causes it to go through all the motions except to request instances
only for the current level.
-
+54. (Sushma Fernandes - HP) 28 May 2002 - Replaced getenv("PEGASUS_TRACE")
+ with Tracer calls. Fixed UserAuthProvider and ConfigSettingProvider to
+ check for user credentials. UserAuthProvider checks whether the user
+ is a priviliged user for all operations. ConfigSettingProvider checks
+ whether the user is a priviliged user only for write operations.
========================================================================
/**
The constant representing the default namespace
*/
-const String PROPERTY_NAME_NAMESPACE = "root/PG_InterOp";
+const String PROPERTY_NAME_NAMESPACE = "root/PG_Internal";
/**
The constant representing the User class
#include "TLS.h"
#include "HTTPAcceptor.h"
#include "HTTPConnection.h"
+#include "Tracer.h"
PEGASUS_USING_STD;
if (socket < 0)
{
- if (getenv("PEGASUS_TRACE"))
- cerr <<"HTTPAcceptor: accept() failed" << endl;
-
+ PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL2,
+ "HTTPAcceptor: accept() failed");
return;
}
// Create a new conection and add it to the connection list:
MP_Socket * mp_socket = new MP_Socket(socket, _sslcontext);
- if (mp_socket->accept() < 0) {
- if (getenv("PEGASUS_TRACE"))
- cerr <<"HTTPAcceptor: SSL_accept() failed" << endl;
-
+ if (mp_socket->accept() < 0)
+ {
+ PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL2,
+ "HTTPAcceptor: SSL_accept() failed");
return;
}
throw NullPointer();
}
- if (getenv("PEGASUS_TRACE"))
- {
- cout << "===== " << getQueueName() << ": ";
- message->print(cout);
- }
-
+ PEG_TRACE_STRING( TRC_MESSAGEQUEUESERVICE, Tracer::LEVEL3,
+ String("Queue name: ") + getQueueName() ) ;
+ Tracer::trace ( TRC_MESSAGEQUEUESERVICE,
+ Tracer::LEVEL3,
+ "Message: [%s, %d]",
+ MessageTypeToString(message->getType()),
+ message->getKey() );
+
_mut.lock(pegasus_thread_self());
if (_back)
{
// INSTANCE_PROPERTY_EXISTS_WARNING
"Warning: property %2 already exists for this instance of class %1",
// INSTANCE_EXISTS_WARNING
- "Warning: the instance already exists in the repository.\nIn this"
+ "Warning: the instance already exists.\nIn this"
" implementation, that means it cannot be changed.",
- "Error adding an instance to the repository: %1", // ADD_INSTANCE_ERROR
+ "Error adding an instance: %1", // ADD_INSTANCE_ERROR
""
};
{
PEG_METHOD_ENTER(TRC_CONFIG, "ConfigSettingProvider::modifyInstance()");
+ //
+ // get userName
+ //
+ String userName;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ userName = container.getUserName();
+ }
+ catch (...)
+ {
+ userName = String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( userName != String::EMPTY || userName != "" )
+ {
+ _verifyAuthorization(userName);
+ }
+
// NOTE: Qualifiers are not processed by this provider, so the
// IncludeQualifiers flag is ignored.
PEG_METHOD_EXIT();
}
+//
+// Verify user authorization
+//
+void ConfigSettingProvider::_verifyAuthorization(const String& userName)
+ {
+ PEG_METHOD_ENTER(TRC_CONFIG,
+ "ConfigSettingProvider::_verifyAuthorization()");
+
+ if ( System::isPrivilegedUser(userName) == false )
+ {
+ PEG_METHOD_EXIT();
+ throw PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED,
+ "Must be a privileged user to do this CIM operation.");
+ }
+
+ PEG_METHOD_EXIT();
+ }
+
PEGASUS_NAMESPACE_END
private:
+ /**
+ Verify User Authorization.
+
+ @param user userName to be verified
+
+ @throw CIM_ERR_ACCESS_DENIED if the specified user is not a
+ priviliged user.
+ */
+ void _verifyAuthorization(const String& user);
+
//
// Config Manager Instance variable
//
*/
static const char CLASS_NAME_PG_AUTHORIZATION [] = "PG_Authorization";
+//
+// Verify user authorization
+//
+void UserAuthProvider::_verifyAuthorization(const String& user)
+{
+ PEG_METHOD_ENTER(TRC_CONFIG,
+ "UserAuthProvider::_verifyAuthorization()");
+
+ if ( System::isPrivilegedUser(user) == false )
+ {
+ PEG_METHOD_EXIT();
+ throw PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED,
+ "Must be a privileged user to execute this CIM operation.");
+ }
+
+ PEG_METHOD_EXIT();
+}
+
//
// Creates a new instance.
//
String namespaceStr;
String authorizationStr;
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ const IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
CIMInstance modifiedInst = myInstance;
// begin processing the request
PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::deleteInstance");
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
// begin processing the request
handler.processing();
{
PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::modifyInstance");
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
//
// check if the class name requested is PG_Authorization
//
Array<CIMInstance> instanceArray;
Array<CIMNamedInstance> namedInstances;
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
//
// check if the class name requested is PG_Authorization
//
KeyBinding kb;
String hostName;
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
const String& className = classReference.getClassName();
const String& nameSpace = classReference.getNameSpace();
{
PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::invokeMethod");
+ //
+ // get userName
+ //
+ String user;
+ try
+ {
+ IdentityContainer container = context.get(CONTEXT_IDENTITY);
+ user= container.getUserName();
+ }
+ catch (...)
+ {
+ user= String::EMPTY;
+ }
+ //
+ // verify user authorizations
+ //
+ if ( user != String::EMPTY || user != "" )
+ {
+ _verifyAuthorization(user);
+ }
+
#ifndef PEGASUS_NO_PASSWORDFILE
String userName;
String password;
#include <Pegasus/Common/CIMStatusCode.h>
#include <Pegasus/Common/Tracer.h>
#include <Pegasus/Common/Destroyer.h>
+#include <Pegasus/Common/OperationContext.h>
#include <Pegasus/Repository/CIMRepository.h>
#include <Pegasus/Provider/CIMInstanceProvider.h>
}
private:
+ /**
+ Verify User Authorization.
+
+ @param user userName to be verified
+
+ @throw CIM_ERR_ACCESS_DENIED if the specified user is not a
+ priviliged user.
+ */
+ void _verifyAuthorization(const String& user);
//
// User Manager Instance variable