📄 httpauthenticatordelegator.cpp
字号:
//%2006//////////////////////////////////////////////////////////////////////////// Copyright (c) 2000, 2001, 2002 BMC Software; Hewlett-Packard Development// Company, L.P.; IBM Corp.; The Open Group; Tivoli Systems.// Copyright (c) 2003 BMC Software; Hewlett-Packard Development Company, L.P.;// IBM Corp.; EMC Corporation, The Open Group.// Copyright (c) 2004 BMC Software; Hewlett-Packard Development Company, L.P.;// IBM Corp.; EMC Corporation; VERITAS Software Corporation; The Open Group.// Copyright (c) 2005 Hewlett-Packard Development Company, L.P.; IBM Corp.;// EMC Corporation; VERITAS Software Corporation; The Open Group.// Copyright (c) 2006 Hewlett-Packard Development Company, L.P.; IBM Corp.;// EMC Corporation; Symantec Corporation; The Open Group.//// Permission is hereby granted, free of charge, to any person obtaining a copy// of this software and associated documentation files (the "Software"), to// deal in the Software without restriction, including without limitation the// rights to use, copy, modify, merge, publish, distribute, sublicense, and/or// sell copies of the Software, and to permit persons to whom the Software is// furnished to do so, subject to the following conditions:// // THE ABOVE COPYRIGHT NOTICE AND THIS PERMISSION NOTICE SHALL BE INCLUDED IN// ALL COPIES OR SUBSTANTIAL PORTIONS OF THE SOFTWARE. THE SOFTWARE IS PROVIDED// "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT// LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR// PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT// HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN// ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.////==============================================================================////%/////////////////////////////////////////////////////////////////////////////#include <Pegasus/Common/Constants.h>#include <Pegasus/Common/HTTPAcceptor.h>#include <Pegasus/Common/HTTPConnection.h>#include <Pegasus/Common/HTTPMessage.h>#include <Pegasus/Common/XmlWriter.h>#include <Pegasus/Config/ConfigManager.h>#include <Pegasus/Common/Thread.h>#include "HTTPAuthenticatorDelegator.h"#include <Pegasus/Common/MessageLoader.h>#include <Pegasus/Common/FileSystem.h>#include <Pegasus/Common/LanguageParser.h>#ifdef PEGASUS_KERBEROS_AUTHENTICATION# include <Pegasus/Common/CIMKerberosSecurityAssociation.h>#endifPEGASUS_USING_STD;PEGASUS_NAMESPACE_BEGINstatic const String _HTTP_VERSION_1_0 = "HTTP/1.0";static const String _HTTP_METHOD_MPOST = "M-POST";static const String _HTTP_METHOD = "POST";static const String _HTTP_HEADER_CIMEXPORT = "CIMExport";static const String _HTTP_HEADER_CONNECTION = "Connection";static const String _HTTP_HEADER_CIMOPERATION = "CIMOperation";static const String _HTTP_HEADER_ACCEPT_LANGUAGE = "Accept-Language";static const String _HTTP_HEADER_CONTENT_LANGUAGE = "Content-Language";static const String _HTTP_HEADER_AUTHORIZATION = "Authorization";static const String _HTTP_HEADER_PEGASUSAUTHORIZATION = "PegasusAuthorization";static const String _CONFIG_PARAM_ENABLEAUTHENTICATION = "enableAuthentication";HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator( Uint32 operationMessageQueueId, Uint32 exportMessageQueueId, CIMRepository* repository) : Base(PEGASUS_QUEUENAME_HTTPAUTHDELEGATOR, MessageQueue::getNextQueueId()), _operationMessageQueueId(operationMessageQueueId), _exportMessageQueueId(exportMessageQueueId), _repository(repository){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::HTTPAuthenticatorDelegator"); _authenticationManager.reset(new AuthenticationManager()); PEG_METHOD_EXIT();}HTTPAuthenticatorDelegator::~HTTPAuthenticatorDelegator(){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::~HTTPAuthenticatorDelegator"); PEG_METHOD_EXIT();}void HTTPAuthenticatorDelegator::enqueue(Message* message){ handleEnqueue(message);}void HTTPAuthenticatorDelegator::_sendResponse( Uint32 queueId, Buffer& message, Boolean closeConnect){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendResponse"); MessageQueue* queue = MessageQueue::lookup(queueId); if (queue) { HTTPMessage* httpMessage = new HTTPMessage(message); httpMessage->dest = queue->getQueueId(); httpMessage->setCloseConnect(closeConnect); queue->enqueue(httpMessage); } PEG_METHOD_EXIT();}#ifdef PEGASUS_KERBEROS_AUTHENTICATIONvoid HTTPAuthenticatorDelegator::_sendSuccess( Uint32 queueId, const String& authResponse, Boolean closeConnect){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendSuccess"); // // build OK (200) response message // Buffer message; XmlWriter::appendOKResponseHeader(message, authResponse); _sendResponse(queueId, message,closeConnect); PEG_METHOD_EXIT();}#endifvoid HTTPAuthenticatorDelegator::_sendChallenge( Uint32 queueId, const String& authResponse, Boolean closeConnect){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendChallenge"); // // build unauthorized (401) response message // Buffer message; XmlWriter::appendUnauthorizedResponseHeader(message, authResponse); _sendResponse(queueId, message,closeConnect); PEG_METHOD_EXIT();}void HTTPAuthenticatorDelegator::_sendHttpError( Uint32 queueId, const String& status, const String& cimError, const String& pegasusError, Boolean closeConnect){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::_sendHttpError"); // // build error response message // Buffer message; message = XmlWriter::formatHttpErrorRspMessage( status, cimError, pegasusError); _sendResponse(queueId, message,closeConnect); PEG_METHOD_EXIT();}void HTTPAuthenticatorDelegator::handleEnqueue(Message *message){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleEnqueue"); if (!message) { PEG_METHOD_EXIT(); return; } // Flag indicating whether the message should be deleted after handling. // This should be set to false by handleHTTPMessage when the message is // passed as is to another queue. Boolean deleteMessage = true; if (message->getType() == HTTP_MESSAGE) { handleHTTPMessage((HTTPMessage*)message, deleteMessage); } if (deleteMessage) { PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Deleting Message in HTTPAuthenticator::handleEnqueue"); delete message; } PEG_METHOD_EXIT();}void HTTPAuthenticatorDelegator::handleEnqueue(){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleEnqueue"); Message* message = dequeue(); if (message) handleEnqueue(message); PEG_METHOD_EXIT();}void HTTPAuthenticatorDelegator::handleHTTPMessage( HTTPMessage* httpMessage, Boolean& deleteMessage){ PEG_METHOD_ENTER(TRC_HTTP, "HTTPAuthenticatorDelegator::handleHTTPMessage"); deleteMessage = true; // ATTN-RK-P3-20020408: This check probably shouldn't be necessary, but // we're getting an empty message when the client closes the connection if (httpMessage->message.size() == 0) { // The message is empty; just drop it PEG_METHOD_EXIT(); return; } // // Save queueId: // Uint32 queueId = httpMessage->queueId; // // Parse the HTTP message: // String startLine; Array<HTTPHeader> headers; Uint32 contentLength; String connectClose; Boolean closeConnect = false; httpMessage->parse(startLine, headers, contentLength); // // Check for Connection: Close // if (HTTPMessage::lookupHeader( headers, _HTTP_HEADER_CONNECTION, connectClose, false)) { if (String::equalNoCase(connectClose, "Close")) { PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Header in HTTP Message Contains a Connection: Close"); closeConnect = true; httpMessage->setCloseConnect(closeConnect); } } // // Handle authentication: // ConfigManager* configManager = ConfigManager::getInstance(); Boolean enableAuthentication = false; Boolean authenticated = false;#ifdef PEGASUS_KERBEROS_AUTHENTICATION CIMKerberosSecurityAssociation* sa = NULL; // The presence of a Security Association indicates that Kerberos is // being used. // Reset flag for subsequent calls to indicate that no Authorization // record was sent. If one was sent the flag will be appropriately reset // later. // The sa is maintained while the connection is active. sa = httpMessage->authInfo->getSecurityAssociation(); if (sa) { sa->setClientSentAuthorization(false); }#endif if (ConfigManager::parseBooleanValue(configManager->getCurrentValue( _CONFIG_PARAM_ENABLEAUTHENTICATION))) { enableAuthentication = true;#ifdef PEGASUS_KERBEROS_AUTHENTICATION // If we are using Kerberos (sa pointer is set), the client has // already authenticated, and the client is NOT attempting to // re-authenticate (dermined by an Authorization record being sent), // then we want to set the local authenticate flag to true so that // the authentication logic is skipped. String authstr; if (sa && sa->getClientAuthenticated() && !HTTPMessage::lookupHeader( headers, "Authorization", authstr, false)) { authenticated = true; } if (!sa) { authenticated = httpMessage->authInfo->isAuthenticated(); }#else // Client may have already authenticated via SSL. // In this case, no further attempts to authenticate the client are made authenticated = httpMessage->authInfo->isAuthenticated();#endif // Get the user name associated with the certificate (using the // certificate chain, if necessary). String certUserName; if (authenticated && (String::equal(httpMessage->authInfo->getAuthType(), AuthenticationInfoRep::AUTH_TYPE_SSL))) { PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL3, "Client was authenticated via trusted SSL certificate."); String trustStore = configManager->getCurrentValue("sslTrustStore");⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -