AdminSessionPrx RegistryI::createAdminSession(const string& user, const string& password, const Current& current) { assert(_reaper && _adminSessionFactory); if(!_adminVerifier) { PermissionDeniedException ex; ex.reason = "no admin permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.AdminPermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } if(user.empty()) { PermissionDeniedException ex; ex.reason = "empty user id"; throw ex; } try { string reason; if(!_adminVerifier->checkPermissions(user, password, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with admin permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } AdminSessionIPtr session = _adminSessionFactory->createSessionServant(user); Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this); if(_sessionTimeout > 0) { _reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout); } return AdminSessionPrx::uncheckedCast(proxy); }
AdminSessionPrx RegistryI::createAdminSessionFromSecureConnection(const Current& current) { assert(_reaper && _adminSessionFactory); if(!_sslAdminVerifier) { PermissionDeniedException ex; ex.reason = "no ssl admin permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.AdminSSLPermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } string userDN; Glacier2::SSLInfo info = getSSLInfo(current.con, userDN); try { string reason; if(!_sslAdminVerifier->authorize(info, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with SSL admin permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } // // We let the connection access the administrative interface. // AdminSessionIPtr session = _adminSessionFactory->createSessionServant(userDN); Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this); if(_sessionTimeout > 0) { _reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout); } return AdminSessionPrx::uncheckedCast(proxy); }
Glacier2::SessionPrx AdminSessionFactory::createGlacier2Session(const string& sessionId, const Glacier2::SessionControlPrx& ctl) { assert(_servantManager); AdminSessionIPtr session = createSessionServant(sessionId); Ice::ObjectPrx proxy = session->_register(_servantManager, 0); int timeout = 0; if(ctl) { try { if(_filters) { Ice::IdentitySeq ids; Ice::Identity queryId; queryId.category = _database->getInstanceName(); queryId.name = "Query"; ids.push_back(queryId); _servantManager->setSessionControl(session, ctl, ids); } timeout = ctl->getSessionTimeout(); } catch(const Ice::LocalException& e) { session->destroy(Ice::Current()); Ice::Warning out(_database->getTraceLevels()->logger); out << "Failed to callback Glacier2 session control object:\n" << e; Glacier2::CannotCreateSessionException ex; ex.reason = "internal server error"; throw ex; } } _reaper->add(new SessionReapable<AdminSessionI>(_database->getTraceLevels()->logger, session), timeout); return Glacier2::SessionPrx::uncheckedCast(proxy); }