#define SocketzOS_inline_h
#include <Pegasus/Common/Logger.h>
+#ifdef PEGASUS_ZOS_SECURITY
+// This include file will not be provided in the OpenGroup CVS for now.
+// Do NOT try to include it in your compile
+#include <Pegasus/Common/safCheckzOS_inline.h>
+#endif
#include <Pegasus/Common/AuditLogger.h>
#include <sys/ioctl.h>
#include <net/rtrouteh.h>
PEG_TRACE((TRC_SSL, Tracer::LEVEL2,
"---> ATTLS Security Type is SAFCHK. Resolved user ID \'%s\'",
_username));
+
+ // Check if the user is authorized to CIMSERV
+#ifdef PEGASUS_ZOS_SECURITY
+ if ( !CheckProfileCIMSERVclassWBEM(_username, __READ_RESOURCE) )
+ {
+ Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME,
+ Logger::WARNING,
+ "Pegasus.Common.SocketzOS_inline.NOREAD_CIMSERV_ACCESS",
+ "Request UserID $0 doesn't have READ permission"
+ " to profile CIMSERV CL(WBEM).",
+ _username);
+ return -1;
+ }
+#endif
// For audit loging, only the mapping of the client IP to the
// resolved user ID is from interest.
// The SAF facility logs the certificate validation and the
#ifdef PEGASUS_ZOS_SECURITY
if ( !CheckProfileCIMSERVclassWBEM(userName, __READ_RESOURCE) )
{
- Logger::put_l(Logger::TRACE_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
+ Logger::put_l(Logger::STANDARD_LOG, ZOS_SECURITY_NAME, Logger::WARNING,
"Security.Authentication.LocalAuthenticationHandler"
".NOREAD_CIMSERV_ACCESS.PEGASUS_OS_ZOS",
- "Request UserID $0 doesn't have READ permission to profile CIMSERV CL(WBEM).",
+ "Request UserID $0 doesn't have READ permission"
+ " to profile CIMSERV CL(WBEM).",
userName);
return false;
}
Pegasus.Common.SocketzOS_inline.WRONG_ROLE:string {"PGS12544E: ATTLS policy specifies the wrong HandshakeRole for the CIM Server HTTPS port. Communication not secured. Connection closed."}
+ /**
+ * @note PGS12567:
+ * Substitution {0} is a user name (a string)
+ * Do not translate 'READ', 'CIMSERV CL(WBEM)' as it are RACF names
+ */
+ Pegasus.Common.SocketzOS_inline.NOREAD_CIMSERV_ACCESS:string {"PGS12567W: Request UserID {0} doesn't have READ permission to profile CIMSERV CL(WBEM)."}
+
+
// End z/OS messages
// ==========================================================