int main () { try { Connection connection("hostname", 22, true); // connection.setCredentials("", ""); // connection.setKeyPath(""); UserInfo ui = connection.getUserInfo(); cout << "User infos:\n" << " login: "******" home: " << ui.getHomeDir() << endl << " shell: " << ui.getUserShell() << endl; connection.mkConnection(); if (connection.isSessionValid()) cout << "Connection OK" << endl; connection >> "whoami" >> "id" >> "echo 'test' > msg" >> "cat msg"; string received_out = connection.getLastOutput(); cout << "Received output: " << endl << received_out << endl; } catch (Exception & e) { cout << "Exception caught: " << e.what() << endl; } return 0; }
bool SimpleAuthorizer2::checkAccess(const String& opType, const String& ns, const ServiceEnvironmentIFCRef& env, OperationContext& context) { OW_ASSERT(opType == ACCESS_READ || opType == ACCESS_WRITE || opType == ACCESS_READWRITE); UserInfo userInfo = context.getUserInfo(); if (userInfo.getInternal()) { return true; } CIMOMHandleIFCRef lch = env->getCIMOMHandle(context, ServiceEnvironmentIFC::E_USE_PROVIDERS); LoggerRef lgr = env->getLogger(COMPONENT_NAME); if (!userInfo.getUserName().empty()) { String superUser = env->getConfigItem(ConfigOpts::ACL_SUPERUSER_opt); if (superUser.equalsIgnoreCase(userInfo.getUserName())) { OW_LOG_DEBUG(lgr, "User is SuperUser: checkAccess returning."); return true; } } String lns(ns); while (lns.startsWith('/')) { lns = lns.substring(1); } lns.toLowerCase(); for (;;) { if (!userInfo.getUserName().empty()) { try { CIMClass cc = lch->getClass("root/security", "OpenWBEM_UserACL", E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL); } catch(CIMException&) { OW_LOG_DEBUG(lgr, "OpenWBEM_UserACL class non-existent in" " /root/security. ACLs disabled"); return true; } CIMObjectPath cop("OpenWBEM_UserACL"); cop.setKeyValue("username", CIMValue(userInfo.getUserName())); cop.setKeyValue("nspace", CIMValue(lns)); CIMInstance ci(CIMNULL); try { ci = lch->getInstance("root/security", cop, E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL); } catch(const CIMException&) { ci.setNull(); } if (ci) { String capability; CIMProperty capabilityProp = ci.getProperty("capability"); if (capabilityProp) { CIMValue cv = capabilityProp.getValue(); if (cv) { capability = cv.toString(); } } capability.toLowerCase(); if (opType.length() == 1) { if (capability.indexOf(opType) == String::npos) { // Access to namespace denied for user OW_THROWCIM(CIMException::ACCESS_DENIED); } } else { if (!capability.equals("rw") && !capability.equals("wr")) { // Access to namespace denied for user OW_THROWCIM(CIMException::ACCESS_DENIED); } } // Access to namespace granted for user return true; } } // use default policy for namespace try { CIMClass cc = lch->getClass("root/security", "OpenWBEM_NamespaceACL", E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL); } catch(CIMException&) { // OpenWBEM_NamespaceACL class non-existent in /root/security. // namespace ACLs disabled return true; } CIMObjectPath cop("OpenWBEM_NamespaceACL"); cop.setKeyValue("nspace", CIMValue(lns)); CIMInstance ci(CIMNULL); try { ci = lch->getInstance("root/security", cop, E_NOT_LOCAL_ONLY, E_INCLUDE_QUALIFIERS, E_INCLUDE_CLASS_ORIGIN, NULL); } catch(const CIMException& ce) { OW_LOG_DEBUG(lgr, Format("Caught exception: %1 in" " AccessMgr::checkAccess. line=%2", ce, __LINE__)); ci.setNull(); } if (ci) { String capability; CIMProperty capabilityProp = ci.getProperty("capability"); if (capabilityProp) { CIMValue v = capabilityProp.getValue(); if (v) { capability = v.toString(); } } capability.toLowerCase(); if (opType.length() == 1) { if (capability.indexOf(opType) == String::npos) { // Access namespace denied for user OW_THROWCIM(CIMException::ACCESS_DENIED); } } else { if (!capability.equals("rw") && !capability.equals("wr")) { // Access to namespace denied for user OW_THROWCIM(CIMException::ACCESS_DENIED); } } // Access to namespace granted for user return true; } size_t idx = lns.lastIndexOf('/'); if (idx == 0 || idx == String::npos) { break; } lns = lns.substring(0, idx); } // Access to namespace denied for user OW_THROWCIM(CIMException::ACCESS_DENIED); return false; }