Hello community,
here is the log from the commit of package tog-pegasus for openSUSE:Factory
checked in at Fri May 29 12:18:46 CEST 2009.
--------
--- tog-pegasus/tog-pegasus.changes 2009-05-18 09:38:06.000000000 +0200
+++ /mounts/work_src_done/STABLE/tog-pegasus/tog-pegasus.changes 2009-05-25 19:13:11.000000000 +0200
@@ -1,0 +2,11 @@
+Mon May 25 16:50:44 CEST 2009 - mhrusecky@suse.cz
+
+- repository is owned by pegasus user and daemon is running as pegasus as well
+- 'rctog-pegasus start' fixed so second run wouldn't try to run same daemon again
+
+-------------------------------------------------------------------
+Thu May 21 15:38:31 CEST 2009 - mhrusecky@suse.cz
+
+- updated to version 2.9.0
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
pegasus-2.8.0-gcc44.patch
pegasus-2.8.0.tar.bz2
pegasus-config.patch
pegasus-local-or-remote-auth.patch
New:
----
pegasus-2.9.0-config.patch
pegasus-2.9.0-defineable-user.patch
pegasus-2.9.0-gcc44.patch
pegasus-2.9.0-local-or-remote-auth.patch
pegasus-2.9.0.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ tog-pegasus.spec ++++++
--- /var/tmp/diff_new_pack.w27124/_old 2009-05-29 12:17:59.000000000 +0200
+++ /var/tmp/diff_new_pack.w27124/_new 2009-05-29 12:17:59.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package tog-pegasus (Version 2.8.0)
+# spec file for package tog-pegasus (Version 2.9.0)
#
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -19,9 +19,10 @@
Name: tog-pegasus
-BuildRequires: cim-schema e2fsprogs-devel fdupes gcc-c++ libicu-devel net-snmp-devel openslp-devel openssl openssl-devel pam-devel pwdutils python-httplib2
-Version: 2.8.0
-Release: 5
+BuildRequires: cim-schema e2fsprogs-devel fdupes gcc-c++ libicu-devel net-snmp-devel
+BuildRequires: openslp-devel openssl openssl-devel pam-devel pwdutils python-httplib2
+Version: 2.9.0
+Release: 1
#
Summary: OpenPegasus WBEM Services for Linux
Group: System/Management
@@ -48,14 +49,16 @@
Source15: tog-pegasus.pc
#
Patch1: pegasus-pam-wbem.patch
-Patch2: pegasus-config.patch
+Patch2: pegasus-2.9.0-config.patch
Patch3: pegasus-no-strip.patch
-Patch5: pegasus-local-or-remote-auth.patch
+Patch5: pegasus-2.9.0-local-or-remote-auth.patch
Patch11: pegasus-2.7.0-strncat.patch
Patch12: pegasus-2.8.0-notests.patch
-# PATH-FIX-UPSTREAM pegasus-2.8.0-gcc44.patch [ upstream#8496 ] mhrusecky@suse.cz -- Fixed problematic elif - fixes compilation with gcc44
+# PATCH-FIX-UPSTREAM pegasus-2.9.0-gcc44.patch [ upstream#8496 ] mhrusecky@suse.cz -- Fixed problematic elif - fixes compilation with gcc44
# http://bugzilla.openpegasus.org/show_bug.cgi?id=8496
-Patch13: pegasus-2.8.0-gcc44.patch
+Patch13: pegasus-2.9.0-gcc44.patch
+# PATCH-FEATURE-SUSE pegasus-2.9.0-defineable-user.patch [] mhrusecky@suse.cz -- possibility to use other user then cimsrv
+Patch14: pegasus-2.9.0-defineable-user.patch
#
Provides: tog-pegasus-cimserver
Provides: cim-server
@@ -67,7 +70,10 @@
PreReq: python-pywbem >= 0.6.20080201.1
PreReq: cim-schema >= 2.17
# due to bug in python package (bnc#427987)
+# Should be fixed in 11.2
+%if 0%{?suse_version} < 1120 && 0%{?suse_version} > 0
PreReq: python-devel
+%endif
Requires: bash, sed, grep, coreutils, procps, openssl >= 0.9.6, pam
Requires: bind-utils, net-tools
Obsoletes: pegasus-wbem
@@ -91,6 +97,7 @@
Summary: OpenPegasus WBEM Services for Linux
Group: System/Management
Obsoletes: tog-pegasus-sdk
+Provides: tog-pegasus-sdk
Conflicts: sblim-cmpi-devel
Requires: tog-pegasus >= %{version}
Requires: gcc-c++
@@ -135,12 +142,13 @@
%prep
%setup -q -n pegasus
%patch1
-%patch2 -b .pegasus-config.patch
+%patch2
%patch3
%patch5
%patch11
%patch12 -b .pegasus-2.8.0-notests.patch
%patch13
+%patch14
%build
cp -fp %_sourcedir/README.SUSE.Security doc
@@ -170,7 +178,7 @@
export PEGASUS_PLATFORM=$PEGASUS_PLATFORM
export PEGASUS_ROOT=`pwd`
export PEGASUS_HOME=\$PEGASUS_ROOT/_build
-export PEGASUS_EXTRA_C_FLAGS="%optflags -Wno-unused"
+export PEGASUS_EXTRA_C_FLAGS="%optflags -Wno-unused -fno-strict-aliasing"
export PEGASUS_EXTRA_CXX_FLAGS=\$PEGASUS_EXTRA_C_FLAGS
export PEGASUS_STAGING_DIR=%buildroot
export PEGASUS_ARCH_LIB=%_lib
@@ -180,12 +188,13 @@
export PEGASUS_BUILD_TEST_RPM=1
export PEGASUS_ENABLE_MAKE_INSTALL=yes
export PEGASUS_SKIP_MOST_TEST_DIRS=true
+export PEGASUS_CIMSERVERMAIN_USER=pegasus
EOF
. rpm-env
# vvv remove this when #337901 / gcc.gnu.org/PR31081 gets fixed
-mv src/Pegasus/Client/tests/DeleteNamespace/DeleteNamespace.cpp{,.disabled}
-echo -e '#include \nint main() { puts("test disabled"); return 0; }' \
-> src/Pegasus/Client/tests/DeleteNamespace/DeleteNamespace.cpp
+# mv src/Pegasus/Client/tests/DeleteNamespace/DeleteNamespace.cpp{,.disabled}
+# echo -e '#include \nint main() { puts("test disabled"); return 0; }' \
+# > src/Pegasus/Client/tests/DeleteNamespace/DeleteNamespace.cpp
# ^^^
make -f Makefile.Release create_ProductVersionFile
make -f Makefile.Release create_CommonProductDirectoriesInclude
@@ -242,7 +251,12 @@
# Create pkg-config file
install -d %{buildroot}/usr/%_lib/pkgconfig
sed -e "s,@VERSION@,%{version}," %{S:15} > %{buildroot}/usr/%_lib/pkgconfig/%{name}.pc
+# Final cleanups
%fdupes -s $RPM_BUILD_ROOT/usr/bin
+%fdupes -s $RPM_BUILD_ROOT/usr/share/Pegasus/samples
+rm -f $RPM_BUILD_ROOT/usr/share/Pegasus/samples/{lib,obj,lib}/target
+chmod a-x $RPM_BUILD_ROOT/usr/share/Pegasus/mof/Pegasus/* \
+ $RPM_BUILD_ROOT/etc/Pegasus/cimserver_planned.conf
### end of %install
%clean
@@ -255,10 +269,6 @@
/usr/sbin/groupadd -r pegasus >/dev/null 2>&1 || :
/usr/sbin/useradd -r -g pegasus -s /sbin/nologin -d /var/lib/Pegasus \
-c "tog-pegasus OpenPegasus WBEM/CIM services" pegasus >/dev/null 2>&1 || :
-/usr/sbin/groupadd -r cimsrvr >/dev/null 2>&1 || :
-/usr/sbin/useradd -r -g cimsrvr -s /sbin/nologin \
- -d /var/lib/Pegasus -c "tog-pegasus OpenPegasus WBEM/CIM services" \
- cimsrvr >/dev/null 2>&1 || :
# upgrade the repository on package update
if test -e %curr_repo; then
if test -x /etc/init.d/tog-pegasus && /etc/init.d/tog-pegasus status>/dev/null
@@ -311,7 +321,7 @@
if test -d %prev_repo; then
echo "running repupgrade to upgrade repository" >&2
/usr/sbin/repupgrade
- chown -R cimsrvr.cimsrvr %curr_repo
+ chown -R pegasus.pegasus %curr_repo
rm -rf %prev_repo
fi
if test -e %restart_flag; then
@@ -356,9 +366,9 @@
/var/lib/Pegasus/cache
%dir /var/lib/Pegasus/log
%attr(0600,root,root) /var/lib/Pegasus/log/install.log
-%dir %attr(0700,cimsrvr,cimsrvr) /var/lib/Pegasus/repository
-%attr(-,cimsrvr,cimsrvr) /var/lib/Pegasus/repository/*
-%attr(755,cimsrvr,cimsrvr) /var/run/tog-pegasus
+%dir %attr(0700,pegasus,pegasus) /var/lib/Pegasus/repository
+%attr(-,pegasus,pegasus) /var/lib/Pegasus/repository/*
+%attr(755,pegasus,pegasus) /var/run/tog-pegasus
%dir /usr/share/Pegasus
/usr/share/Pegasus/mof
%doc /usr/share/man/man[18]/*
@@ -379,6 +389,11 @@
# automatically updated from it in the binary RPMS
%changelog
+* Mon May 25 2009 mhrusecky@suse.cz
+- repository is owned by pegasus user and daemon is running as pegasus as well
+- 'rctog-pegasus start' fixed so second run wouldn't try to run same daemon again
+* Thu May 21 2009 mhrusecky@suse.cz
+- updated to version 2.9.0
* Mon May 18 2009 mhrusecky@suse.cz
- fixed build in Factory
* Tue May 12 2009 mhrusecky@suse.cz
++++++ cimserver_planned.conf ++++++
--- /var/tmp/diff_new_pack.w27124/_old 2009-05-29 12:17:59.000000000 +0200
+++ /var/tmp/diff_new_pack.w27124/_new 2009-05-29 12:17:59.000000000 +0200
@@ -284,16 +284,6 @@
repositoryDir=/var/lib/Pegasus/repository
##############################################################################
-# slp
-# Description: When set to true, OpenPegasus activates an SLP
-# SA and issues DMTF defined SLP advertisements to this SA on
-# startup.
-# Default Value: false
-# Dynamic: No
-##############################################################################
-slp=false
-
-##############################################################################
# socketWriteTimeout
# Description: If the CIM Server receives an EWOULDBLOCK/EAGAIN
# error on a non-blocking write, socketWriteTimeout defines the
++++++ pegasus-2.9.0-config.patch ++++++
Index: src/Clients/repupgrade/RepositoryUpgrade.cpp
===================================================================
--- src/Clients/repupgrade/RepositoryUpgrade.cpp.orig
+++ src/Clients/repupgrade/RepositoryUpgrade.cpp
@@ -291,10 +291,10 @@ const char* RepositoryUpgrade::_ALL = "a
const String NEW_REPOSITORY_PATH = "/wbem_var/opt/wbem/repository";
const String RepositoryUpgrade::_LOG_PATH = "/wbem_var/opt/wbem/upgrade";
# elif defined(PEGASUS_OS_LINUX)
- const String OLD_REPOSITORY_PATH = "/var/opt/tog-pegasus/prev_repository";
- const String NEW_REPOSITORY_PATH = "/var/opt/tog-pegasus/repository";
+ const String OLD_REPOSITORY_PATH = "/var/lib/Pegasus/prev_repository";
+ const String NEW_REPOSITORY_PATH = "/var/lib/Pegasus/repository";
const String RepositoryUpgrade::_LOG_PATH =
- "/var/opt/tog-pegasus/log/upgrade";
+ "/var/lib/Pegasus/log/install.log";
# else
# undef REPUPGRADE_USE_RELEASE_DIRS
const String RepositoryUpgrade::_LOG_PATH = "./";
++++++ pegasus-2.9.0-defineable-user.patch ++++++
Index: mak/config.mak
===================================================================
--- mak/config.mak.orig
+++ mak/config.mak
@@ -1317,7 +1317,9 @@ ifdef PEGASUS_ENABLE_PRIVILEGE_SEPARATIO
## Defines the user context of the cimservermain process when privilege
## separation is enabled.
- PEGASUS_CIMSERVERMAIN_USER = cimsrvr
+ ifndef PEGASUS_CIMSERVERMAIN_USER
+ PEGASUS_CIMSERVERMAIN_USER = cimsrvr
+ endif
DEFINES += -DPEGASUS_CIMSERVERMAIN_USER=\"$(PEGASUS_CIMSERVERMAIN_USER)\"
endif
++++++ pegasus-2.8.0-gcc44.patch -> pegasus-2.9.0-gcc44.patch ++++++
--- tog-pegasus/pegasus-2.8.0-gcc44.patch 2009-05-18 14:38:41.000000000 +0200
+++ /mounts/work_src_done/STABLE/tog-pegasus/pegasus-2.9.0-gcc44.patch 2009-05-26 11:29:55.000000000 +0200
@@ -2,18 +2,12 @@
===================================================================
--- src/Pegasus/Provider/CMPI/CmpiImpl.cpp.orig
+++ src/Pegasus/Provider/CMPI/CmpiImpl.cpp
-@@ -3240,11 +3240,13 @@ CmpiBooleanData CmpiFalse(false);
+@@ -3238,7 +3238,7 @@ CmpiBooleanData CmpiFalse(false);
#ifdef CMPI_VER_200
static CMPIBroker __providerBaseBroker = {0,0,0,0,0};
-#elif CMPI_VER_100
-+#else
-+#ifdef CMPI_VER_100
++#elif defined(CMPI_VER_100)
static CMPIBroker __providerBaseBroker = {0,0,0,0};
#else
static CMPIBroker __providerBaseBroker = {0,0,0};
- #endif
-+#endif
-
- CmpiProviderBase::CmpiProviderBase()
- {
++++++ pegasus-2.9.0-local-or-remote-auth.patch ++++++
Index: src/Executor/Messages.h
===================================================================
--- src/Executor/Messages.h.orig
+++ src/Executor/Messages.h
@@ -198,6 +198,7 @@ struct ExecutorAuthenticatePasswordReque
{
char username[EXECUTOR_BUFFER_SIZE];
char password[EXECUTOR_BUFFER_SIZE];
+ int isRemoteUser;
};
struct ExecutorAuthenticatePasswordResponse
Index: src/Executor/PAMAuth.h
===================================================================
--- src/Executor/PAMAuth.h.orig
+++ src/Executor/PAMAuth.h
@@ -43,6 +43,7 @@
#include
#include
#include
+#include
#include
#include
#include
@@ -393,35 +394,66 @@ static int PAMValidateUserCallback(
*/
static int PAMAuthenticateInProcess(
- const char* username, const char* password)
+ const char* username, const char* password, int isRemoteUser)
{
PAMData data;
struct pam_conv pconv;
- pam_handle_t* handle;
+ pam_handle_t* phandle;
+ int retcode;
+ const char *pam_tty_val = isRemoteUser ? "wbemNetwork" : "wbemLocal";
data.password = password;
pconv.conv = PAMAuthenticateCallback;
pconv.appdata_ptr = &data;
- if (pam_start("wbem", username, &pconv, &handle) != PAM_SUCCESS)
- return -1;
+ // NOTE: if any pam call should log anything, our syslog socket will
+ // be redirected to the AUTH facility, so we need to redirect it
+ // back after each pam call.
- if (pam_authenticate(handle, 0) != PAM_SUCCESS)
+ if ((retcode = pam_start("wbem", username, &pconv, &phandle)) != PAM_SUCCESS)
{
- pam_end(handle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_start failed: %s", pam_strerror(phandle, retcode));
return -1;
}
-
- if (pam_acct_mgmt(handle, 0) != PAM_SUCCESS)
+ if ((retcode = pam_set_item(phandle, PAM_TTY, pam_tty_val)) != PAM_SUCCESS )
{
- pam_end(handle, 0);
+ pam_end(phandle, 0);
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_set_item(PAM_TTY=%s) failed: %s", pam_tty_val,
+ pam_strerror(phandle, retcode));
return -1;
}
- pam_end(handle, 0);
+ if ((retcode = pam_authenticate(phandle, 0)) != PAM_SUCCESS)
+ {
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_authenticate failed: %s",
+ pam_strerror(phandle, retcode));
+ goto auth_failed;
+ }
+
+ if (pam_acct_mgmt(phandle, 0) != PAM_SUCCESS)
+ {
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_acct_mgmt failed: %s",
+ pam_strerror(phandle, retcode));
+ goto auth_failed;
+ }
+ pam_end(phandle, 0);
return 0;
+
+auth_failed:
+ pam_end(phandle, 0);
+ syslog(LOG_ERR, "PAM authentication failed for %s user: %s",
+ isRemoteUser ? "remote" : "local", username);
+ return -1;
}
/*
@@ -439,15 +471,23 @@ static int PAMValidateUserInProcess(cons
PAMData data;
struct pam_conv pconv;
pam_handle_t* phandle;
+ int retcode;
pconv.conv = PAMValidateUserCallback;
pconv.appdata_ptr = &data;
- if (pam_start("wbem", username, &pconv, &phandle) != PAM_SUCCESS)
+ if ((retcode = pam_start("wbem", username, &pconv, &phandle)) != PAM_SUCCESS)
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_start failed: %s", pam_strerror(phandle, retcode));
return -1;
- if (pam_acct_mgmt(phandle, 0) != PAM_SUCCESS)
+ if ((retcode = pam_acct_mgmt(phandle, 0)) != PAM_SUCCESS)
{
+ closelog();
+ openlog("cimserver", LOG_PID, LOG_DAEMON);
+ syslog(LOG_ERR, "pam_acct_mgmt failed: %s",
+ pam_strerror(phandle, retcode));
pam_end(phandle, 0);
return -1;
}
@@ -467,12 +507,13 @@ static int PAMValidateUserInProcess(cons
**==============================================================================
*/
-static int PAMAuthenticate(const char* username, const char* password)
+static int PAMAuthenticate(const char* username, const char* password,
+ int isRemoteUser)
{
#ifdef PEGASUS_USE_PAM_STANDALONE_PROC
return CimserveraProcessOperation("authenticate", username, password);
#else
- return PAMAuthenticateInProcess(username, password);
+ return PAMAuthenticateInProcess(username, password, isRemoteUser);
#endif
}
Index: src/Executor/Parent.c
===================================================================
--- src/Executor/Parent.c.orig
+++ src/Executor/Parent.c
@@ -623,7 +623,8 @@ static void HandleAuthenticatePasswordRe
#if defined(PEGASUS_PAM_AUTHENTICATION)
- if (PAMAuthenticate(request.username, request.password) != 0)
+ if (PAMAuthenticate(request.username, request.password,
+ request.isRemoteUser) != 0)
{
status = -1;
break;
Index: src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c
===================================================================
--- src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c.orig
+++ src/Executor/tests/PAMAuth/TestExecutorPAMAuth.c
@@ -49,7 +49,7 @@ int main()
sprintf(prompt, "Enter password for %s: ", PEGASUS_CIMSERVERMAIN_USER);
pw = getpass(prompt);
- if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw) == 0)
+ if (PAMAuthenticate(PEGASUS_CIMSERVERMAIN_USER, pw, 0) == 0)
printf("Correct password\n");
else
printf("Wrong password\n");
Index: src/Pegasus/Common/AuthenticationInfo.h
===================================================================
--- src/Pegasus/Common/AuthenticationInfo.h.orig
+++ src/Pegasus/Common/AuthenticationInfo.h
@@ -354,6 +354,22 @@ public:
return _rep->getRemotePrivilegedUserAccessChecked();
}
+ /** Indicate whether the user is Remote
+ */
+ Boolean isRemoteUser() const
+ {
+ CheckRep(_rep);
+ return _rep->isRemoteUser();
+ }
+
+ /** Set the Remote User flag
+ */
+ void setRemoteUser(Boolean remoteUser)
+ {
+ CheckRep(_rep);
+ _rep->setRemoteUser(remoteUser);
+ }
+
private:
AuthenticationInfo(AuthenticationInfoRep* rep) : _rep(rep)
Index: src/Pegasus/Common/AuthenticationInfoRep.cpp
===================================================================
--- src/Pegasus/Common/AuthenticationInfoRep.cpp.orig
+++ src/Pegasus/Common/AuthenticationInfoRep.cpp
@@ -44,7 +44,8 @@ const String AuthenticationInfoRep::AUTH
AuthenticationInfoRep::AuthenticationInfoRep(Boolean flag)
: _connectionAuthenticated(false),
- _wasRemotePrivilegedUserAccessChecked(false)
+ _wasRemotePrivilegedUserAccessChecked(false),
+ _remoteUser(true)
{
PEG_METHOD_ENTER(
TRC_AUTHENTICATION, "AuthenticationInfoRep::AuthenticationInfoRep");
@@ -166,5 +167,15 @@ void AuthenticationInfoRep::setClientCer
PEG_METHOD_EXIT();
}
+
+void AuthenticationInfoRep::setRemoteUser(Boolean remoteUser)
+{
+ PEG_METHOD_ENTER(TRC_AUTHENTICATION,
+ "AuthenticationInfoRep::setRemoteUser");
+
+ _remoteUser = remoteUser;
+
+ PEG_METHOD_EXIT();
+}
PEGASUS_NAMESPACE_END
Index: src/Pegasus/Common/AuthenticationInfoRep.h
===================================================================
--- src/Pegasus/Common/AuthenticationInfoRep.h.orig
+++ src/Pegasus/Common/AuthenticationInfoRep.h
@@ -165,6 +165,13 @@ public:
return _wasRemotePrivilegedUserAccessChecked;
}
+ Boolean isRemoteUser() const
+ {
+ return _remoteUser;
+ }
+
+ void setRemoteUser(Boolean remoteUser);
+
private:
/** Constructors */
@@ -190,6 +197,7 @@ private:
Boolean _wasRemotePrivilegedUserAccessChecked;
Array _clientCertificate;
+ Boolean _remoteUser;
};
PEGASUS_NAMESPACE_END
Index: src/Pegasus/Common/Executor.cpp
===================================================================
--- src/Pegasus/Common/Executor.cpp.orig
+++ src/Pegasus/Common/Executor.cpp
@@ -125,7 +125,8 @@ public:
virtual int authenticatePassword(
const char* username,
- const char* password) = 0;
+ const char* password,
+ Boolean isRemoteUser) = 0;
virtual int validateUser(
const char* username) = 0;
@@ -555,10 +556,11 @@ public:
virtual int authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
#if defined(PEGASUS_PAM_AUTHENTICATION)
- return PAMAuthenticate(username, password);
+ return PAMAuthenticate(username, password, isRemoteUser);
#else
// ATTN: not handled so don't call in this case.
return -1;
@@ -897,7 +899,8 @@ public:
virtual int authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
AutoMutex autoMutex(_mutex);
@@ -915,6 +918,7 @@ public:
memset(&request, 0, sizeof(request));
Strlcpy(request.username, username, EXECUTOR_BUFFER_SIZE);
Strlcpy(request.password, password, EXECUTOR_BUFFER_SIZE);
+ request.isRemoteUser = isRemoteUser;
if (SendBlock(_sock, &request, sizeof(request)) != sizeof(request))
return -1;
@@ -1165,10 +1169,11 @@ int Executor::reapProviderAgent(
int Executor::authenticatePassword(
const char* username,
- const char* password)
+ const char* password,
+ Boolean isRemoteUser)
{
once(&_executorImplOnce, _initExecutorImpl);
- return _executorImpl->authenticatePassword(username, password);
+ return _executorImpl->authenticatePassword(username, password, isRemoteUser);
}
int Executor::validateUser(
Index: src/Pegasus/Common/Executor.h
===================================================================
--- src/Pegasus/Common/Executor.h.orig
+++ src/Pegasus/Common/Executor.h
@@ -183,7 +183,8 @@ public:
*/
static int authenticatePassword(
const char* username,
- const char* password);
+ const char* password,
+ Boolean isRemoteUser);
/** Check whether the given user is valid for the underlying authentcation
mechanism.
Index: src/Pegasus/Common/HTTPConnection.cpp
===================================================================
--- src/Pegasus/Common/HTTPConnection.cpp.orig
+++ src/Pegasus/Common/HTTPConnection.cpp
@@ -2151,6 +2151,50 @@ void HTTPConnection::_handleReadEvent()
_incomingBuffer).get()));
}
+ // Allow authenticators to differentiate Remote and Local users:
+ struct sockaddr_in6 sin_peer, sin_svr;
+ socklen_t slen1=sizeof(sin_peer), slen2=sizeof(sin_svr);
+ uint32_t sock = _socket.get()->getSocket() ;
+ memset(&sin_peer,'\0',slen1);
+ memset(&sin_svr, '\0',slen2);
+ if (::getpeername( sock, (struct sockaddr*)&sin_peer, &slen1) == 0 ||
+ ::getsockname( sock, (struct sockaddr*)&sin_svr, &slen2) == 0)
+ {
+ if (sin_peer.sin6_family == AF_INET)
+ {
+ struct sockaddr_in sin;
+ memcpy(&sin, &sin_peer, sizeof(sin));
+ if ((ntohl(sin.sin_addr.s_addr) >> 24) & 0xff == 127)
+ // message was sent FROM localhost interface
+ message->fromRemoteHost = false;
+ }
+ if (sin_svr.sin6_family == AF_INET)
+ {
+ struct sockaddr_in sin;
+ memcpy(&sin, &sin_svr, sizeof(sin));
+ if ((ntohl( sin.sin_addr.s_addr) >> 24) & 0xff == 127)
+ // message was sent TO localhost interface
+ message->fromRemoteHost = false;
+ }
+ if (sin_peer.sin6_family == AF_INET6)
+ {
+ // ::ffff:127.x.x.x
+ static char ipv4_localhost[] =
+ {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 255, 255, 127};
+ if (memcmp(&sin_peer.sin6_addr, ipv4_localhost,
+ sizeof(ipv4_localhost)) == 0)
+ {
+ message->fromRemoteHost = false;
+ }
+ // ::1
+ if (memcmp(&sin_peer.sin6_addr, &in6addr_loopback,
+ sizeof(struct in6_addr)) == 0)
+ {
+ message->fromRemoteHost = false;
+ }
+ }
+ }
+
//
// increment request count
//
Index: src/Pegasus/Common/HTTPMessage.cpp
===================================================================
--- src/Pegasus/Common/HTTPMessage.cpp.orig
+++ src/Pegasus/Common/HTTPMessage.cpp
@@ -133,7 +133,8 @@ HTTPMessage::HTTPMessage(
queueId(queueId_),
authInfo(0),
acceptLanguagesDecoded(false),
- contentLanguagesDecoded(false)
+ contentLanguagesDecoded(false),
+ fromRemoteHost(true)
{
if (cimException_)
cimException = *cimException_;
Index: src/Pegasus/Common/HTTPMessage.h
===================================================================
--- src/Pegasus/Common/HTTPMessage.h.orig
+++ src/Pegasus/Common/HTTPMessage.h
@@ -73,6 +73,7 @@ public:
ContentLanguageList contentLanguages;
Boolean acceptLanguagesDecoded;
Boolean contentLanguagesDecoded;
+ Boolean fromRemoteHost;
CIMException cimException;
void parse(
Index: src/Pegasus/Common/tests/Executor/TestExecutor.cpp
===================================================================
--- src/Pegasus/Common/tests/Executor/TestExecutor.cpp.orig
+++ src/Pegasus/Common/tests/Executor/TestExecutor.cpp
@@ -76,7 +76,7 @@ void testExecutorLoopbackImpl()
#endif
PEGASUS_TEST_ASSERT(Executor::authenticatePassword(
- "xnonexistentuserx", "wrongpassword") == -1);
+ "xnonexistentuserx", "wrongpassword", 0) == -1);
PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1);
char challengeFilePath[EXECUTOR_BUFFER_SIZE];
@@ -115,7 +115,7 @@ void testExecutorSocketImpl()
PEGASUS_TEST_ASSERT(Executor::reapProviderAgent(123) == 0);
PEGASUS_TEST_ASSERT(Executor::authenticatePassword(
- "xnonexistentuserx", "wrongpassword") == -1);
+ "xnonexistentuserx", "wrongpassword", 0) == -1);
PEGASUS_TEST_ASSERT(Executor::validateUser("xnonexistentuserx") == -1);
char challengeFilePath[EXECUTOR_BUFFER_SIZE];
Index: src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
===================================================================
--- src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp.orig
+++ src/Pegasus/Security/Authentication/BasicAuthenticationHandler.cpp
@@ -152,7 +152,8 @@ Boolean BasicAuthenticationHandler::auth
}
authInfo->setRemotePrivilegedUserAccessChecked();
- authenticated = _basicAuthenticator->authenticate(userName, password);
+ authenticated = _basicAuthenticator->authenticate(userName, password,
+ authInfo->isRemoteUser());
// Log audit message.
PEG_AUDIT_LOG(logBasicAuthentication(
Index: src/Pegasus/Security/Authentication/BasicAuthenticator.h
===================================================================
--- src/Pegasus/Security/Authentication/BasicAuthenticator.h.orig
+++ src/Pegasus/Security/Authentication/BasicAuthenticator.h
@@ -65,7 +65,8 @@ public:
*/
virtual Boolean authenticate(
const String& userName,
- const String& password) = 0;
+ const String& password,
+ Boolean isRemoteUser) = 0;
/** Construct and return the HTTP Basic authentication challenge header
@return A string containing the authentication challenge header.
Index: src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
===================================================================
--- src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h.orig
+++ src/Pegasus/Security/Authentication/PAMBasicAuthenticator.h
@@ -53,7 +53,8 @@ public:
Boolean authenticate(
const String& userName,
- const String& password);
+ const String& password,
+ Boolean isRemoteUser);
Boolean validateUser(const String& userName);
Index: src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
===================================================================
--- src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp.orig
+++ src/Pegasus/Security/Authentication/PAMBasicAuthenticatorStub.cpp
@@ -73,7 +73,8 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
Boolean PAMBasicAuthenticator::authenticate(
const String& userName,
- const String& password)
+ const String& password,
+ Boolean isRemoteUser)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::authenticate()");
Index: src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
===================================================================
--- src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp.orig
+++ src/Pegasus/Security/Authentication/PAMBasicAuthenticatorUnix.cpp
@@ -64,13 +64,14 @@ PAMBasicAuthenticator::~PAMBasicAuthenti
Boolean PAMBasicAuthenticator::authenticate(
const String& userName,
- const String& password)
+ const String& password,
+ Boolean isRemoteUser)
{
PEG_METHOD_ENTER(TRC_AUTHENTICATION,
"PAMBasicAuthenticator::authenticate()");
if (Executor::authenticatePassword(
- userName.getCString(), password.getCString()) != 0)
+ userName.getCString(), password.getCString(), isRemoteUser) != 0)
{
return false;
}
Index: src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp
===================================================================
--- src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp.orig
+++ src/Pegasus/Security/Authentication/SecureBasicAuthenticator.cpp
@@ -236,7 +236,7 @@ Boolean SecureBasicAuthenticator::authen
if (Executor::detectExecutor() == 0)
{
if (Executor::authenticatePassword(
- userName.getCString(), password.getCString()) == 0)
+ userName.getCString(), password.getCString(), 0) == 0)
{
authenticated = true;
}
Index: src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
===================================================================
--- src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp.orig
+++ src/Pegasus/Server/HTTPAuthenticatorDelegator.cpp
@@ -421,6 +421,9 @@ void HTTPAuthenticatorDelegator::handleH
Tracer::LEVEL3,
"HTTPAuthenticatorDelegator - Authentication processing start");
+ // Let Authenticators know whether this user is Local or Remote:
+ httpMessage->authInfo->setRemoteUser( httpMessage->fromRemoteHost );
+
//
// Handle authentication:
//
++++++ pegasus-2.8.0.tar.bz2 -> pegasus-2.9.0.tar.bz2 ++++++
++++ 447870 lines of diff (skipped)
++++++ pegasus.init ++++++
--- /var/tmp/diff_new_pack.w27124/_old 2009-05-29 12:18:21.000000000 +0200
+++ /var/tmp/diff_new_pack.w27124/_new 2009-05-29 12:18:21.000000000 +0200
@@ -50,7 +50,7 @@
rc_status -v
fi;
fi;
- /usr/sbin/cimserver > /dev/null 2>&1
+ checkproc /usr/sbin/cimserver || /usr/sbin/cimserver > /dev/null 2>&1
rc_status -v
;;
stop)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org