OW_SimpleAuthorizer.cpp

Go to the documentation of this file.
00001 /*******************************************************************************
00002 * Copyright (C) 2001-2004 Vintela, Inc. All rights reserved.
00003 *
00004 * Redistribution and use in source and binary forms, with or without
00005 * modification, are permitted provided that the following conditions are met:
00006 *
00007 *  - Redistributions of source code must retain the above copyright notice,
00008 *    this list of conditions and the following disclaimer.
00009 *
00010 *  - Redistributions in binary form must reproduce the above copyright notice,
00011 *    this list of conditions and the following disclaimer in the documentation
00012 *    and/or other materials provided with the distribution.
00013 *
00014 *  - Neither the name of Vintela, Inc. nor the names of its
00015 *    contributors may be used to endorse or promote products derived from this
00016 *    software without specific prior written permission.
00017 *
00018 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS''
00019 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00020 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00021 * ARE DISCLAIMED. IN NO EVENT SHALL Vintela, Inc. OR THE CONTRIBUTORS
00022 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
00023 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
00024 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00025 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
00026 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00027 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
00028 * POSSIBILITY OF SUCH DAMAGE.
00029 *******************************************************************************/
00030 
00035 #include "OW_config.h"
00036 #include "OW_SimpleAuthorizer.hpp"
00037 #include "OW_Assertion.hpp"
00038 #include "OW_UserInfo.hpp"
00039 #include "OW_OperationContext.hpp"
00040 #include "OW_Logger.hpp"
00041 #include "OW_Format.hpp"
00042 #include "OW_ConfigOpts.hpp"
00043 #include "OW_CIMClass.hpp"
00044 #include "OW_CIMValue.hpp"
00045 #include "OW_CIMException.hpp"
00046 #include "OW_CIMObjectPath.hpp"
00047 #include "OW_CIMInstance.hpp"
00048 #include "OW_CIMProperty.hpp"
00049 #include "OW_CIMQualifierType.hpp"
00050 #include "OW_IntrusiveCountableBase.hpp"
00051 #include "OW_ServiceIFCNames.hpp"
00052 
00053 namespace OW_NAMESPACE
00054 {
00055 
00056 using namespace WBEMFlags;
00057 
00058 class AccessMgr : public IntrusiveCountableBase
00059 {
00060 public:
00061    static const String COMPONENT_NAME;
00062    enum
00063    {
00064       GETCLASS,
00065       GETINSTANCE,
00066       DELETECLASS,
00067       DELETEINSTANCE,
00068       CREATECLASS,
00069       CREATEINSTANCE,
00070       MODIFYCLASS,
00071       MODIFYINSTANCE,
00072       ENUMERATECLASSES,
00073       ENUMERATECLASSNAMES,
00074       ENUMERATEINSTANCES,
00075       ENUMERATEINSTANCENAMES,
00076       ASSOCIATORS,
00077       ASSOCIATORNAMES,
00078       REFERENCES,
00079       REFERENCENAMES,
00080       GETPROPERTY,
00081       SETPROPERTY,
00082       GETQUALIFIER,
00083       SETQUALIFIER,
00084       DELETEQUALIFIER,
00085       ENUMERATEQUALIFIERS,
00086       CREATENAMESPACE,
00087       DELETENAMESPACE,
00088       ENUMERATENAMESPACE,
00089       INVOKEMETHOD
00090    };
00091    AccessMgr(const RepositoryIFCRef& pServer);
00100    void checkAccess(int op, const String& ns, OperationContext& context);
00101 
00102    void setEnv(const ServiceEnvironmentIFCRef& env) { m_env = env; }
00103 
00104 private:
00105    String getMethodType(int op);
00106    RepositoryIFCRef m_pServer;
00107    ServiceEnvironmentIFCRef m_env;
00108 };
00109    
00110 const String AccessMgr::COMPONENT_NAME("ow.authorizer.simple");
00111 
00112 
00114 AccessMgr::AccessMgr(const RepositoryIFCRef& pServer)
00115    : m_pServer(pServer)
00116 {
00117 }
00119 String
00120 AccessMgr::getMethodType(int op)
00121 {
00122    switch (op)
00123    {
00124       case GETCLASS:
00125       case GETINSTANCE:
00126       case ENUMERATECLASSES:
00127       case ENUMERATECLASSNAMES:
00128       case ENUMERATEINSTANCES:
00129       case ENUMERATEINSTANCENAMES:
00130       case ENUMERATEQUALIFIERS:
00131       case GETPROPERTY:
00132       case GETQUALIFIER:
00133       case ENUMERATENAMESPACE:
00134       case ASSOCIATORS:
00135       case ASSOCIATORNAMES:
00136       case REFERENCES:
00137       case REFERENCENAMES:
00138          return String("r");
00139       case DELETECLASS:
00140       case DELETEINSTANCE:
00141       case CREATECLASS:
00142       case CREATEINSTANCE:
00143       case MODIFYCLASS:
00144       case MODIFYINSTANCE:
00145       case SETPROPERTY:
00146       case SETQUALIFIER:
00147       case DELETEQUALIFIER:
00148       case CREATENAMESPACE:
00149       case DELETENAMESPACE:
00150          return String("w");
00151       case INVOKEMETHOD:
00152          return String("rw");
00153       default:
00154          OW_ASSERT("Unknown operation type passed to "
00155             "AccessMgr.  This shouldn't happen" == 0);
00156    }
00157    return "";
00158 }
00159 
00160 namespace
00161 {
00162    struct InternalDataRemover
00163    {
00164       OperationContext& m_context;
00165       String m_key;
00166       InternalDataRemover(OperationContext& context, const char* key)
00167          : m_context(context)
00168          , m_key(key)
00169       {}
00170       ~InternalDataRemover() { m_context.removeData(m_key); }
00171    };
00172 }
00173 
00175 void
00176 AccessMgr::checkAccess(int op, const String& ns,
00177    OperationContext& context)
00178 {
00179    UserInfo userInfo = context.getUserInfo();
00180    if (userInfo.m_internal)
00181    {
00182       return;
00183    }
00184 
00185    const char* const ACCESS_MSG_INTERNAL_CALL = "ACCESS_MSG_INTERNAL_CALL";
00186    if (context.getStringDataWithDefault(ACCESS_MSG_INTERNAL_CALL) == "1")
00187    {
00188       return;
00189    }
00190 
00191    // now set the value so that we won't cause an infinite recursion loop
00192    context.setStringData(ACCESS_MSG_INTERNAL_CALL, "1");
00193    // and set up an object to remove it when this function returns
00194    InternalDataRemover internalDataRemover(context, ACCESS_MSG_INTERNAL_CALL);
00195 
00196 
00197    LoggerRef lgr = m_env->getLogger(COMPONENT_NAME);
00198    if (lgr->getLogLevel() == E_DEBUG_LEVEL)
00199    {
00200       OW_LOG_DEBUG(lgr, Format("Checking access to namespace: \"%1\"", ns));
00201       OW_LOG_DEBUG(lgr, Format("UserName is: \"%1\" Operation is : %2",
00202          userInfo.getUserName(), op));
00203    }
00204    String lns(ns);
00205    while (!lns.empty() && lns[0] == '/')
00206    {
00207       lns = lns.substring(1);
00208    }
00209    lns.toLowerCase();
00210    for (;;)
00211    {
00212       if (!userInfo.getUserName().empty())
00213       {
00214          String superUser =
00215             m_env->getConfigItem(ConfigOpts::ACL_SUPERUSER_opt);
00216          if (superUser.equalsIgnoreCase(userInfo.getUserName()))
00217          {
00218             OW_LOG_DEBUG(lgr, "User is SuperUser: checkAccess returning.");
00219             return;
00220          }
00221          try
00222          {
00223             CIMClass cc = m_pServer->getClass("root/security",
00224                "OpenWBEM_UserACL", E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL,
00225                context);
00226          }
00227          catch(CIMException&)
00228          {
00229             OW_LOG_DEBUG(lgr, "OpenWBEM_UserACL class non-existent in"
00230                " /root/security. ACLs disabled");
00231             return;
00232          }
00233          
00234          CIMObjectPath cop("OpenWBEM_UserACL");
00235          cop.setKeyValue("username", CIMValue(userInfo.getUserName()));
00236          cop.setKeyValue("nspace", CIMValue(lns));
00237          CIMInstance ci(CIMNULL);
00238          try
00239          {
00240             ci = m_pServer->getInstance("root/security", cop, E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL,
00241                context);
00242          }
00243          catch(const CIMException&)
00244          {
00245             ci.setNull();
00246          }
00247          if (ci)
00248          {
00249             String capability;
00250             CIMProperty capabilityProp = ci.getProperty("capability");
00251             if (capabilityProp)
00252             {
00253                CIMValue cv = capabilityProp.getValue();
00254                if (cv)
00255                {
00256                   capability = cv.toString();
00257                }
00258             }
00259             String opType = getMethodType(op);
00260             capability.toLowerCase();
00261             if (opType.length() == 1)
00262             {
00263                if (capability.indexOf(opType) == String::npos)
00264                {
00265                   OW_LOG_INFO(lgr, Format(
00266                      "ACCESS DENIED to user \"%1\" for namespace \"%2\"",
00267                      userInfo.m_userName, lns));
00268                   OW_THROWCIM(CIMException::ACCESS_DENIED);
00269                }
00270             }
00271             else
00272             {
00273                if (!capability.equals("rw") && !capability.equals("wr"))
00274                {
00275                   OW_LOG_INFO(lgr, Format(
00276                      "ACCESS DENIED to user \"%1\" for namespace \"%2\"",
00277                      userInfo.m_userName, lns));
00278                   OW_THROWCIM(CIMException::ACCESS_DENIED);
00279                }
00280             }
00281             OW_LOG_INFO(lgr, Format(
00282                "ACCESS GRANTED to user \"%1\" for namespace \"%2\"",
00283                userInfo.m_userName, lns));
00284             return;
00285          }
00286       }
00287       // use default policy for namespace
00288       try
00289       {
00290          CIMClass cc = m_pServer->getClass("root/security",
00291             "OpenWBEM_NamespaceACL", E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL,
00292             context);
00293       }
00294       catch(CIMException&)
00295       {
00296          OW_LOG_DEBUG(lgr, "OpenWBEM_NamespaceACL class non-existent in"
00297             " /root/security. namespace ACLs disabled");
00298          return;
00299       }
00300       CIMObjectPath cop("OpenWBEM_NamespaceACL");
00301       cop.setKeyValue("nspace", CIMValue(lns));
00302       CIMInstance ci(CIMNULL);
00303       try
00304       {
00305          ci = m_pServer->getInstance("root/security", cop, E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL,
00306             context);
00307       }
00308       catch(const CIMException& ce)
00309       {
00310          if (lgr->getLogLevel() == E_DEBUG_LEVEL)
00311          {
00312             OW_LOG_DEBUG(lgr, Format("Caught exception: %1 in"
00313                " AccessMgr::checkAccess", ce));
00314          }
00315          ci.setNull();
00316       }
00317    
00318       if (ci)
00319       {
00320          String capability;
00321          CIMProperty capabilityProp = ci.getProperty("capability");
00322          if (capabilityProp)
00323          {
00324             CIMValue v = capabilityProp.getValue();
00325             if (v)
00326             {
00327                capability = v.toString();
00328             }
00329          }
00330          capability.toLowerCase();
00331          String opType = getMethodType(op);
00332          if (opType.length() == 1)
00333          {
00334             if (capability.indexOf(opType) == String::npos)
00335             {
00336                OW_LOG_INFO(lgr, Format(
00337                   "ACCESS DENIED to user \"%1\" for namespace \"%2\"",
00338                   userInfo.m_userName, lns));
00339                OW_THROWCIM(CIMException::ACCESS_DENIED);
00340             }
00341          }
00342          else
00343          {
00344             if (!capability.equals("rw") && !capability.equals("wr"))
00345             {
00346                OW_LOG_INFO(lgr, Format(
00347                   "ACCESS DENIED to user \"%1\" for namespace \"%2\"",
00348                   userInfo.m_userName, lns));
00349                OW_THROWCIM(CIMException::ACCESS_DENIED);
00350             }
00351          }
00352          OW_LOG_INFO(lgr, Format(
00353             "ACCESS GRANTED to user \"%1\" for namespace \"%2\"",
00354             userInfo.m_userName, lns));
00355          return;
00356       }
00357       size_t idx = lns.lastIndexOf('/');
00358       if (idx == 0 || idx == String::npos)
00359       {
00360          break;
00361       }
00362       lns = lns.substring(0, idx);
00363    }
00364    OW_LOG_INFO(lgr, Format(
00365       "ACCESS DENIED to user \"%1\" for namespace \"%2\"",
00366       userInfo.m_userName, lns));
00367    OW_THROWCIM(CIMException::ACCESS_DENIED);
00368 }
00370 SimpleAuthorizer::SimpleAuthorizer()
00371    : AuthorizerIFC()
00372 {
00373 }
00375 SimpleAuthorizer::~SimpleAuthorizer()
00376 {
00377 }
00379 String
00380 SimpleAuthorizer::getName() const
00381 {
00382    return ServiceIFCNames::SimpleAuthorizer;
00383 }
00385 void
00386 SimpleAuthorizer::setSubRepositoryIFC(const RepositoryIFCRef& src)
00387 {
00388    m_cimRepository = src;
00389    ServiceEnvironmentIFCRef env = m_cimRepository->getEnvironment();
00390    m_accessMgr = IntrusiveReference<AccessMgr>(new AccessMgr(src));
00391    m_accessMgr->setEnv(env);
00392 }
00394 AuthorizerIFC *
00395 SimpleAuthorizer::clone() const
00396 {
00397    return new SimpleAuthorizer(*this);
00398 }
00400 void
00401 SimpleAuthorizer::open(const String& path)
00402 {
00403 }
00405 void
00406 SimpleAuthorizer::close()
00407 {
00408 }
00410 ServiceEnvironmentIFCRef
00411 SimpleAuthorizer::getEnvironment() const
00412 {
00413    return m_cimRepository->getEnvironment();
00414 }
00415 
00416 #if !defined(OW_DISABLE_INSTANCE_MANIPULATION) && !defined(OW_DISABLE_NAMESPACE_MANIPULATION)
00417 
00418 void
00419 SimpleAuthorizer::createNameSpace(const String& ns,
00420    OperationContext& context)
00421 {
00422    // Don't need to check ACLs, since this is a result of calling createInstance.
00423    m_cimRepository->createNameSpace(ns,context);
00424 }
00426 void
00427 SimpleAuthorizer::deleteNameSpace(const String& ns,
00428    OperationContext& context)
00429 {
00430    // Don't need to check ACLs, since this is a result of calling deleteInstance.
00431    m_cimRepository->deleteNameSpace(ns,context);
00432 }
00433 #endif // #if !defined(OW_DISABLE_INSTANCE_MANIPULATION) && !defined(OW_DISABLE_NAMESPACE_MANIPULATION)
00434 
00435 void
00436 SimpleAuthorizer::enumNameSpace(StringResultHandlerIFC& result,
00437    OperationContext& context)
00438 {
00439    // Don't need to check ACLs, since this is a result of calling enumInstances.
00440    m_cimRepository->enumNameSpace(result,context);
00441 }
00443 CIMQualifierType
00444 SimpleAuthorizer::getQualifierType(const String& ns,
00445    const String& qualifierName,
00446    OperationContext& context)
00447 {
00448    m_accessMgr->checkAccess(AccessMgr::GETQUALIFIER, ns, context);
00449    return m_cimRepository->getQualifierType(ns,qualifierName,context);
00450 }
00451 #ifndef OW_DISABLE_QUALIFIER_DECLARATION
00452 
00453 void
00454 SimpleAuthorizer::enumQualifierTypes(
00455    const String& ns,
00456    CIMQualifierTypeResultHandlerIFC& result,
00457    OperationContext& context)
00458 {
00459    m_accessMgr->checkAccess(AccessMgr::ENUMERATEQUALIFIERS, ns, context);
00460    m_cimRepository->enumQualifierTypes(ns,result,context);
00461 }
00463 void
00464 SimpleAuthorizer::deleteQualifierType(const String& ns, const String& qualName,
00465    OperationContext& context)
00466 {
00467    m_accessMgr->checkAccess(AccessMgr::DELETEQUALIFIER, ns, context);
00468    m_cimRepository->deleteQualifierType(ns,qualName,context);
00469 }
00471 void
00472 SimpleAuthorizer::setQualifierType(
00473    const String& ns,
00474    const CIMQualifierType& qt, OperationContext& context)
00475 {
00476    m_accessMgr->checkAccess(AccessMgr::SETQUALIFIER, ns, context);
00477    m_cimRepository->setQualifierType(ns,qt,context);
00478 }
00479 #endif // #ifndef OW_DISABLE_QUALIFIER_DECLARATION
00480 
00481 CIMClass
00482 SimpleAuthorizer::getClass(
00483    const String& ns, const String& className, ELocalOnlyFlag localOnly,
00484    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00485    const StringArray* propertyList, OperationContext& context)
00486 {
00487    // we don't check for __Namespace, so that clients can get it before they
00488    // create one.
00489    if (!className.equalsIgnoreCase("__Namespace"))
00490    {
00491       m_accessMgr->checkAccess(AccessMgr::GETCLASS, ns, context);
00492    }
00493    return m_cimRepository->getClass(ns, className, localOnly, includeQualifiers, includeClassOrigin, propertyList, context);
00494 }
00495 #ifndef OW_DISABLE_SCHEMA_MANIPULATION
00496 
00497 CIMClass
00498 SimpleAuthorizer::deleteClass(const String& ns, const String& className,
00499    OperationContext& context)
00500 {
00501    m_accessMgr->checkAccess(AccessMgr::DELETECLASS, ns, context);
00502    return m_cimRepository->deleteClass(ns,className,context);
00503 }
00505 void
00506 SimpleAuthorizer::createClass(const String& ns, const CIMClass& cimClass,
00507    OperationContext& context)
00508 {
00509    m_accessMgr->checkAccess(AccessMgr::CREATECLASS, ns, context);
00510    m_cimRepository->createClass(ns,cimClass,context);
00511 }
00513 CIMClass
00514 SimpleAuthorizer::modifyClass(
00515    const String& ns,
00516    const CIMClass& cc,
00517    OperationContext& context)
00518 {
00519    m_accessMgr->checkAccess(AccessMgr::MODIFYCLASS, ns, context);
00520    return m_cimRepository->modifyClass(ns,cc,context);
00521 }
00522 #endif // #ifndef OW_DISABLE_SCHEMA_MANIPULATION
00523 
00524 void
00525 SimpleAuthorizer::enumClasses(const String& ns,
00526       const String& className,
00527       CIMClassResultHandlerIFC& result,
00528       EDeepFlag deep, ELocalOnlyFlag localOnly, EIncludeQualifiersFlag includeQualifiers,
00529       EIncludeClassOriginFlag includeClassOrigin, OperationContext& context)
00530 {
00531    m_accessMgr->checkAccess(AccessMgr::ENUMERATECLASSES, ns, context);
00532    m_cimRepository->enumClasses(ns,className,result,deep,localOnly,
00533       includeQualifiers,includeClassOrigin,context);
00534 }
00536 void
00537 SimpleAuthorizer::enumClassNames(
00538    const String& ns,
00539    const String& className,
00540    StringResultHandlerIFC& result,
00541    EDeepFlag deep, OperationContext& context)
00542 {
00543    m_accessMgr->checkAccess(AccessMgr::ENUMERATECLASSNAMES, ns, context);
00544    m_cimRepository->enumClassNames(ns,className,result,deep,context);
00545 }
00547 void
00548 SimpleAuthorizer::enumInstanceNames(
00549    const String& ns,
00550    const String& className,
00551    CIMObjectPathResultHandlerIFC& result,
00552    EDeepFlag deep,
00553    OperationContext& context)
00554 {
00555    m_accessMgr->checkAccess(AccessMgr::ENUMERATEINSTANCENAMES, ns,
00556       context);
00557    m_cimRepository->enumInstanceNames(ns, className, result, deep, context);
00558 }
00560 void
00561 SimpleAuthorizer::enumInstances(
00562    const String& ns,
00563    const String& className,
00564    CIMInstanceResultHandlerIFC& result, EDeepFlag deep,
00565    ELocalOnlyFlag localOnly, EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00566    const StringArray* propertyList, EEnumSubclassesFlag enumSubclasses,
00567    OperationContext& context)
00568 {
00569    m_accessMgr->checkAccess(AccessMgr::ENUMERATEINSTANCES, ns, context);
00570    m_cimRepository->enumInstances(ns, className, result, deep, localOnly, includeQualifiers, includeClassOrigin, propertyList, enumSubclasses, context);
00571 }
00573 CIMInstance
00574 SimpleAuthorizer::getInstance(
00575    const String& ns,
00576    const CIMObjectPath& instanceName,
00577    ELocalOnlyFlag localOnly,
00578    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00579    const StringArray* propertyList, OperationContext& context)
00580 {
00581    m_accessMgr->checkAccess(AccessMgr::GETINSTANCE, ns, context);
00582    return m_cimRepository->getInstance(ns, instanceName, localOnly, includeQualifiers, includeClassOrigin,
00583       propertyList, context);
00584 }
00585 #ifndef OW_DISABLE_INSTANCE_MANIPULATION
00586 
00587 CIMInstance
00588 SimpleAuthorizer::deleteInstance(const String& ns, const CIMObjectPath& cop,
00589    OperationContext& context)
00590 {
00591    m_accessMgr->checkAccess(AccessMgr::DELETEINSTANCE, ns, context);
00592    return m_cimRepository->deleteInstance(ns, cop, context);
00593 }
00595 CIMObjectPath
00596 SimpleAuthorizer::createInstance(
00597    const String& ns,
00598    const CIMInstance& ci,
00599    OperationContext& context)
00600 {
00601    // Check to see if user has rights to create the instance
00602    m_accessMgr->checkAccess(AccessMgr::CREATEINSTANCE, ns, context);
00603    return m_cimRepository->createInstance(ns, ci, context);
00604 }
00606 CIMInstance
00607 SimpleAuthorizer::modifyInstance(
00608    const String& ns,
00609    const CIMInstance& modifiedInstance,
00610    EIncludeQualifiersFlag includeQualifiers,
00611    const StringArray* propertyList,
00612    OperationContext& context)
00613 {
00614    m_accessMgr->checkAccess(AccessMgr::MODIFYINSTANCE, ns, context);
00615    return m_cimRepository->modifyInstance(ns, modifiedInstance,
00616          includeQualifiers, propertyList, context);
00617 }
00618 #endif // #ifndef OW_DISABLE_INSTANCE_MANIPULATION
00619 
00620 #if !defined(OW_DISABLE_PROPERTY_OPERATIONS)
00621 
00622 CIMValue
00623 SimpleAuthorizer::getProperty(
00624    const String& ns,
00625    const CIMObjectPath& name,
00626    const String& propertyName, OperationContext& context)
00627 {
00628    // Check to see if user has rights to get the property
00629    m_accessMgr->checkAccess(AccessMgr::GETPROPERTY, ns, context);
00630    return m_cimRepository->getProperty(ns, name, propertyName, context);
00631 }
00632 #endif // #if !defined(OW_DISABLE_PROPERTY_OPERATIONS)
00633 
00634 #ifndef OW_DISABLE_INSTANCE_MANIPULATION
00635 #if !defined(OW_DISABLE_PROPERTY_OPERATIONS)
00636 
00637 void
00638 SimpleAuthorizer::setProperty(
00639    const String& ns,
00640    const CIMObjectPath& name,
00641    const String& propertyName, const CIMValue& valueArg,
00642    OperationContext& context)
00643 {
00644    m_accessMgr->checkAccess(AccessMgr::SETPROPERTY, ns, context);
00645    m_cimRepository->setProperty(ns, name, propertyName, valueArg, context);
00646 }
00647 #endif // #if !defined(OW_DISABLE_PROPERTY_OPERATIONS)
00648 
00649 #endif // #ifndef OW_DISABLE_INSTANCE_MANIPULATION
00650 
00651 CIMValue
00652 SimpleAuthorizer::invokeMethod(
00653    const String& ns,
00654    const CIMObjectPath& path,
00655    const String& methodName, const CIMParamValueArray& inParams,
00656    CIMParamValueArray& outParams, OperationContext& context)
00657 {
00658    m_accessMgr->checkAccess(AccessMgr::INVOKEMETHOD, ns, context);
00659    return m_cimRepository->invokeMethod(ns, path, methodName, inParams, outParams, context);
00660 }
00662 void
00663 SimpleAuthorizer::execQuery(
00664    const String& ns,
00665    CIMInstanceResultHandlerIFC& result,
00666    const String &query,
00667    const String& queryLanguage, OperationContext& context)
00668 {
00669    // don't check ACLs here, they'll get checked depending on what the query processor does.
00670    m_cimRepository->execQuery(ns, result, query, queryLanguage, context);
00671 }
00672 #ifndef OW_DISABLE_ASSOCIATION_TRAVERSAL
00673 
00674 void
00675 SimpleAuthorizer::associators(
00676    const String& ns,
00677    const CIMObjectPath& path,
00678    CIMInstanceResultHandlerIFC& result,
00679    const String& assocClass, const String& resultClass,
00680    const String& role, const String& resultRole,
00681    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00682    const StringArray* propertyList, OperationContext& context)
00683 {
00684    // Check to see if user has rights to get associators
00685    m_accessMgr->checkAccess(AccessMgr::ASSOCIATORS, ns, context);
00686    m_cimRepository->associators(ns, path, result, assocClass, resultClass, role, resultRole, includeQualifiers, includeClassOrigin, propertyList, context);
00687 }
00689 void
00690 SimpleAuthorizer::associatorsClasses(
00691    const String& ns,
00692    const CIMObjectPath& path,
00693    CIMClassResultHandlerIFC& result,
00694    const String& assocClass, const String& resultClass,
00695    const String& role, const String& resultRole,
00696    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00697    const StringArray* propertyList, OperationContext& context)
00698 {
00699    // Check to see if user has rights to get associators
00700    m_accessMgr->checkAccess(AccessMgr::ASSOCIATORS, ns, context);
00701    m_cimRepository->associatorsClasses(ns, path, result, assocClass, resultClass, role, resultRole, includeQualifiers, includeClassOrigin, propertyList, context);
00702 }
00704 void
00705 SimpleAuthorizer::associatorNames(
00706    const String& ns,
00707    const CIMObjectPath& path,
00708    CIMObjectPathResultHandlerIFC& result,
00709    const String& assocClass, const String& resultClass,
00710    const String& role, const String& resultRole,
00711    OperationContext& context)
00712 {
00713    // Check to see if user has rights to get associators
00714    m_accessMgr->checkAccess(AccessMgr::ASSOCIATORNAMES, ns, context);
00715    m_cimRepository->associatorNames(ns, path, result, assocClass, resultClass, role, resultRole, context);
00716 }
00718 void
00719 SimpleAuthorizer::references(
00720    const String& ns,
00721    const CIMObjectPath& path,
00722    CIMInstanceResultHandlerIFC& result,
00723    const String& resultClass, const String& role,
00724    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00725    const StringArray* propertyList, OperationContext& context)
00726 {
00727    // Check to see if user has rights to get associators
00728    m_accessMgr->checkAccess(AccessMgr::REFERENCES, ns, context);
00729    m_cimRepository->references(ns, path, result, resultClass, role, includeQualifiers, includeClassOrigin, propertyList, context);
00730 }
00732 void
00733 SimpleAuthorizer::referencesClasses(
00734    const String& ns,
00735    const CIMObjectPath& path,
00736    CIMClassResultHandlerIFC& result,
00737    const String& resultClass, const String& role,
00738    EIncludeQualifiersFlag includeQualifiers, EIncludeClassOriginFlag includeClassOrigin,
00739    const StringArray* propertyList, OperationContext& context)
00740 {
00741    // Check to see if user has rights to get associators
00742    m_accessMgr->checkAccess(AccessMgr::REFERENCES, ns, context);
00743    m_cimRepository->referencesClasses(ns, path, result, resultClass, role, includeQualifiers, includeClassOrigin, propertyList, context);
00744 }
00746 void
00747 SimpleAuthorizer::referenceNames(
00748    const String& ns,
00749    const CIMObjectPath& path,
00750    CIMObjectPathResultHandlerIFC& result,
00751    const String& resultClass, const String& role,
00752    OperationContext& context)
00753 {
00754    // Check to see if user has rights to get associators
00755    m_accessMgr->checkAccess(AccessMgr::REFERENCENAMES, ns, context);
00756    m_cimRepository->referenceNames(ns, path, result, resultClass, role, context);
00757 }
00758 #endif
00759 
00761 void
00762 SimpleAuthorizer::beginOperation(WBEMFlags::EOperationFlag op, OperationContext& context)
00763 {
00764    m_cimRepository->beginOperation(op, context);
00765 }
00766 
00768 void
00769 SimpleAuthorizer::endOperation(WBEMFlags::EOperationFlag op, OperationContext& context, WBEMFlags::EOperationResultFlag result)
00770 {
00771    m_cimRepository->endOperation(op, context, result);
00772 }
00773 
00774 
00775 } // end namespace OW_NAMESPACE
00776 
00777 
00778 OW_AUTHORIZER_FACTORY(OpenWBEM::SimpleAuthorizer, simple);
Generated on Thu Feb 9 08:48:11 2006 for openwbem by  doxygen 1.4.6