HP-SF: Fixed getenv(PEGASUS_TRACE) to use Tracer. Fixed UserAuthProvider and ConfigPr...

diff --git a/doc/changelog.txt b/doc/changelog.txt
index 0ce6b1a7cc306167fbb18e94d90700799c595866..5b3c0f18e82f5225b7cbe28f0d63bab792c66b82 100644 (file)
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -316,7 +316,11 @@ TAG: Version_1_09.
     causes it to go through all the motions except to request instances
     only for the current level.
 
-
+54. (Sushma Fernandes - HP) 28 May 2002 - Replaced getenv("PEGASUS_TRACE")
+    with Tracer calls. Fixed UserAuthProvider and ConfigSettingProvider to
+    check for user credentials. UserAuthProvider checks whether the user
+    is a priviliged user for all operations. ConfigSettingProvider checks
+    whether the user is a priviliged user only for write operations.
 
 ========================================================================
 

diff --git a/src/Clients/cimuser/CIMUserCommand.cpp b/src/Clients/cimuser/CIMUserCommand.cpp
index 0285604d5e63d0ece9c29266cd1ef041669f7c86..343ab28728a39bea301cdd091d17353d6d23bb7c 100644 (file)
--- a/src/Clients/cimuser/CIMUserCommand.cpp
+++ b/src/Clients/cimuser/CIMUserCommand.cpp
@@ -108,7 +108,7 @@ static const Uint32 OPERATION_TYPE_LIST           = 4;
 /**
     The constant representing the default namespace
 */
-const String PROPERTY_NAME_NAMESPACE                         = "root/PG_InterOp";
+const String PROPERTY_NAME_NAMESPACE                         = "root/PG_Internal";
  
 /**
     The constant representing the User class 

diff --git a/src/Pegasus/Common/HTTPAcceptor.cpp b/src/Pegasus/Common/HTTPAcceptor.cpp
index f0793fcaf730e370369e12e57cd5635cb136bee3..d0cce48807197c1556fab6c08099cfb3890a014d 100644 (file)
--- a/src/Pegasus/Common/HTTPAcceptor.cpp
+++ b/src/Pegasus/Common/HTTPAcceptor.cpp
@@ -55,6 +55,7 @@
 #include "TLS.h"
 #include "HTTPAcceptor.h"
 #include "HTTPConnection.h"
+#include "Tracer.h"
 
 PEGASUS_USING_STD;
 
@@ -384,19 +385,18 @@ void HTTPAcceptor::_acceptConnection()
 
    if (socket < 0)
    {
-      if (getenv("PEGASUS_TRACE"))
-        cerr <<"HTTPAcceptor: accept() failed" << endl;
-
+       PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL2,
+                        "HTTPAcceptor: accept() failed");
       return;
    }
 
    // Create a new conection and add it to the connection list:
 
    MP_Socket * mp_socket = new MP_Socket(socket, _sslcontext);
-   if (mp_socket->accept() < 0) {
-      if (getenv("PEGASUS_TRACE"))
-        cerr <<"HTTPAcceptor: SSL_accept() failed" << endl;
-
+   if (mp_socket->accept() < 0) 
+   {
+       PEG_TRACE_STRING(TRC_HTTP, Tracer::LEVEL2,
+                        "HTTPAcceptor: SSL_accept() failed");
       return;
    }
 

diff --git a/src/Pegasus/Common/MessageQueue.cpp b/src/Pegasus/Common/MessageQueue.cpp
index 460f03e3f2f19dd3ad5e26773c0ce29ba6c935f8..07d82bc4531bde19a9614e3b1da59eed4550baff 100644 (file)
--- a/src/Pegasus/Common/MessageQueue.cpp
+++ b/src/Pegasus/Common/MessageQueue.cpp
@@ -140,12 +140,14 @@ void MessageQueue::enqueue(Message* message) throw(IPCException)
        throw NullPointer();
     }
 
-    if (getenv("PEGASUS_TRACE"))
-    {
-       cout << "===== " << getQueueName() << ": ";
-       message->print(cout);
-    }
-    
+    PEG_TRACE_STRING( TRC_MESSAGEQUEUESERVICE, Tracer::LEVEL3, 
+                      String("Queue name: ") + getQueueName() ) ;
+    Tracer::trace   ( TRC_MESSAGEQUEUESERVICE, 
+                      Tracer::LEVEL3,
+                      "Message: [%s, %d]", 
+                      MessageTypeToString(message->getType()), 
+                      message->getKey() );
+
     _mut.lock(pegasus_thread_self());
     if (_back)
     {

diff --git a/src/Pegasus/Compiler/cimmofMessages.cpp b/src/Pegasus/Compiler/cimmofMessages.cpp
index 818e4d13377b7942f697fba957dc488b82c8afb4..5a0f8204cecd208afb63f3b99199aea71354c025 100755 (executable)
--- a/src/Pegasus/Compiler/cimmofMessages.cpp
+++ b/src/Pegasus/Compiler/cimmofMessages.cpp
@@ -94,9 +94,9 @@ static String _cimmofMessages[] = {
                                           // INSTANCE_PROPERTY_EXISTS_WARNING
   "Warning: property %2 already exists for this instance of class %1",
                                          // INSTANCE_EXISTS_WARNING
-  "Warning: the instance already exists in the repository.\nIn this"
+  "Warning: the instance already exists.\nIn this"
   " implementation, that means it cannot be changed.",
-  "Error adding an instance to the repository: %1", // ADD_INSTANCE_ERROR
+  "Error adding an instance: %1", // ADD_INSTANCE_ERROR
   ""
 };
 

diff --git a/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.cpp b/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.cpp
index 68c2771c9f8d563a9fe45690857586b3430c1da9..76560c7b91883cb698472b0e79c22864a61f0538 100644 (file)
--- a/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.cpp
+++ b/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.cpp
@@ -172,6 +172,28 @@ void ConfigSettingProvider::modifyInstance(
     {
         PEG_METHOD_ENTER(TRC_CONFIG, "ConfigSettingProvider::modifyInstance()");
 
+        //
+        // get userName 
+        //
+        String userName;
+        try
+        {
+            IdentityContainer container = context.get(CONTEXT_IDENTITY);
+            userName = container.getUserName();
+        }
+        catch (...)
+        {
+            userName = String::EMPTY;
+        }
+
+        //
+        // verify user authorizations
+        //
+        if ( userName != String::EMPTY || userName != "" )
+        {
+            _verifyAuthorization(userName);
+        }
+
         // NOTE: Qualifiers are not processed by this provider, so the
         // IncludeQualifiers flag is ignored.
 
@@ -477,5 +499,23 @@ void ConfigSettingProvider::enumerateInstanceNames(
         PEG_METHOD_EXIT();
     }
 
+//
+// Verify user authorization
+//
+void ConfigSettingProvider::_verifyAuthorization(const String& userName)
+    {
+        PEG_METHOD_ENTER(TRC_CONFIG,
+            "ConfigSettingProvider::_verifyAuthorization()");
+
+        if ( System::isPrivilegedUser(userName) == false )
+        {
+            PEG_METHOD_EXIT();
+            throw PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED, 
+                "Must be a privileged user to do this CIM operation.");
+        }
+
+        PEG_METHOD_EXIT();
+    }
+
 PEGASUS_NAMESPACE_END
 

diff --git a/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.h b/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.h
index b9a8fb67dc1dd6293c1894ee49ea4f918825ebbb..11093554bed028793b9567e17c7f490546a6c2af 100644 (file)
--- a/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.h
+++ b/src/Pegasus/ControlProviders/ConfigSettingProvider/ConfigSettingProvider.h
@@ -199,6 +199,16 @@ public:
 
 private:
 
+    /**
+        Verify User Authorization.
+
+        @param  user                    userName to be verified
+
+        @throw  CIM_ERR_ACCESS_DENIED   if the specified user is not a
+                                        priviliged user.
+    */
+    void _verifyAuthorization(const String& user);
+
     //
     // Config Manager Instance variable
     //

diff --git a/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.cpp b/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.cpp
index e478bb71c2cfc1aa39d8369375574be4baa12ed0..4d95525a65ee2e5d6f5a0923d7b05c0257c2670e 100644 (file)
--- a/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.cpp
+++ b/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.cpp
@@ -94,6 +94,24 @@ static const char METHOD_NAME_MODIFY_PASSWORD []  = "modifyPassword";
 */
 static const char CLASS_NAME_PG_AUTHORIZATION []  = "PG_Authorization";
 
+//
+// Verify user authorization
+//
+void UserAuthProvider::_verifyAuthorization(const String& user)
+{
+    PEG_METHOD_ENTER(TRC_CONFIG,
+        "UserAuthProvider::_verifyAuthorization()");
+
+    if ( System::isPrivilegedUser(user) == false )
+    {
+        PEG_METHOD_EXIT();
+        throw PEGASUS_CIM_EXCEPTION(CIM_ERR_ACCESS_DENIED,
+            "Must be a privileged user to execute this CIM operation.");
+    }
+
+    PEG_METHOD_EXIT();
+}
+
 //
 // Creates a new instance.
 //
@@ -112,6 +130,28 @@ void UserAuthProvider::createInstance(
     String      namespaceStr;
     String      authorizationStr;
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        const IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
     CIMInstance          modifiedInst = myInstance;
 
     // begin processing the request
@@ -292,6 +332,28 @@ void UserAuthProvider::deleteInstance(
 
     PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::deleteInstance");
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
     // begin processing the request
     handler.processing();
 
@@ -444,6 +506,28 @@ void UserAuthProvider::modifyInstance(
 {
     PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::modifyInstance"); 
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
     //
     // check if the class name requested is PG_Authorization
     //
@@ -539,6 +623,28 @@ void UserAuthProvider::enumerateInstances(
     Array<CIMInstance> instanceArray;
     Array<CIMNamedInstance> namedInstances;
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
     //
     // check if the class name requested is PG_Authorization
     //
@@ -594,6 +700,28 @@ void UserAuthProvider::enumerateInstanceNames(
     KeyBinding          kb;
     String            hostName;
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
     const String& className = classReference.getClassName();
     const String& nameSpace = classReference.getNameSpace();
 
@@ -694,6 +822,27 @@ void UserAuthProvider::invokeMethod(
 {
     PEG_METHOD_ENTER(TRC_USER_MANAGER,"UserAuthProvider::invokeMethod");
 
+    //
+    // get userName
+    //
+    String user;
+    try
+    {
+        IdentityContainer container = context.get(CONTEXT_IDENTITY);
+        user= container.getUserName();
+    }
+    catch (...)
+    {
+        user= String::EMPTY;
+    }
+    //
+    // verify user authorizations
+    //
+    if ( user != String::EMPTY || user != "" )
+    {
+        _verifyAuthorization(user);
+    }
+
 #ifndef PEGASUS_NO_PASSWORDFILE
     String            userName;
     String            password;

diff --git a/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h b/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h
index 1d6678180206358381f9244dca327df4bd9e86eb..212c14e8cebd7d1a648545b0909ecab8a5785f65 100644 (file)
--- a/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h
+++ b/src/Pegasus/ControlProviders/UserAuthProvider/UserAuthProvider.h
@@ -50,6 +50,7 @@
 #include <Pegasus/Common/CIMStatusCode.h>
 #include <Pegasus/Common/Tracer.h>
 #include <Pegasus/Common/Destroyer.h>
+#include <Pegasus/Common/OperationContext.h>
 
 #include <Pegasus/Repository/CIMRepository.h>
 #include <Pegasus/Provider/CIMInstanceProvider.h>
@@ -222,6 +223,15 @@ public:
     }
 
 private:
+    /**
+        Verify User Authorization.
+
+        @param  user                   userName to be verified
+
+        @throw  CIM_ERR_ACCESS_DENIED   if the specified user is not a
+                                        priviliged user.
+    */
+    void _verifyAuthorization(const String& user);
 
     //
     // User Manager Instance variable