00001 /******************************************************************************* 00002 * Copyright (C) 2001-2004 Vintela, Inc. All rights reserved. 00003 * 00004 * Redistribution and use in source and binary forms, with or without 00005 * modification, are permitted provided that the following conditions are met: 00006 * 00007 * - Redistributions of source code must retain the above copyright notice, 00008 * this list of conditions and the following disclaimer. 00009 * 00010 * - Redistributions in binary form must reproduce the above copyright notice, 00011 * this list of conditions and the following disclaimer in the documentation 00012 * and/or other materials provided with the distribution. 00013 * 00014 * - Neither the name of Vintela, Inc. nor the names of its 00015 * contributors may be used to endorse or promote products derived from this 00016 * software without specific prior written permission. 00017 * 00018 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' 00019 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00020 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00021 * ARE DISCLAIMED. IN NO EVENT SHALL Vintela, Inc. OR THE CONTRIBUTORS 00022 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 00023 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 00024 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00025 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 00026 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00027 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 00028 * POSSIBILITY OF SUCH DAMAGE. 00029 *******************************************************************************/ 00030 00036 #include "OW_config.h" 00037 #include "OW_ListenerAuthenticator.hpp" 00038 #include "OW_CryptographicRandomNumber.hpp" 00039 00040 namespace OW_NAMESPACE 00041 { 00042 00044 ListenerAuthenticator::ListenerAuthenticator() 00045 : AuthenticatorIFC(), m_passwdMap() 00046 {} 00048 ListenerAuthenticator::~ListenerAuthenticator() 00049 { 00050 } 00052 bool 00053 ListenerAuthenticator::doAuthenticate(String& userName, 00054 const String& info, String& details, OperationContext& context) 00055 { 00056 bool rval = false; 00057 if (info.empty()) // no "Authorization" header 00058 { 00059 details = "You must authenticate to access this resource"; 00060 return rval; 00061 } 00062 String password = info; 00063 if (m_passwdMap.count(userName) < 1) // user not found in password file 00064 { 00065 rval = false; 00066 } 00067 else 00068 { 00069 String truePass = m_passwdMap[userName]; 00070 rval = password.equals(truePass); 00071 } 00072 if (!rval) 00073 { 00074 details = "Invalid username or password"; 00075 } 00076 return rval; 00077 } 00079 void 00080 ListenerAuthenticator::doInit(ServiceEnvironmentIFCRef) 00081 { 00082 } 00084 String 00085 ListenerAuthenticator::getNewCredentials() 00086 { 00087 String name, pass; 00088 CryptographicRandomNumber rn('0', 'z'); 00089 MutexLock lock(m_mutex); 00090 do 00091 { 00092 name.erase(); 00093 for (size_t i = 0; i < 128;) 00094 { 00095 int x = rn.getNextNumber(); 00096 if ((x > '9' && x < 'A') || (x > 'Z' && x < 'a')) 00097 { // only allow alpha-numeric 00098 continue; 00099 } 00100 name += String(static_cast<char>(x)); 00101 ++i; 00102 } 00103 } while (m_passwdMap.find(name) != m_passwdMap.end()); 00104 for (size_t i = 0; i < 128;) 00105 { 00106 int x = rn.getNextNumber(); 00107 if ((x > '9' && x < 'A') || (x > 'Z' && x < 'a')) 00108 { // only allow alpha-numeric 00109 continue; 00110 } 00111 pass += String(static_cast<char>(x)); 00112 ++i; 00113 } 00114 m_passwdMap[name] = pass; 00115 return name + ":" + pass; 00116 } 00118 void 00119 ListenerAuthenticator::removeCredentials(const String& creds) 00120 { 00121 size_t idx = creds.indexOf(":"); 00122 String name = creds.substring(0, idx); 00123 Map<String, String>::iterator iter; 00124 MutexLock lock(m_mutex); 00125 iter = m_passwdMap.find(name); 00126 if (iter != m_passwdMap.end()) 00127 { 00128 m_passwdMap.erase(iter); 00129 } 00130 } 00131 00132 } // end namespace OW_NAMESPACE 00133