securitypropertyowner.cpp

Pegasus is an open-source implementationof the DMTF CIM and WBEM standards. It is designed to be por

//%2006////////////////////////////////////////////////////////////////////////
//
// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development
// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.
// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation, The Open Group.
// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;
// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; VERITAS Software Corporation; The Open Group.
// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;
// EMC Corporation; Symantec Corporation; The Open Group.
//
// Permission is hereby granted, free of charge, to any person obtaining a copy
// of this software and associated documentation files (the "Software"), to
// deal in the Software without restriction, including without limitation the
// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
// sell copies of the Software, and to permit persons to whom the Software is
// furnished to do so, subject to the following conditions:
// 
// THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN
// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED
// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
//==============================================================================
//
//%/////////////////////////////////////////////////////////////////////////////


///////////////////////////////////////////////////////////////////////////////
//
// This file has implementation for the security property owner class.
//
///////////////////////////////////////////////////////////////////////////////

#include "ConfigManager.h"
#include "SecurityPropertyOwner.h"
#include <Pegasus/Common/FileSystem.h>
#include <Pegasus/Common/System.h>


PEGASUS_USING_STD;

PEGASUS_NAMESPACE_BEGIN

///////////////////////////////////////////////////////////////////////////////
//  SecurityPropertyOwner
///////////////////////////////////////////////////////////////////////////////

static struct ConfigPropertyRow properties[] =
{
///////////////////////////////////////////////////////////////////////////////
//  For z/OS, the follwing securtiy properties are fixed properties due to
//  listed in the FixedPropertyTablezOS.h . Because they are fixed, they
//  are hidden also:
//
//   enableAuthentication
//   passwordFilePath
//   sslCertificateFilePath
//   sslKeyFilePath
//   sslTrustStore
//   crlStore
//   sslClientVerificationMode
//   sslTrustStoreUserName
//   enableNamespaceAuthorization
//   kerberosServiceName
//   enableSubscriptionsForNonprivilegedUsers
//   authorizedUserGroups
///////////////////////////////////////////////////////////////////////////////

#ifdef PEGASUS_OS_OS400
    {"enableAuthentication", "true", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"enableAuthentication", "false", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
//#if defined(PEGASUS_OS_OS400) && defined(PEGASUS_KERBEROS_AUTHENTICATION)
//    {"httpAuthType", "Kerberos", IS_STATIC, 0, 0, IS_VISIBLE},
//#else
    {"httpAuthType", "Basic", IS_STATIC, 0, 0, IS_VISIBLE},
//#endif
    {"passwordFilePath", "cimserver.passwd", IS_STATIC, 0, 0, IS_VISIBLE},
#ifdef PEGASUS_OS_HPUX
    {"sslCertificateFilePath", "cert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
#else
# ifdef PEGASUS_OS_OS400
    {"sslCertificateFilePath",
         "ssl/keystore/servercert.pem", IS_STATIC, 0, 0, IS_VISIBLE},
# else
    {"sslCertificateFilePath", "server.pem", IS_STATIC, 0, 0, IS_VISIBLE},
# endif
#endif
#ifdef PEGASUS_OS_OS400
    {"sslKeyFilePath",
         "ssl/keystore/serverkey.pem", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"sslKeyFilePath", "file.pem", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
#ifdef PEGASUS_OS_OS400
    {"sslTrustStore", "ssl/truststore/", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"sslTrustStore", "cimserver_trust", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
# ifdef PEGASUS_OS_OS400
    {"crlStore", "ssl/crlstore/", IS_STATIC, 0, 0, IS_VISIBLE},
# else
    {"crlStore", "crl", IS_STATIC, 0, 0, IS_VISIBLE},
# endif
#endif
#ifdef PEGASUS_OS_OS400
    {"sslClientVerificationMode", "optional", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"sslClientVerificationMode", "disabled", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
    {"sslTrustStoreUserName", "", IS_STATIC, 0, 0, IS_VISIBLE},
#ifdef PEGASUS_OS_OS400
    {"enableNamespaceAuthorization", "true", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"enableNamespaceAuthorization", "false", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
#ifdef PEGASUS_KERBEROS_AUTHENTICATION
    {"kerberosServiceName", "cimom", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
#if defined(PEGASUS_OS_HPUX) || defined(PEGASUS_OS_LINUX)
# ifdef PEGASUS_USE_RELEASE_CONFIG_OPTIONS
    {"enableSubscriptionsForNonprivilegedUsers",
         "false", IS_STATIC, 0, 0, IS_VISIBLE},
# else
    {"enableSubscriptionsForNonprivilegedUsers",
         "true", IS_STATIC, 0, 0, IS_VISIBLE},
# endif
#else
# ifdef PEGASUS_OS_OS400
    {"enableSubscriptionsForNonprivilegedUsers",
         "false", IS_STATIC, 0, 0, IS_VISIBLE},
# else
    {"enableSubscriptionsForNonprivilegedUsers",
         "true", IS_STATIC, 0, 0, IS_HIDDEN},
# endif
#endif
#ifdef PEGASUS_OS_ZOS
    {"enableRemotePrivilegedUserAccess", "false", IS_STATIC, 0, 0, IS_VISIBLE},
#else
    {"enableRemotePrivilegedUserAccess", "true", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
    {"authorizedUserGroups", "", IS_STATIC, 0, 0, IS_VISIBLE},
#endif
};

const Uint32 NUM_PROPERTIES = sizeof(properties) / sizeof(properties[0]);


/** Constructors  */
SecurityPropertyOwner::SecurityPropertyOwner()
{
    _enableAuthentication.reset(new ConfigProperty());
    _enableNamespaceAuthorization.reset(new ConfigProperty());
    _httpAuthType.reset(new ConfigProperty());
    _passwordFilePath.reset(new ConfigProperty());
    _certificateFilePath.reset(new ConfigProperty());
    _keyFilePath.reset(new ConfigProperty());
    _trustStore.reset(new ConfigProperty());
#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
    _crlStore.reset(new ConfigProperty());
#endif
    _sslClientVerificationMode.reset(new ConfigProperty());
    _sslTrustStoreUserName.reset(new ConfigProperty());
    _enableRemotePrivilegedUserAccess.reset(new ConfigProperty());
    _enableSubscriptionsForNonprivilegedUsers.reset(new ConfigProperty());
#ifdef PEGASUS_ENABLE_USERGROUP_AUTHORIZATION
    _authorizedUserGroups.reset(new ConfigProperty());
#endif
#ifdef PEGASUS_KERBEROS_AUTHENTICATION
    _kerberosServiceName.reset(new ConfigProperty());
#endif
}


/**
    Initialize the config properties.
*/
void SecurityPropertyOwner::initialize()
{
    for (Uint32 i = 0; i < NUM_PROPERTIES; i++)
    {
        //
        // Initialize the properties with default values
        //
        if (String::equalNoCase(
            properties[i].propertyName, "enableAuthentication"))
        {
            _enableAuthentication->propertyName = properties[i].propertyName;
            _enableAuthentication->defaultValue = properties[i].defaultValue;
            _enableAuthentication->currentValue = properties[i].defaultValue;
            _enableAuthentication->plannedValue = properties[i].defaultValue;
            _enableAuthentication->dynamic = properties[i].dynamic;
            _enableAuthentication->domain = properties[i].domain;
            _enableAuthentication->domainSize = properties[i].domainSize;
            _enableAuthentication->externallyVisible =
                properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
            properties[i].propertyName, "enableNamespaceAuthorization"))
        {
            _enableNamespaceAuthorization->propertyName =
                properties[i].propertyName;
            _enableNamespaceAuthorization->defaultValue =
                properties[i].defaultValue;
            _enableNamespaceAuthorization->currentValue =
                properties[i].defaultValue;
            _enableNamespaceAuthorization->plannedValue =
                properties[i].defaultValue;
            _enableNamespaceAuthorization->dynamic = properties[i].dynamic;
            _enableNamespaceAuthorization->domain = properties[i].domain;
            _enableNamespaceAuthorization->domainSize =
                properties[i].domainSize;
            _enableNamespaceAuthorization->externallyVisible =
                properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
                     properties[i].propertyName, "httpAuthType"))
        {
            _httpAuthType->propertyName = properties[i].propertyName;
            _httpAuthType->defaultValue = properties[i].defaultValue;
            _httpAuthType->currentValue = properties[i].defaultValue;
            _httpAuthType->plannedValue = properties[i].defaultValue;
            _httpAuthType->dynamic = properties[i].dynamic;
            _httpAuthType->domain = properties[i].domain;
            _httpAuthType->domainSize = properties[i].domainSize;
            _httpAuthType->externallyVisible = properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
                     properties[i].propertyName, "passwordFilePath"))
        {
            _passwordFilePath->propertyName = properties[i].propertyName;
            _passwordFilePath->defaultValue = properties[i].defaultValue;
            _passwordFilePath->currentValue = properties[i].defaultValue;
            _passwordFilePath->plannedValue = properties[i].defaultValue;
            _passwordFilePath->dynamic = properties[i].dynamic;
            _passwordFilePath->domain = properties[i].domain;
            _passwordFilePath->domainSize = properties[i].domainSize;
            _passwordFilePath->externallyVisible =
                properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
                     properties[i].propertyName, "sslCertificateFilePath"))
        {
            _certificateFilePath->propertyName = properties[i].propertyName;
            _certificateFilePath->defaultValue = properties[i].defaultValue;
            _certificateFilePath->currentValue = properties[i].defaultValue;
            _certificateFilePath->plannedValue = properties[i].defaultValue;
            _certificateFilePath->dynamic = properties[i].dynamic;
            _certificateFilePath->domain = properties[i].domain;
            _certificateFilePath->domainSize = properties[i].domainSize;
            _certificateFilePath->externallyVisible =
                properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
                     properties[i].propertyName, "sslKeyFilePath"))
        {
            _keyFilePath->propertyName = properties[i].propertyName;
            _keyFilePath->defaultValue = properties[i].defaultValue;
            _keyFilePath->currentValue = properties[i].defaultValue;
            _keyFilePath->plannedValue = properties[i].defaultValue;
            _keyFilePath->dynamic = properties[i].dynamic;
            _keyFilePath->domain = properties[i].domain;
            _keyFilePath->domainSize = properties[i].domainSize;
            _keyFilePath->externallyVisible = properties[i].externallyVisible;
        }
        else if (String::equalNoCase(
                     properties[i].propertyName, "sslTrustStore"))
        {
            _trustStore->propertyName = properties[i].propertyName;
            _trustStore->defaultValue = properties[i].defaultValue;
            _trustStore->currentValue = properties[i].defaultValue;
            _trustStore->plannedValue = properties[i].defaultValue;
            _trustStore->dynamic = properties[i].dynamic;
            _trustStore->domain = properties[i].domain;
            _trustStore->domainSize = properties[i].domainSize;
            _trustStore->externallyVisible = properties[i].externallyVisible;

            // do not initialize trustpath; a truststore is not required
            // for SSL handshakes a server may wish to connect on HTTPS
            // but not verify clients
        }
#ifdef PEGASUS_ENABLE_SSL_CRL_VERIFICATION
        else if (String::equalNoCase(