AdminSessionPrx RegistryI::createAdminSession(const string& user, const string& password, const Current& current) { assert(_reaper && _adminSessionFactory); if(!_adminVerifier) { PermissionDeniedException ex; ex.reason = "no admin permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.AdminPermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } if(user.empty()) { PermissionDeniedException ex; ex.reason = "empty user id"; throw ex; } try { string reason; if(!_adminVerifier->checkPermissions(user, password, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with admin permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } AdminSessionIPtr session = _adminSessionFactory->createSessionServant(user); Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this); if(_sessionTimeout > 0) { _reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout); } return AdminSessionPrx::uncheckedCast(proxy); }
AdminSessionPrx RegistryI::createAdminSessionFromSecureConnection(const Current& current) { assert(_reaper && _adminSessionFactory); if(!_sslAdminVerifier) { PermissionDeniedException ex; ex.reason = "no ssl admin permissions verifier configured, use the property\n"; ex.reason += "`IceGrid.Registry.AdminSSLPermissionsVerifier' to configure\n"; ex.reason += "a permissions verifier."; throw ex; } string userDN; Glacier2::SSLInfo info = getSSLInfo(current.con, userDN); try { string reason; if(!_sslAdminVerifier->authorize(info, reason, current.ctx)) { PermissionDeniedException exc; exc.reason = reason; throw exc; } } catch(const LocalException& ex) { if(_traceLevels && _traceLevels->session > 0) { Trace out(_traceLevels->logger, _traceLevels->sessionCat); out << "exception while verifying password with SSL admin permission verifier:\n" << ex; } PermissionDeniedException exc; exc.reason = "internal server error"; throw exc; } // // We let the connection access the administrative interface. // AdminSessionIPtr session = _adminSessionFactory->createSessionServant(userDN); Ice::ObjectPrx proxy = session->registerWithServantLocator(_sessionServantLocator, current.con, this); if(_sessionTimeout > 0) { _reaper->add(new SessionReapable<AdminSessionI>(_traceLevels->logger, session), _sessionTimeout); } return AdminSessionPrx::uncheckedCast(proxy); }