📄 httpauthenticatordelegator.cpp
字号:
// Search for Authorization header: // String authorization; if (HTTPMessage::lookupHeader(headers, _HTTP_HEADER_PEGASUSAUTHORIZATION, authorization, false) && enableAuthentication) { try { // // Do pegasus/local authentication // authenticated = _authenticationManager->performPegasusAuthentication( authorization, httpMessage->authInfo); if (!authenticated) { String authChallenge; String authResp; authResp = _authenticationManager-> getPegasusAuthResponseHeader( authorization, httpMessage->authInfo); if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp,closeConnect); } else { MessageLoaderParms msgParms( "Pegasus.Server.HTTPAuthenticatorDelegator." "AUTHORIZATION_HEADER_ERROR", "Authorization header error"); String msg(MessageLoader::getMessage(msgParms)); _sendHttpError( queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, msg, closeConnect); } PEG_METHOD_EXIT(); return; } } catch (const CannotOpenFile&) { _sendHttpError( queueId, HTTP_STATUS_INTERNALSERVERERROR, String::EMPTY, String::EMPTY, closeConnect); PEG_METHOD_EXIT(); return; } } if (HTTPMessage::lookupHeader( headers, _HTTP_HEADER_AUTHORIZATION, authorization, false) && enableAuthentication) { // // Do http authentication if not authenticated already // if (!authenticated) { authenticated = _authenticationManager->performHttpAuthentication( authorization, httpMessage->authInfo); if (!authenticated) { //ATTN: the number of challenges get sent for a // request on a connection can be pre-set.#ifdef PEGASUS_KERBEROS_AUTHENTICATION // Kerberos authentication needs access to the // AuthenticationInfo object for this session in // order to set up the reference to the // CIMKerberosSecurityAssociation object for this // session. String authResp = _authenticationManager->getHttpAuthResponseHeader( httpMessage->authInfo);#else String authResp = _authenticationManager->getHttpAuthResponseHeader();#endif if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp,closeConnect); } else { MessageLoaderParms msgParms( "Pegasus.Server.HTTPAuthenticatorDelegator." "AUTHORIZATION_HEADER_ERROR", "Authorization header error"); String msg(MessageLoader::getMessage(msgParms)); _sendHttpError( queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, msg, closeConnect); } PEG_METHOD_EXIT(); return; } } // first not authenticated check } // "Authorization" header check } //end if (!authenticated && enableAuthentication)#ifdef PEGASUS_KERBEROS_AUTHENTICATION // The pointer to the sa is created in the authenticator so we need // to also assign it here. sa = httpMessage->authInfo->getSecurityAssociation(); if (sa) { // 0 - continue, 1 = send success, 2 = send response Uint32 sendAction = 0; // The following is processing to unwrap (decrypt) the request // from the client when using kerberos authentication. sa->unwrapRequestMessage( httpMessage->message, contentLength, authenticated, sendAction); if (sendAction) // send success or send response { if (httpMessage->message.size() == 0) { MessageLoaderParms msgParms( "Pegasus.Server.HTTPAuthenticatorDelegator." "AUTHORIZATION_HEADER_ERROR", "Authorization header error"); String msg(MessageLoader::getMessage(msgParms)); _sendHttpError( queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, msg, closeConnect); } else { if (sendAction == 1) // Send success { _sendSuccess( queueId, String( httpMessage->message.getData(), httpMessage->message.size()), closeConnect); } if (sendAction == 2) // Send response { _sendResponse( queueId, httpMessage->message, closeConnect); } } PEG_METHOD_EXIT(); return; } }#endif if (authenticated || !enableAuthentication) { // Final bastion to ensure the remote privileged user access // check is done as it should be // check for remote privileged User Access if (!httpMessage->authInfo->getRemotePrivilegedUserAccessChecked()) { // the AuthenticationHandler did not process the // enableRemotePrivilegedUserAccess check // time to do it ourselves String userName = httpMessage->authInfo->getAuthenticatedUser(); if (!AuthenticationManager::isRemotePrivilegedUserAccessAllowed( userName)) { // Send client a message that we can't proceed to talk // to him // HTTP 401 ? MessageLoaderParms msgParms( "Server.CIMOperationRequestAuthorizer." "REMOTE_NOT_ENABLED", "Remote privileged user access is not enabled."); String msg(MessageLoader::getMessage(msgParms)); _sendHttpError( queueId, HTTP_STATUS_UNAUTHORIZED, String::EMPTY, msg, closeConnect); PEG_METHOD_EXIT(); return; } httpMessage->authInfo->setRemotePrivilegedUserAccessChecked(); } // // Search for "CIMOperation" header: // String cimOperation; if (HTTPMessage::lookupHeader( headers, _HTTP_HEADER_CIMOPERATION, cimOperation, true)) { PEG_LOGGER_TRACE( (Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, "HTTPAuthenticatorDelegator - CIMOperation: $0 ", cimOperation)); MessageQueue* queue = MessageQueue::lookup(_operationMessageQueueId); if (queue) { httpMessage->dest = queue->getQueueId(); try { queue->enqueue(httpMessage); } catch (const bad_alloc&) { delete httpMessage; _sendHttpError( queueId, HTTP_STATUS_REQUEST_TOO_LARGE, String::EMPTY, String::EMPTY, closeConnect); PEG_METHOD_EXIT(); deleteMessage = false; return; } deleteMessage = false; } } else if (HTTPMessage::lookupHeader( headers, _HTTP_HEADER_CIMEXPORT, cimOperation, true)) { Logger::put( Logger::STANDARD_LOG, System::CIMSERVER, Logger::TRACE, "HTTPAuthenticatorDelegator - CIMExport: $0 ",cimOperation); MessageQueue* queue = MessageQueue::lookup(_exportMessageQueueId); if (queue) { httpMessage->dest = queue->getQueueId(); queue->enqueue(httpMessage); deleteMessage = false; } } else { // We don't recognize this request message type // The Specification for CIM Operations over HTTP reads: // // 3.3.4. CIMOperation // // If a CIM Server receives a CIM Operation request without // this [CIMOperation] header, it MUST NOT process it as if // it were a CIM Operation Request. The status code // returned by the CIM Server in response to such a request // is outside of the scope of this specification. // // 3.3.5. CIMExport // // If a CIM Listener receives a CIM Export request without // this [CIMExport] header, it MUST NOT process it. The // status code returned by the CIM Listener in response to // such a request is outside of the scope of this // specification. // // The author has chosen to send a 400 Bad Request error, but // without the CIMError header since this request must not be // processed as a CIM request. _sendHttpError( queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, String::EMPTY, closeConnect); PEG_METHOD_EXIT(); return; } // bad request } // authenticated and enableAuthentication check else { // client not authenticated; send challenge#ifdef PEGASUS_KERBEROS_AUTHENTICATION String authResp = _authenticationManager->getHttpAuthResponseHeader( httpMessage->authInfo);#else String authResp = _authenticationManager->getHttpAuthResponseHeader();#endif if (!String::equal(authResp, String::EMPTY)) { _sendChallenge(queueId, authResp,closeConnect); } else { MessageLoaderParms msgParms( "Pegasus.Server.HTTPAuthenticatorDelegator." "AUTHORIZATION_HEADER_ERROR", "Authorization header error"); String msg(MessageLoader::getMessage(msgParms)); _sendHttpError( queueId, HTTP_STATUS_BADREQUEST, String::EMPTY, msg, closeConnect); } } } // M-POST and POST processing PEG_METHOD_EXIT();}PEGASUS_NAMESPACE_END⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -