000000000 +0100 +@@ -130,6 +130,7 @@ POSTSTARTTEST_CMDS = \ + $(PEGASUS_TEST_DIR)/bin/TestIndicationStressTest@@IndicationStressTestClass@@test/TestProvider@@cleanup + + ifdef PEGASUS_USE_NET_SNMP ++ POSTSTARTTEST_CMDS_NO_SNMP := $(POSTSTARTTEST_CMDS) + POSTSTARTTEST_CMDS += \ + $(PEGASUS_TEST_DIR)/bin/TestSnmpHandler@@setup@@WQL \ + $(PEGASUS_TEST_DIR)/bin/TestSnmpHandler@@run@@4@@2 \ +@@ -206,10 +207,23 @@ createMakefile_poststarttests: + @$(ECHO-E) "poststarttests:" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile + @$(ECHO-E) "\t@$(MAKE) -s poststarttests_internal\n" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile + @$(ECHO-E) "poststarttests_internal:" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ifdef PEGASUS_USE_NET_SNMP ++ @$(foreach i, $(POSTSTARTTEST_CMDS_NO_SNMP), $(ECHO-E) "\t$(subst @@, ,$(i))" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile;) ++else + @$(foreach i, $(POSTSTARTTEST_CMDS), $(ECHO-E) "\t$(subst @@, ,$(i))" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile;) + @$(ECHO-E) "" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++endif + + createMakefile_tests: ++ifdef PEGASUS_USE_NET_SNMP ++ @$(ECHO-E) "# To test OpenPegasus with net-snmp support, please setup net-snmp" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "# and uncomment following four lines." >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "#\t/usr/share/Pegasus/test/bin/TestSnmpHandler setup WQL" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "#\t/usr/share/Pegasus/test/bin/TestSnmpHandler run 4 2" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "#\t/usr/share/Pegasus/test/bin/TestSnmpHandler cleanup" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "#\t/usr/share/Pegasus/test/bin/TestSnmpHandler removelog" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++ @$(ECHO-E) "" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile ++endif + @$(ECHO-E) "###############################################################################" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile + @$(ECHO-E) "# The tests target stops the cimserver, runs the unit tests, starts the" >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile + @$(ECHO-E) "# cimserver, and runs the poststarttests and local TestClient." >> $(PEGASUS_STAGING_DIR)$(PEGASUS_TEST_DIR)/Makefile diff --git a/tog-pegasus.spec b/tog-pegasus.spec index 6618ffd..2635bd3 100644 --- a/tog-pegasus.spec +++ b/tog-pegasus.spec @@ -41,7 +41,7 @@ %endif Version: 2.7.0 -Release: 4%{?dist} +Release: 5%{?dist} Epoch: 2 # Summary: OpenPegasus WBEM Services for Linux @@ -69,7 +69,7 @@ Patch3: pegasus-2.7.0-redhat-config.patch # 4: don't see how http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5099 fixed it Patch4: pegasus-2.6.0-cmpi-provider-lib.patch # 5: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5010 -Patch5: pegasus-2.6.1-local-or-remote-auth.patch +Patch5: pegasus-2.7.0-local-or-remote-auth.patch # 6: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5012 Patch6: pegasus-2.5.1-pam-wbem.patch # 7: http://cvs.rdg.opengroup.org/bugzilla/show_bug.cgi?id=5006 @@ -78,6 +78,7 @@ Patch8: pegasus-2.6.0-multilib.patch Patch9: pegasus-2.6.0-cimuser.patch Patch10: pegasus-2.7.0-cmpiheaders.patch Patch11: pegasus-2.7.0-no_privilege_separation.patch +Patch12: pegasus-2.7.0-no_snmp_tests.patch # Conflicts: openwbem Provides: tog-pegasus-cimserver @@ -138,13 +139,14 @@ The OpenPegasus WBEM tests for the OpenPegasus %{version} Linux rpm. %patch2 -p1 -b .PIE %patch3 -p1 -b .redhat-config %patch4 -p1 -b .cmpi-provider-lib -#%patch5 -p1 -b .local-or-remote-auth +%patch5 -p1 -b .local-or-remote-auth %patch6 -p1 -b .pam-wbem %patch7 -p1 -b .fix-tests %patch8 -p1 -b .multilib %patch9 -p1 -b .cimuser %patch10 -p1 -b .cmpiheaders %patch11 -p1 -b .no_privilege_separation +%patch12 -p1 -b .no_snmp_tests find . -name 'CVS' -exec /bin/rm -rf '{}' ';' >/dev/null 2>&1 ||:; %build @@ -440,6 +442,9 @@ fi %changelog +* Mon Jan 21 2008 Vitezslav Crhonek - 2:2.7.0-5 +- No snmp tests in Test RPM + * Thu Jan 10 2008 Vitezslav Crhonek - 2:2.7.0-4 - Fix Test RPM