226 lines
9.6 KiB
Diff
226 lines
9.6 KiB
Diff
diff -up pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
|
|
--- pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp_old 2008-01-14 16:27:44.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp 2008-01-14 16:30:46.000000000 +0100
|
|
@@ -403,6 +403,9 @@ void HTTPAuthenticatorDelegator::handleH
|
|
Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE,
|
|
"HTTPAuthenticatorDelegator - Authentication processing start"));
|
|
|
|
+ // Let Authenticators know whether this user is Local or Remote:
|
|
+ httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost );
|
|
+
|
|
//
|
|
// Handle authentication:
|
|
//
|
|
diff -up pegasus/src/Pegasus/Common/AuthenticationInfo.h_old pegasus/src/Pegasus/Common/AuthenticationInfo.h
|
|
--- pegasus/src/Pegasus/Common/AuthenticationInfo.h_old 2008-01-14 16:03:49.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/AuthenticationInfo.h 2008-01-14 16:05:06.000000000 +0100
|
|
@@ -356,6 +356,22 @@ public:
|
|
return _rep->getRemotePrivilegedUserAccessChecked();
|
|
}
|
|
|
|
+ /** Indicate whether the user is Remote
|
|
+ */
|
|
+ Boolean isRemoteUser() const
|
|
+ {
|
|
+ _checkRep();
|
|
+ return _rep->isRemoteUser();
|
|
+ }
|
|
+
|
|
+ /** Set the Remote User flag
|
|
+ */
|
|
+ void setRemoteUser(Boolean remoteUser)
|
|
+ {
|
|
+ _checkRep();
|
|
+ _rep->setRemoteUser(remoteUser);
|
|
+ }
|
|
+
|
|
private:
|
|
|
|
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
|
|
diff -up pegasus/src/Pegasus/Common/HTTPConnection.cpp_old pegasus/src/Pegasus/Common/HTTPConnection.cpp
|
|
--- pegasus/src/Pegasus/Common/HTTPConnection.cpp_old 2008-01-14 16:08:30.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/HTTPConnection.cpp 2008-01-14 16:12:45.000000000 +0100
|
|
@@ -2039,6 +2039,30 @@ void HTTPConnection::_handleReadEvent()
|
|
_incomingBuffer).get()));
|
|
}
|
|
|
|
+ // Allow authenticators to differentiate Remote and Local users:
|
|
+ struct sockaddr_in sin_peer, sin_svr; // don't need to worry about IPv6 yet ...
|
|
+ socklen_t slen1=sizeof(struct sockaddr_in), slen2=sizeof(struct sockaddr_in);
|
|
+ uint32_t sock = _socket.get()->getSocket() ;
|
|
+ memset(&sin_peer,'\0',slen1);
|
|
+ memset(&sin_svr, '\0',slen2);
|
|
+ if ( ( ::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 )
|
|
+ ||( ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0 )
|
|
+ )
|
|
+ {
|
|
+ if( sin_peer.sin_family == AF_INET )
|
|
+ {
|
|
+ if( ((ntohl( sin_peer.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
|
|
+ // message was sent FROM localhost interface
|
|
+ message->fromRemoteHost = false;
|
|
+ }
|
|
+ if( sin_svr.sin_family == AF_INET )
|
|
+ {
|
|
+ if( ((ntohl( sin_svr.sin_addr.s_addr ) >> 24) & 0xff) == 127 )
|
|
+ // message was sent TO localhost interface
|
|
+ message->fromRemoteHost = false;
|
|
+ }
|
|
+ }
|
|
+
|
|
//
|
|
// increment request count
|
|
//
|
|
diff -up pegasus/src/Pegasus/Common/HTTPMessage.h_old pegasus/src/Pegasus/Common/HTTPMessage.h
|
|
--- pegasus/src/Pegasus/Common/HTTPMessage.h_old 2008-01-14 16:13:39.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/HTTPMessage.h 2008-01-14 16:14:02.000000000 +0100
|
|
@@ -75,6 +75,7 @@ public:
|
|
ContentLanguageList contentLanguages;
|
|
Boolean acceptLanguagesDecoded;
|
|
Boolean contentLanguagesDecoded;
|
|
+ Boolean fromRemoteHost;
|
|
CIMException cimException;
|
|
|
|
void parse(
|
|
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.h
|
|
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.h_old 2008-01-14 16:06:42.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.h 2008-01-14 16:08:22.000000000 +0100
|
|
@@ -149,6 +149,13 @@ public:
|
|
void setSecurityAssociation();
|
|
#endif
|
|
|
|
+ Boolean isRemoteUser() const
|
|
+ {
|
|
+ return _remoteUser;
|
|
+ }
|
|
+
|
|
+ void setRemoteUser(Boolean remoteUser);
|
|
+
|
|
Array<SSLCertificateInfo*> getClientCertificateChain()
|
|
{
|
|
return _clientCertificate;
|
|
@@ -192,6 +199,7 @@ private:
|
|
Boolean _wasRemotePrivilegedUserAccessChecked;
|
|
|
|
Array<SSLCertificateInfo*> _clientCertificate;
|
|
+ Boolean _remoteUser;
|
|
};
|
|
|
|
PEGASUS_NAMESPACE_END
|
|
diff -up pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp
|
|
--- pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp_old 2008-01-14 16:05:14.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/AuthenticationInfoRep.cpp 2008-01-14 16:06:34.000000000 +0100
|
|
@@ -46,7 +46,8 @@ const String AuthenticationInfoRep::AUTH
|
|
|
|
AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag)
|
|
: _connectionAuthenticated(false),
|
|
- _wasRemotePrivilegedUserAccessChecked(false)
|
|
+ _wasRemotePrivilegedUserAccessChecked(false),
|
|
+ _remoteUser(true)
|
|
{
|
|
PEG_METHOD_ENTER(
|
|
TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep");
|
|
@@ -54,6 +55,16 @@ AuthenticationInfoRep::AuthenticationInf
|
|
PEG_METHOD_EXIT();
|
|
}
|
|
|
|
+void AuthenticationInfoRep::setRemoteUser(Boolean remoteUser)
|
|
+{
|
|
+ PEG_METHOD_ENTER(TRC_AUTHENTICATION,
|
|
+ "AuthenticationInfoRep::setRemoteUser");
|
|
+
|
|
+ _remoteUser = remoteUser;
|
|
+
|
|
+ PEG_METHOD_EXIT();
|
|
+}
|
|
+
|
|
AuthenticationInfoRep::~AuthenticationInfoRep()
|
|
{
|
|
PEG_METHOD_ENTER(
|
|
diff -up pegasus/src/Pegasus/Common/HTTPMessage.cpp_old pegasus/src/Pegasus/Common/HTTPMessage.cpp
|
|
--- pegasus/src/Pegasus/Common/HTTPMessage.cpp_old 2008-01-14 16:13:00.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Common/HTTPMessage.cpp 2008-01-14 16:13:27.000000000 +0100
|
|
@@ -120,7 +120,8 @@ HTTPMessage::HTTPMessage(
|
|
queueId(queueId_),
|
|
authInfo(0),
|
|
acceptLanguagesDecoded(false),
|
|
- contentLanguagesDecoded(false)
|
|
+ contentLanguagesDecoded(false),
|
|
+ fromRemoteHost(true)
|
|
{
|
|
if (cimException_)
|
|
cimException = *cimException_;
|
|
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
|
|
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h_old 2008-01-14 16:15:56.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h 2008-01-14 16:16:41.000000000 +0100
|
|
@@ -55,7 +55,8 @@ public:
|
|
|
|
Boolean authenticate(
|
|
const String& userName,
|
|
- const String& password);
|
|
+ const String& password,
|
|
+ Boolean isRemoteUser);
|
|
|
|
Boolean validateUser(const String& userName);
|
|
|
|
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
|
|
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp_old 2008-01-14 16:22:01.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp 2008-01-14 16:22:31.000000000 +0100
|
|
@@ -85,7 +85,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
|
|
|
|
Boolean PAMBasicAuthenticator::authenticate(
|
|
const String& userName,
|
|
- const String& password)
|
|
+ const String& password,
|
|
+ Boolean isRemoteUser)
|
|
{
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
|
|
"PAMBasicAuthenticator::authenticate()");
|
|
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h
|
|
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h_old 2008-01-14 16:14:59.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticator.h 2008-01-14 16:15:46.000000000 +0100
|
|
@@ -67,7 +67,8 @@ public:
|
|
*/
|
|
virtual Boolean authenticate(
|
|
const String& userName,
|
|
- const String& password) = 0;
|
|
+ const String& password,
|
|
+ Boolean isRemoteUser) = 0;
|
|
|
|
/** Construct and return the HTTP Basic authentication challenge header
|
|
@return A string containing the authentication challenge header.
|
|
diff -up pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
|
|
--- pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp_old 2008-01-14 16:22:42.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp 2008-01-14 16:25:46.000000000 +0100
|
|
@@ -36,6 +36,8 @@
|
|
#include <Pegasus/Common/Tracer.h>
|
|
#include "PAMBasicAuthenticator.h"
|
|
|
|
+#include <syslog.h>
|
|
+
|
|
PEGASUS_USING_STD;
|
|
|
|
PEGASUS_NAMESPACE_BEGIN
|
|
@@ -72,7 +74,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
|
|
|
|
Boolean PAMBasicAuthenticator::authenticate(
|
|
const String& userName,
|
|
- const String& password)
|
|
+ const String& password,
|
|
+ Boolean isRemoteUser)
|
|
{
|
|
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
|
|
"PAMBasicAuthenticator::authenticate()");
|
|
diff -up pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
|
|
--- pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp_old 2008-01-14 16:14:09.000000000 +0100
|
|
+++ pegasus/src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp 2008-01-14 16:14:42.000000000 +0100
|
|
@@ -164,7 +164,7 @@ Boolean BasicAuthenticationHandler::auth
|
|
}
|
|
authInfo->setRemotePrivilegedUserAccessChecked();
|
|
|
|
- authenticated = _basicAuthenticator->authenticate(userName, password);
|
|
+ authenticated = _basicAuthenticator->authenticate(userName, password, authInfo->isRemoteUser());
|
|
|
|
// Log audit message.
|
|
PEG_AUDIT_LOG(logBasicAuthentication(
|