diff -up pegasus/src/Executor/Messages.h.orig pegasus/src/Executor/Messages.h --- pegasus/src/Executor/Messages.h.orig 2015-03-31 14:49:58.125082973 +0200 +++ pegasus/src/Executor/Messages.h 2015-03-31 14:50:29.243214138 +0200 @@ -199,6 +199,7 @@ struct ExecutorAuthenticatePasswordReque { char username[EXECUTOR_BUFFER_SIZE]; char password[EXECUTOR_BUFFER_SIZE]; + Boolean isRemoteUser; }; struct ExecutorAuthenticatePasswordResponse diff -up pegasus/src/Executor/PAMAuth.h.orig pegasus/src/Executor/PAMAuth.h --- pegasus/src/Executor/PAMAuth.h.orig 2015-03-31 14:50:48.589295683 +0200 +++ pegasus/src/Executor/PAMAuth.h 2015-03-31 14:57:25.561982718 +0200 @@ -49,6 +49,9 @@ #include #include +#include +typedef bool Boolean; + #ifdef PEGASUS_FLAVOR # define PAM_CONFIG_FILE "wbem" PEGASUS_FLAVOR #else @@ -397,7 +400,7 @@ static int PAMValidateUserCallback( */ static int PAMAuthenticateInProcess( - const char* username, const char* password) + const char* username, const char* password, const Boolean isRemoteUser) { PAMData data; struct pam_conv pconv; @@ -412,24 +415,54 @@ static int PAMAuthenticateInProcess( /* intentionally for testing purposes */ /* return PAM_SERVICE_ERR; */ - pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &handle); + // NOTE: if any pam call should log anything, our syslog socket will be redirected + // to the AUTH facility, so we need to redirect it back after each pam call. + + if ((pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &handle)) != PAM_SUCCESS) + { + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_start failed: %s", pam_strerror(handle, pam_rc)); + syslog(LOG_ERR, "PAM authentication failed for %s user: %s", + isRemoteUser ? "remote" : "local", username); + return -1; + } - if (pam_rc != PAM_SUCCESS) + if ((pam_rc = pam_set_item(handle, PAM_TTY, isRemoteUser ? "wbemNetwork" : "wbemLocal")) != PAM_SUCCESS) { - return pam_rc; + pam_end(handle, 0); + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_set_item(PAM_TTY=wbem) failed: %s", pam_strerror(handle, pam_rc)); + syslog(LOG_ERR, "PAM authentication failed for %s user: %s", + isRemoteUser ? "remote" : "local", username); + return -1; } - pam_rc = pam_authenticate(handle, 0); - if (pam_rc != PAM_SUCCESS) + if ((pam_rc = pam_authenticate(handle, 0)) != PAM_SUCCESS) { pam_end(handle, 0); - return pam_rc; + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_authenticate failed: %s",pam_strerror(handle, pam_rc)); + syslog(LOG_ERR, "PAM authentication failed for %s user: %s", + isRemoteUser ? "remote" : "local", username); + return -1; } - pam_rc = pam_acct_mgmt(handle, 0); + if ((pam_rc = pam_acct_mgmt(handle, 0)) != PAM_SUCCESS) + { + pam_end(handle, 0); + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_acct_mgmt failed: %s",pam_strerror(handle, pam_rc)); + syslog(LOG_ERR, "PAM authentication failed for %s user: %s", + isRemoteUser ? "remote" : "local", username); + return -1; + } pam_end(handle, 0); - return pam_rc; + return 0; } /* @@ -452,16 +485,34 @@ static int PAMValidateUserInProcess(cons pconv.conv = PAMValidateUserCallback; pconv.appdata_ptr = &data; - pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &phandle); - if (pam_rc != PAM_SUCCESS) + if ((pam_rc = pam_start(PAM_CONFIG_FILE, username, &pconv, &phandle)) != PAM_SUCCESS) + { + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_start() failed: %s", pam_strerror(phandle, pam_rc)); + return -1; + } + + if ((pam_rc = pam_set_item(phandle, PAM_TTY, "wbemLocal")) != PAM_SUCCESS) { - return pam_rc; + pam_end(phandle, 0); + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_set_item(PAM_TTY=wbemLocal) failed: %s", pam_strerror(phandle, pam_rc)); + return -1; } - pam_rc = pam_acct_mgmt(phandle, 0); + if ((pam_rc = pam_acct_mgmt(phandle, 0)) != PAM_SUCCESS) + { + pam_end(phandle, 0); + closelog(); + openlog("cimserver", LOG_PID, LOG_DAEMON); + syslog(LOG_ERR, "pam_acct_mgmt() failed: %s", pam_strerror(phandle, pam_rc)); + return -1; + } pam_end(phandle, 0); - return pam_rc; + return 0; } /* @@ -474,12 +525,12 @@ static int PAMValidateUserInProcess(cons **============================================================================== */ -static int PAMAuthenticate(const char* username, const char* password) +static int PAMAuthenticate(const char* username, const char* password, const Boolean isRemoteUser) { #ifdef PEGASUS_USE_PAM_STANDALONE_PROC return CimserveraProcessOperation("authenticate", username, password); #else - return PAMAuthenticateInProcess(username, password); + return PAMAuthenticateInProcess(username, password, isRemoteUser); #endif } diff -up pegasus/src/Executor/Parent.c.orig pegasus/src/Executor/Parent.c --- pegasus/src/Executor/Parent.c.orig 2015-03-31 14:57:37.595034076 +0200 +++ pegasus/src/Executor/Parent.c 2015-03-31 14:58:11.034176796 +0200 @@ -634,7 +634,7 @@ static void HandleAuthenticatePasswordRe #if defined(PEGASUS_PAM_AUTHENTICATION) - status = PAMAuthenticate(request.username, request.password); + status = PAMAuthenticate(request.username, request.password, request.isRemoteUser); if (status == PAM_SUCCESS) { diff -up pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c --- pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig 2015-03-31 14:58:30.460259707 +0200 +++ pegasus/src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c 2015-03-31 14:58:55.882368210 +0200 @@ -49,7 +49,7 @@ int main() sprintf(prompt, "Enter password for %s: ", PEGASUS_CIMSERVERMAIN_USER); pw = getpass(prompt); - if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw) == 0) + if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw, 0) == 0) printf("Correct password\n"); else printf("Wrong password\n"); diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig pegasus/src/Pegasus/Common/AuthenticationInfo.h --- pegasus/src/Pegasus/Common/AuthenticationInfo.h.orig 2015-03-31 14:59:10.875432201 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2015-03-31 15:00:03.130655230 +0200 @@ -348,6 +348,22 @@ public: _rep->setAuthHandle(authHandle); } + /** Indicate whether the user is Remote + */ + Boolean isRemoteUser() const + { + CheckRep(_rep); + return _rep->isRemoteUser(); + } + + /** Set the Remote User flag + */ + void setRemoteUser(Boolean isRemoteUser) + { + CheckRep(_rep); + _rep->setRemoteUser(isRemoteUser); + } + AuthHandle getAuthHandle() { CheckRep(_rep); diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp --- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp.orig 2015-03-31 15:00:26.267753980 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2015-03-31 15:01:53.018124238 +0200 @@ -48,6 +48,7 @@ const String AuthenticationInfoRep::AUTH AuthenticationInfoRep::AuthenticationInfoRep() : _connectionAuthenticated(false), _wasRemotePrivilegedUserAccessChecked(false), + _isRemoteUser(true), _authHandle(), _isExpiredPassword(false) #ifdef PEGASUS_ENABLE_SESSION_COOKIES @@ -86,6 +87,16 @@ AuthenticationInfoRep::~AuthenticationIn PEG_METHOD_EXIT(); } + +void AuthenticationInfoRep::setRemoteUser(Boolean isRemoteUser) +{ + PEG_METHOD_ENTER(TRC_AUTHENTICATION, + "AuthenticationInfoRep::setRemoteUser"); + + _isRemoteUser = isRemoteUser; + + PEG_METHOD_EXIT(); +} void AuthenticationInfoRep::setConnectionAuthenticated( Boolean connectionAuthenticated) diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig pegasus/src/Pegasus/Common/AuthenticationInfoRep.h --- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h.orig 2015-03-31 15:02:17.868230300 +0200 +++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2015-03-31 15:03:53.065636608 +0200 @@ -148,6 +148,13 @@ public: } #endif //PEGASUS_NEGOTIATE_AUTHENTICATION + Boolean isRemoteUser() const + { + return _isRemoteUser; + } + + void setRemoteUser(Boolean isRemoteUser); + Array getClientCertificateChain() { return _clientCertificate; @@ -233,6 +240,8 @@ private: Array _clientCertificate; + Boolean _isRemoteUser; + AuthHandle _authHandle; String _userRole; Boolean _isExpiredPassword; diff -up pegasus/src/Pegasus/Common/Executor.cpp.orig pegasus/src/Pegasus/Common/Executor.cpp --- pegasus/src/Pegasus/Common/Executor.cpp.orig 2015-03-31 15:04:10.843712487 +0200 +++ pegasus/src/Pegasus/Common/Executor.cpp 2015-03-31 15:08:16.953762900 +0200 @@ -126,7 +126,8 @@ public: virtual int authenticatePassword( const char* username, - const char* password) = 0; + const char* password, + Boolean isRemoteUser) = 0; virtual int validateUser( const char* username) = 0; @@ -562,9 +563,10 @@ public: #if defined(PEGASUS_PAM_AUTHENTICATION) virtual int authenticatePassword( const char* username, - const char* password) + const char* password, + Boolean isRemoteUser) { - return PAMAuthenticate(username, password); + return PAMAuthenticate(username, password, isRemoteUser); } virtual int validateUser( @@ -912,7 +914,8 @@ public: virtual int authenticatePassword( const char* username, - const char* password) + const char* password, + Boolean isRemoteUser) { AutoMutex autoMutex(_mutex); @@ -930,6 +933,7 @@ public: memset(&request, 0, sizeof(request)); Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE); Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE); + request.isRemoteUser = isRemoteUser; if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request)) return -1; @@ -1181,10 +1185,11 @@ int Executor::reapProviderAgent( int Executor::authenticatePassword( const char* username, - const char* password) + const char* password, + Boolean isRemoteUser) { once(&_executorImplOnce, _initExecutorImpl); - return _executorImpl->authenticatePassword(username, password); + return _executorImpl->authenticatePassword(username, password, isRemoteUser); } int Executor::validateUser( diff -up pegasus/src/Pegasus/Common/Executor.h.orig pegasus/src/Pegasus/Common/Executor.h --- pegasus/src/Pegasus/Common/Executor.h.orig 2015-03-31 15:08:26.668804365 +0200 +++ pegasus/src/Pegasus/Common/Executor.h 2015-03-31 15:08:46.535889158 +0200 @@ -184,7 +184,8 @@ public: */ static int authenticatePassword( const char* username, - const char* password); + const char* password, + Boolean isRemoteUser); /** Check whether the given user is valid for the underlying authentcation mechanism. diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig pegasus/src/Pegasus/Common/HTTPConnection.cpp --- pegasus/src/Pegasus/Common/HTTPConnection.cpp.orig 2015-03-31 15:09:05.706970982 +0200 +++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2015-03-31 15:10:08.472238867 +0200 @@ -2295,6 +2295,70 @@ void HTTPConnection::_handleReadEvent() message->contentLanguages = contentLanguages; message->dest = _outputMessageQueue->getQueueId(); + // Allow authenticators to differentiate Remote and Local users: + struct sockaddr_storage sin_peer, sin_svr; + socklen_t slen1 = sizeof (struct sockaddr_storage), slen2 = sizeof (struct sockaddr_storage); + uint32_t sock = _socket.get()->getSocket() ; + memset(&sin_peer,'\0',slen1); + memset(&sin_svr, '\0',slen2); + if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 ) + ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 ) + ) + { + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4, + "sin_peer.ss_family: %d", + sin_peer.ss_family)); + if( sin_peer.ss_family == AF_INET ) + { + struct sockaddr_in *s = (struct sockaddr_in *)&sin_peer; + if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 ) + // message was sent FROM localhost interface + message->isFromRemoteHost = false; + } + if( sin_peer.ss_family == AF_INET6 ) + { + char straddr[INET6_ADDRSTRLEN]; + struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_peer; + static const unsigned char localhost_bytes[] = + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; + inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr)); + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4, + "Peer IP address: %s", + straddr)); + if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0) + // message was sent FROM localhost interface + message->isFromRemoteHost = false; + } + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4, + "sin_svr.ss_family: %d", + sin_svr.ss_family)); + if( sin_svr.ss_family == AF_INET ) + { + struct sockaddr_in *s = (struct sockaddr_in *)&sin_svr; + if( ((ntohl( s->sin_addr.s_addr ) >> 24) & 0xff) == 127 ) + // message was sent TO localhost interface + message->isFromRemoteHost = false; + } + if( sin_svr.ss_family == AF_INET6 ) + { + char straddr[INET6_ADDRSTRLEN]; + struct sockaddr_in6 *s = (struct sockaddr_in6 *)&sin_svr; + static const unsigned char localhost_bytes[] = + { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1 }; + inet_ntop(AF_INET6, &s->sin6_addr, straddr, sizeof(straddr)); + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4, + "svr IP address: %s", + straddr)); + if(memcmp(s->sin6_addr.s6_addr, localhost_bytes, 16) == 0) + // message was sent TO localhost interface + message->isFromRemoteHost = false; + } + } + + PEG_TRACE((TRC_HTTP, Tracer::LEVEL4, + "isFromRemoteHost: %d", + message->isFromRemoteHost)); + // // The _closeConnection method sets the _connectionClosePending flag. // If we are executing on the client side and the diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig pegasus/src/Pegasus/Common/HTTPMessage.cpp --- pegasus/src/Pegasus/Common/HTTPMessage.cpp.orig 2015-03-31 15:10:32.186340162 +0200 +++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2015-03-31 15:11:00.008459185 +0200 @@ -133,7 +133,8 @@ HTTPMessage::HTTPMessage( authInfo(0), acceptLanguagesDecoded(false), contentLanguagesDecoded(false), - binaryResponse(false) + binaryResponse(false), + isFromRemoteHost(true) { if (cimException_) cimException = *cimException_; diff -up pegasus/src/Pegasus/Common/HTTPMessage.h.orig pegasus/src/Pegasus/Common/HTTPMessage.h --- pegasus/src/Pegasus/Common/HTTPMessage.h.orig 2015-03-31 15:11:13.706517786 +0200 +++ pegasus/src/Pegasus/Common/HTTPMessage.h 2015-03-31 15:11:33.528602586 +0200 @@ -73,6 +73,7 @@ public: ContentLanguageList contentLanguages; Boolean acceptLanguagesDecoded; Boolean contentLanguagesDecoded; + Boolean isFromRemoteHost; CIMException cimException; bool binaryResponse; diff -up pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp --- pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig 2015-03-31 15:11:50.617675692 +0200 +++ pegasus/src/Pegasus/Common/tests/Executor/TestExecutor.cpp 2015-03-31 15:12:49.031925589 +0200 @@ -76,7 +76,7 @@ void testExecutorLoopbackImpl() #endif PEGASUS_TEST_ASSERT(Executor::authenticatePassword( - "xnonexistentuserx", "wrongpassword") != 0); + "xnonexistentuserx", "wrongpassword", true) != 0); PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") != 0); char challengeFilePath[EXECUTOR_BUFFER_SIZE]; @@ -115,7 +115,7 @@ void testExecutorSocketImpl() PEGASUS_TEST_ASSERT(Executor::reapProviderAgent(123) == 0); PEGASUS_TEST_ASSERT(Executor::authenticatePassword( - "xnonexistentuserx", "wrongpassword") == -1); + "xnonexistentuserx", "wrongpassword", true) == -1); PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1); char challengeFilePath[EXECUTOR_BUFFER_SIZE]; diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp --- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig 2015-03-31 15:12:58.057964203 +0200 +++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2015-03-31 15:13:19.591056322 +0200 @@ -159,6 +159,7 @@ AuthenticationStatus BasicAuthentication _basicAuthenticator->authenticate( userName, password, + authInfo->isRemoteUser(), authInfo); // Log audit message. diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h --- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig 2015-03-31 15:13:32.889113211 +0200 +++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2015-03-31 15:13:51.240191720 +0200 @@ -65,6 +65,7 @@ public: virtual AuthenticationStatus authenticate( const String& userName, const String& password, + Boolean isRemoteUser, AuthenticationInfo* authInfo) = 0; /** Construct and return the HTTP Basic authentication challenge header diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig 2015-03-31 15:14:04.185247096 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2015-03-31 15:14:20.391316426 +0200 @@ -54,6 +54,7 @@ public: AuthenticationStatus authenticate( const String& userName, const String& password, + Boolean isRemoteUser, AuthenticationInfo* authInfo); AuthenticationStatus validateUser( diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig 2015-03-31 15:14:32.937370098 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2015-03-31 15:14:52.631454350 +0200 @@ -74,6 +74,7 @@ PAMBasicAuthenticator::~PAMBasicAuthenti AuthenticationStatus PAMBasicAuthenticator::authenticate( const String& userName, const String& password, + Boolean isRemoteUser, AuthenticationInfo* authInfo) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp --- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig 2015-03-31 15:15:08.521522327 +0200 +++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2015-03-31 15:15:49.255696589 +0200 @@ -66,6 +66,7 @@ PAMBasicAuthenticator::~PAMBasicAuthenti AuthenticationStatus PAMBasicAuthenticator::authenticate( const String& userName, const String& password, + Boolean isRemoteUser, AuthenticationInfo* authInfo) { PEG_METHOD_ENTER(TRC_AUTHENTICATION, @@ -74,7 +75,8 @@ AuthenticationStatus PAMBasicAuthenticat int pam_rc = Executor::authenticatePassword( userName.getCString(), - password.getCString()); + password.getCString(), + isRemoteUser); // return code of -1 will be translated to AUTHSC_UNAUTHORIZED AuthenticationStatus authStatus = _getAuthStatusFromPAM_RC(pam_rc); diff -up pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp --- pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig 2015-03-31 15:16:03.097755805 +0200 +++ pegasus/src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp 2015-03-31 15:16:24.758848473 +0200 @@ -239,7 +239,7 @@ AuthenticationStatus SecureBasicAuthenti if (Executor::detectExecutor() == 0) { if (Executor::authenticatePassword( - userName.getCString(), password.getCString()) == 0) + userName.getCString(), password.getCString(), true) == 0) { authenticated = true; } diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp --- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig 2015-03-31 15:16:39.848913028 +0200 +++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2015-03-31 15:17:21.079089410 +0200 @@ -431,6 +431,9 @@ void HTTPAuthenticatorDelegator::handleH Tracer::LEVEL3, "HTTPAuthenticatorDelegator - Authentication processing start"); + // Let Authenticators know whether this user is Local or Remote: + httpMessage->authInfo->setRemoteUser( httpMessage->isFromRemoteHost ); + // // Handle authentication: //