Add support for Dynamic Local User(DLU) on windows
This commit is contained in:
parent
18e290e209
commit
0e03e5e475
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 10 11:56:10 MDT 2006 - jnorman@novell.com
|
||||
|
||||
- Add support for Dynamic Local User(DLU) on windows
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Oct 6 16:12:10 MDT 2006 - schoi@novell.com
|
||||
|
||||
|
@ -536,6 +536,14 @@ miCASASetMasterPasscode
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
SSCS_EXTERN_LIBCALL(int32_t)
|
||||
miCASAMergeCache
|
||||
(
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
uint32_t bDestroySrcCache
|
||||
);
|
||||
|
||||
|
||||
|
||||
//**************************************************************
|
||||
|
@ -28,6 +28,7 @@ extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
|
||||
//#include <wchar.h>
|
||||
#include <sscs_sdk.h>
|
||||
#include <sscs_utf8.h>
|
||||
@ -554,6 +555,13 @@ int sscs_IsSecretPersistent
|
||||
void *reserved
|
||||
);
|
||||
|
||||
int sscs_MergeCache
|
||||
(
|
||||
void *ssHandle,
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
uint32_t bDestroySrc
|
||||
);
|
||||
|
||||
|
||||
#if defined(__cplusplus) || defined(c_plusplus)
|
||||
|
@ -125,7 +125,8 @@ int ipc_ReadSecret
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SSCS_SECRET_T *secretData,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
unsigned int *bytesRequired
|
||||
unsigned int *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_WriteSecret
|
||||
@ -144,7 +145,8 @@ int ipc_RemoveSecret
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
|
||||
SSCS_KEYCHAIN_ID_T *keychainID,
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SSCS_PASSWORD_T *epPassword
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_GetSecretStoreInfo
|
||||
@ -187,7 +189,8 @@ int ipc_ReadKey
|
||||
uint8_t *val,
|
||||
uint32_t *valLen,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
uint32_t *bytesRequired
|
||||
uint32_t *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_WriteKey
|
||||
@ -211,7 +214,8 @@ int ipc_RemoveKey
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SS_UTF8_T *key,
|
||||
uint32_t keyLen,
|
||||
SSCS_PASSWORD_T *epPassword
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_ReadBinaryKey
|
||||
@ -224,7 +228,8 @@ int ipc_ReadBinaryKey
|
||||
uint8_t *val,
|
||||
uint32_t *valLen,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
uint32_t *bytesRequired
|
||||
uint32_t *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_WriteBinaryKey
|
||||
@ -257,6 +262,15 @@ int ipc_IsSecretPersistent
|
||||
SSCS_EXT_T *ext
|
||||
);
|
||||
|
||||
int ipc_MergeCache
|
||||
(
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
int32_t bDestorySrc
|
||||
);
|
||||
|
||||
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
@ -147,6 +147,9 @@
|
||||
#define REQ_REMOVE_KEY_MSGID 0x0017
|
||||
#define RESP_REMOVE_KEY_MSGID 0x1017
|
||||
|
||||
#define REQ_MERGE_CACHE_MSGID 0x0018
|
||||
#define RESP_MERGE_CACHE_MSGID 0x1018
|
||||
|
||||
#define EXT_TYPE_WINDOWS_LUID 0x00000001;
|
||||
#define WINDOWS_LUID_LEN 0x00000008;
|
||||
|
||||
|
@ -34,6 +34,7 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\
|
||||
|
@ -36,6 +36,7 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
|
||||
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\
|
||||
|
@ -10,6 +10,7 @@ EXPORTS
|
||||
sscs_CacheGetSecretStoreInfo
|
||||
sscs_CacheGetKeychainInfo
|
||||
sscs_LockCache
|
||||
sscs_MergeCache
|
||||
sscs_UnlockCache
|
||||
sscs_CacheRemoveSecret
|
||||
sscs_SetMasterPasscode
|
||||
|
@ -317,7 +317,7 @@ int32_t sscs_CacheReadSecret
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired);
|
||||
retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired, reserved);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
@ -397,18 +397,18 @@ int sscs_CacheWriteSecret
|
||||
*/
|
||||
int32_t sscs_CacheRemoveSecret
|
||||
(
|
||||
void *ssHandle,
|
||||
uint32_t ssFlags,
|
||||
void *ssHandle,
|
||||
uint32_t ssFlags,
|
||||
SSCS_KEYCHAIN_ID_T *keyChainID,
|
||||
SSCS_SECRET_ID_T *secredID,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
void *reserved
|
||||
void *reserved
|
||||
)
|
||||
{
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword);
|
||||
retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword,reserved);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
@ -668,7 +668,7 @@ int32_t sscs_CacheRemoveKey
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword);
|
||||
retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword,reserved);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
@ -721,7 +721,7 @@ int32_t sscs_CacheReadKey
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
|
||||
retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
@ -744,7 +744,7 @@ int32_t sscs_CacheReadBinaryKey
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
|
||||
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
@ -766,6 +766,23 @@ int sscs_IsSecretPersistent
|
||||
return retVal;
|
||||
}
|
||||
|
||||
int sscs_MergeCache
|
||||
(
|
||||
void *ssHandle,
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
uint32_t bDestroySrc
|
||||
)
|
||||
{
|
||||
int32_t retVal = 0;
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
|
||||
|
||||
retVal = ipc_MergeCache(ssHandleCopy,srcExt,targetExt,bDestroySrc);
|
||||
|
||||
return retVal;
|
||||
}
|
||||
|
||||
|
||||
//#endif
|
||||
|
||||
#if defined(__cplusplus) || defined(c_plusplus)
|
||||
|
@ -979,7 +979,8 @@ int32_t ipc_ReadSecret
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SSCS_SECRET_T *secretData,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
uint32_t *bytesRequired
|
||||
uint32_t *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
@ -992,6 +993,9 @@ int32_t ipc_ReadSecret
|
||||
uint32_t secretIDLen = 0;
|
||||
uint32_t msgLen = 0;
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
SSCS_PASSWORD_T myPassword = {0,0,""};
|
||||
|
||||
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
|
||||
@ -1029,7 +1033,24 @@ int32_t ipc_ReadSecret
|
||||
secretIDLen + // SecretID
|
||||
MSG_STRING_LEN + // epPassword len
|
||||
epPassword->pwordLen;
|
||||
|
||||
|
||||
// is there an ext, account for it
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
|
||||
}
|
||||
else
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
else
|
||||
{
|
||||
// the cache daemon expects a ext, add it here
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
|
||||
pReq = gpReqBuf;
|
||||
msgid = REQ_CACHE_READ_SECRET_MSGID;
|
||||
memcpy(pReq, &msgid, MSGID_LEN);
|
||||
@ -1049,6 +1070,36 @@ int32_t ipc_ReadSecret
|
||||
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
|
||||
pReq += epPassword->pwordLen;
|
||||
|
||||
// marshall the extension if there is one
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, ext->ext, 8);
|
||||
pReq += 8;
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
}
|
||||
|
||||
|
||||
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
|
||||
if(retVal < 0)
|
||||
{
|
||||
@ -1335,7 +1386,8 @@ int32_t ipc_RemoveSecret
|
||||
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
|
||||
SSCS_KEYCHAIN_ID_T *keychainID,
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SSCS_PASSWORD_T *epPassword
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
SSCS_EXT_T *ext
|
||||
)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
@ -1351,6 +1403,9 @@ int32_t ipc_RemoveSecret
|
||||
uint32_t secretIDLen = 0;
|
||||
uint32_t msgLen = 0;
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
memset(gpReqBuf,0,sizeof(gpReqBuf));
|
||||
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
|
||||
|
||||
@ -1384,6 +1439,23 @@ int32_t ipc_RemoveSecret
|
||||
msgLen += epPassword->pwordLen;
|
||||
}
|
||||
|
||||
// is there an ext, account for it
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
|
||||
}
|
||||
else
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
else
|
||||
{
|
||||
// the cache daemon expects a ext, add it here
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
|
||||
pReq = gpReqBuf;
|
||||
|
||||
msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
|
||||
@ -1411,8 +1483,39 @@ int32_t ipc_RemoveSecret
|
||||
{
|
||||
int pwordlen = 0;
|
||||
memcpy(pReq, &pwordlen, MSG_STRING_LEN);
|
||||
pReq += MSG_STRING_LEN;
|
||||
}
|
||||
|
||||
// marshall the extension if there is one
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, ext->ext, 8);
|
||||
pReq += 8;
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
}
|
||||
|
||||
|
||||
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
|
||||
if(retVal < 0)
|
||||
{
|
||||
@ -1853,7 +1956,8 @@ int32_t ipc_RemoveKey
|
||||
SSCS_SECRET_ID_T *secretID,
|
||||
SS_UTF8_T *key,
|
||||
uint32_t keyLen,
|
||||
SSCS_PASSWORD_T *epPassword
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
SSCS_EXT_T *ext
|
||||
)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
@ -1868,6 +1972,9 @@ int32_t ipc_RemoveKey
|
||||
|
||||
SSCS_PASSWORD_T myPassword = {0,0,""};
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
|
||||
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
|
||||
Byte *pReq = NULL, *pReply = NULL;
|
||||
@ -1911,6 +2018,31 @@ int32_t ipc_RemoveKey
|
||||
MSG_STRING_LEN + // epPassword len
|
||||
epPassword->pwordLen;
|
||||
|
||||
// is there an ext, account for it
|
||||
if (ext)
|
||||
{
|
||||
// The login capture on Windows determines the LUID of the user
|
||||
// and sends it as an Extension, marshall it across the pipe
|
||||
// see the WriteSecret verb for handling it.
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
|
||||
// as setup in the capture module
|
||||
//ext.extID = WINDOWS_LOGON_ID;
|
||||
//ext.version = 0x00010000; // 1.0.0
|
||||
//ext.ext = (void *)lpLogonId;
|
||||
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
|
||||
}
|
||||
else
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
else
|
||||
{
|
||||
// the cache daemon expects a ext, add it here
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
|
||||
pReq = gpReqBuf;
|
||||
msgid = REQ_REMOVE_KEY_MSGID;
|
||||
memcpy(pReq, &msgid, MSGID_LEN);
|
||||
@ -1936,6 +2068,35 @@ int32_t ipc_RemoveKey
|
||||
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
|
||||
pReq += epPassword->pwordLen;
|
||||
|
||||
// marshall the extension if there is one
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, ext->ext, 8);
|
||||
pReq += 8;
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
}
|
||||
|
||||
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
|
||||
if(retVal < 0)
|
||||
{
|
||||
@ -1976,7 +2137,8 @@ int32_t ipc_ReadKey
|
||||
uint8_t *val,
|
||||
uint32_t *valLen,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
uint32_t *bytesRequired
|
||||
uint32_t *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
@ -1989,6 +2151,10 @@ int32_t ipc_ReadKey
|
||||
uint32_t secretIDLen = 0;
|
||||
uint32_t msgLen = 0;
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
|
||||
SSCS_PASSWORD_T myPassword = {0,0,""};
|
||||
|
||||
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
|
||||
@ -2019,6 +2185,7 @@ int32_t ipc_ReadKey
|
||||
// epPassword is optional. So, the code should not break.
|
||||
if( NULL == epPassword )
|
||||
epPassword = &myPassword;
|
||||
|
||||
msgLen = MSGID_LEN + MSG_LEN +
|
||||
MSG_STRING_LEN + // KeychainID length
|
||||
keychainIDLen + // Keychain ID
|
||||
@ -2028,6 +2195,24 @@ int32_t ipc_ReadKey
|
||||
keyLen + //key
|
||||
MSG_STRING_LEN + // epPassword len
|
||||
epPassword->pwordLen;
|
||||
|
||||
|
||||
// is there an ext, account for it
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
|
||||
}
|
||||
else
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
else
|
||||
{
|
||||
// the cache daemon expects a ext, add it here
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
|
||||
pReq = gpReqBuf;
|
||||
msgid = REQ_READ_KEY_MSGID;
|
||||
@ -2054,6 +2239,36 @@ int32_t ipc_ReadKey
|
||||
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
|
||||
pReq += epPassword->pwordLen;
|
||||
|
||||
// marshall the extension if there is one
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, ext->ext, 8);
|
||||
pReq += 8;
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
}
|
||||
|
||||
|
||||
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
|
||||
if(retVal < 0)
|
||||
{
|
||||
@ -2144,7 +2359,8 @@ int32_t ipc_ReadBinaryKey
|
||||
uint8_t *val,
|
||||
uint32_t *valLen,
|
||||
SSCS_PASSWORD_T *epPassword,
|
||||
uint32_t *bytesRequired
|
||||
uint32_t *bytesRequired,
|
||||
SSCS_EXT_T *ext
|
||||
)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
@ -2157,6 +2373,9 @@ int32_t ipc_ReadBinaryKey
|
||||
uint32_t secretIDLen = 0;
|
||||
uint32_t msgLen = 0;
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
SSCS_PASSWORD_T myPassword = {0,0,""};
|
||||
|
||||
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
|
||||
@ -2195,7 +2414,25 @@ int32_t ipc_ReadBinaryKey
|
||||
keyLen + //key
|
||||
MSG_STRING_LEN + // epPassword len
|
||||
epPassword->pwordLen;
|
||||
|
||||
|
||||
// is there an ext, account for it
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
|
||||
}
|
||||
else
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
else
|
||||
{
|
||||
// the cache daemon expects a ext, add it here
|
||||
msgLen += MSG_DWORD_LEN;
|
||||
}
|
||||
|
||||
|
||||
pReq = gpReqBuf;
|
||||
msgid = REQ_READ_BINARY_KEY_MSGID;
|
||||
memcpy(pReq, &msgid, MSGID_LEN);
|
||||
@ -2221,6 +2458,35 @@ int32_t ipc_ReadBinaryKey
|
||||
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
|
||||
pReq += epPassword->pwordLen;
|
||||
|
||||
// marshall the extension if there is one
|
||||
if (ext)
|
||||
{
|
||||
if (ext->extID == WINDOWS_LOGIN_ID)
|
||||
{
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, ext->ext, 8);
|
||||
pReq += 8;
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
uint32_t extID = 0;
|
||||
memcpy(pReq,&extID,MSG_DWORD_LEN);
|
||||
}
|
||||
|
||||
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
|
||||
if(retVal < 0)
|
||||
{
|
||||
@ -2965,3 +3231,150 @@ int ipc_IsSecretPersistent
|
||||
return retCode;
|
||||
}
|
||||
|
||||
int32_t ipc_MergeCache(SSCS_SECRETSTORE_HANDLE_T *ssHandle,
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
int32_t bDestroySrc)
|
||||
{
|
||||
int retVal = 0; //to be used in the function internally
|
||||
int32_t retCode = NSSCS_SUCCESS; //to be returned to caller
|
||||
int32_t sockReturn = 0; //obtained from the server
|
||||
|
||||
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
|
||||
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
|
||||
Byte *pReq = NULL, *pReply = NULL;
|
||||
Byte *tmpBuf = NULL;
|
||||
|
||||
uint16_t msgid = 0;
|
||||
uint32_t msgLen = 0;
|
||||
|
||||
uint32_t extID = 0;
|
||||
uint32_t luidLen = 0;
|
||||
|
||||
memset(gpReqBuf,0,sizeof(gpReqBuf));
|
||||
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
|
||||
|
||||
do
|
||||
{
|
||||
|
||||
// Prepare Request buffer
|
||||
msgLen = MSGID_LEN + MSG_LEN;
|
||||
|
||||
// compute the size of the extensions we marshall
|
||||
if (srcExt && targetExt)
|
||||
{
|
||||
if ((srcExt->extID == WINDOWS_LOGIN_ID) && (targetExt->extID == WINDOWS_LOGIN_ID))
|
||||
{
|
||||
// 4 byte ext type, 4 byte len and 8 bytes of LUID
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // src
|
||||
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // target
|
||||
msgLen += sizeof(int32_t); // destroy flag
|
||||
}
|
||||
else
|
||||
{
|
||||
retCode = NSSCS_E_NOT_SUPPORTED;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
retCode = NSSCS_E_NOT_SUPPORTED;
|
||||
break;
|
||||
}
|
||||
|
||||
// if no errors, marshal the data.
|
||||
if (!retCode)
|
||||
{
|
||||
if( msgLen > MIN_REQUEST_BUF_LEN )
|
||||
{
|
||||
tmpBuf = (Byte*)malloc(msgLen);
|
||||
if( NULL == tmpBuf )
|
||||
{
|
||||
retCode = NSSCS_E_SYSTEM_FAILURE;
|
||||
break;
|
||||
}
|
||||
memset(tmpBuf,0,msgLen);
|
||||
pReq = tmpBuf;
|
||||
}
|
||||
else
|
||||
{
|
||||
pReq = gpReqBuf;
|
||||
}
|
||||
|
||||
msgid = REQ_MERGE_CACHE_MSGID;
|
||||
memcpy(pReq, &msgid, MSGID_LEN);
|
||||
pReq += MSGID_LEN;
|
||||
memcpy(pReq, &msgLen, MSG_LEN);
|
||||
pReq += MSG_LEN;
|
||||
|
||||
// copy the srcExt
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, srcExt->ext, 8);
|
||||
pReq += 8;
|
||||
|
||||
// copy the targetExt
|
||||
extID = EXT_TYPE_WINDOWS_LUID;
|
||||
memcpy(pReq, &extID, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
luidLen = WINDOWS_LUID_LEN;
|
||||
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
|
||||
pReq += MSG_DWORD_LEN;
|
||||
|
||||
memcpy(pReq, targetExt->ext, 8);
|
||||
pReq += 8;
|
||||
|
||||
// copy destroy flag
|
||||
memcpy(pReq, &bDestroySrc, sizeof(int32_t));
|
||||
|
||||
if(tmpBuf != NULL)
|
||||
{
|
||||
retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen);
|
||||
}
|
||||
else
|
||||
{
|
||||
retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen);
|
||||
}
|
||||
if(retVal < 0)
|
||||
{
|
||||
//log debug info here
|
||||
retCode = NSSCS_E_SYSTEM_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
// Read reply
|
||||
pReply = gpReplyBuf;
|
||||
retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
|
||||
if(retVal < 0)
|
||||
{
|
||||
//log debug info here
|
||||
retCode = NSSCS_E_SYSTEM_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
memcpy(&msgid,pReply, MSGID_LEN);
|
||||
pReply += MSGID_LEN;
|
||||
memcpy(&msgLen,pReply, MSG_LEN);
|
||||
pReply += MSG_LEN;
|
||||
memcpy(&sockReturn, pReply, MSG_DWORD_LEN);
|
||||
retCode = mapReturnCode(sockReturn);
|
||||
}
|
||||
|
||||
}while(0);
|
||||
|
||||
if( tmpBuf != NULL )
|
||||
{
|
||||
free(tmpBuf);
|
||||
tmpBuf = NULL;
|
||||
}
|
||||
|
||||
return retCode;
|
||||
}
|
||||
|
||||
|
7
CASA/micasad/cache/SecretStore.cs
vendored
7
CASA/micasad/cache/SecretStore.cs
vendored
@ -904,7 +904,7 @@ namespace sscs.cache
|
||||
{
|
||||
if (lss != null)
|
||||
{
|
||||
MemoryStream ms = lss.GetSecretsAsXMLStream();
|
||||
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
|
||||
byte[] baSecrets = ms.ToArray();
|
||||
|
||||
// encrypt if an encryptionstring was passed
|
||||
@ -939,10 +939,7 @@ namespace sscs.cache
|
||||
XmlDocument doc = new XmlDocument();
|
||||
String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets);
|
||||
doc.LoadXml(sXMLData);
|
||||
if (lss != null)
|
||||
{
|
||||
lss.AddXMLSecretsToStore(doc);
|
||||
}
|
||||
LocalStorage.AddXMLSecretsToStore(this, doc);
|
||||
}
|
||||
|
||||
internal void CreatePolicyDirectory()
|
||||
|
@ -84,6 +84,7 @@ namespace sscs.common
|
||||
msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey");
|
||||
msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey");
|
||||
msgIdMap.Add(23,"sscs.verbs.RemoveKey");
|
||||
msgIdMap.Add(24,"sscs.verbs.MergeCache");
|
||||
}
|
||||
|
||||
|
||||
|
@ -72,7 +72,9 @@ namespace sscs.common
|
||||
}
|
||||
public void PrintIdentifier()
|
||||
{
|
||||
// Console.WriteLine("WinUserIdentifier : uid is {0}",uid);
|
||||
CSSSLogger.DbgLog(" High: " + this.uidHigh);
|
||||
CSSSLogger.DbgLog(" LOW: " + this.uidLow);
|
||||
CSSSLogger.DbgLog(" SID: " + this.m_sSID);
|
||||
}
|
||||
|
||||
public int GetUID()
|
||||
@ -80,5 +82,15 @@ namespace sscs.common
|
||||
return -1;
|
||||
}
|
||||
|
||||
internal int GetUIDLow()
|
||||
{
|
||||
return this.uidLow;
|
||||
}
|
||||
|
||||
internal int GetUIDHigh()
|
||||
{
|
||||
return this.uidHigh;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
|
@ -35,6 +35,7 @@ using sscs.crypto;
|
||||
using sscs.common;
|
||||
using sscs.constants;
|
||||
using Novell.CASA.MiCasa.Common;
|
||||
using Novell.CASA.CASAPolicy;
|
||||
|
||||
namespace sscs.lss
|
||||
{
|
||||
@ -239,7 +240,7 @@ namespace sscs.lss
|
||||
}
|
||||
|
||||
// add these to the store
|
||||
AddXMLSecretsToStore(doc);
|
||||
AddXMLSecretsToStore(userStore, doc);
|
||||
}
|
||||
catch(Exception e)
|
||||
{
|
||||
@ -252,7 +253,7 @@ namespace sscs.lss
|
||||
return true;
|
||||
}
|
||||
|
||||
internal void AddXMLSecretsToStore(XmlDocument doc)
|
||||
internal static void AddXMLSecretsToStore(SecretStore userStore, XmlDocument doc)
|
||||
{
|
||||
string xpath = "";
|
||||
xpath = "//" + XmlConsts.miCASANode;
|
||||
@ -271,11 +272,38 @@ namespace sscs.lss
|
||||
{
|
||||
keyChain = new KeyChain(keyChainId);
|
||||
userStore.AddKeyChain(keyChain);
|
||||
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
keyChain = userStore.GetKeyChain(keyChainId);
|
||||
|
||||
// set the created time if possible
|
||||
XmlNode timeNode = node.SelectSingleNode("descendant::" + XmlConsts.timeNode);
|
||||
if (timeNode != null)
|
||||
{
|
||||
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
|
||||
if (timeAttribCol != null)
|
||||
{
|
||||
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
|
||||
if (createdTimeNode != null)
|
||||
{
|
||||
//Console.WriteLine("KeyChain create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
|
||||
}
|
||||
else
|
||||
{
|
||||
//Console.WriteLine("Create time not found");
|
||||
}
|
||||
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
|
||||
if (modifiedTimeNode != null)
|
||||
{
|
||||
//Console.WriteLine("KeyChain mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
xpath = "descendant::" + XmlConsts.secretNode;
|
||||
XmlNodeList secretNodeList = node.SelectNodes(xpath);
|
||||
foreach(XmlNode secretNode in secretNodeList)
|
||||
@ -284,6 +312,39 @@ namespace sscs.lss
|
||||
string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0";
|
||||
xpath = "descendant::" + XmlConsts.valueNode;
|
||||
Secret secret = new Secret(secretId);
|
||||
|
||||
|
||||
// get time stamps for this secret
|
||||
XmlNode timeNode = secretNode.SelectSingleNode("descendant::" + XmlConsts.timeNode);
|
||||
if (timeNode != null)
|
||||
{
|
||||
//Console.WriteLine("Secret: " + secretId);
|
||||
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
|
||||
if (timeAttribCol != null)
|
||||
{
|
||||
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
|
||||
if (createdTimeNode != null)
|
||||
{
|
||||
//Console.WriteLine("Secret create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
|
||||
}
|
||||
else
|
||||
{
|
||||
//Console.WriteLine("Create time not found");
|
||||
}
|
||||
|
||||
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
|
||||
if (modifiedTimeNode != null)
|
||||
{
|
||||
//Console.WriteLine("Secret mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
|
||||
}
|
||||
else
|
||||
{
|
||||
//Console.WriteLine("mod time not found");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if( keyChain.CheckIfSecretExists(secretId) == false)
|
||||
{
|
||||
keyChain.AddSecret(secret);
|
||||
@ -309,9 +370,8 @@ namespace sscs.lss
|
||||
xpath = "descendant::" + XmlConsts.keyValueNode;
|
||||
XmlNode keyValNode = keyNode.SelectSingleNode(xpath);
|
||||
string keyValue = keyValNode.InnerText;
|
||||
secret.SetKeyValue(key,keyValue);
|
||||
|
||||
|
||||
secret.SetKeyValue(key,keyValue);
|
||||
|
||||
// add linked keys
|
||||
xpath = "descendant::" + XmlConsts.linkedKeyNode;
|
||||
XmlNodeList linkNodeList = keyNode.SelectNodes(xpath);
|
||||
@ -362,10 +422,26 @@ namespace sscs.lss
|
||||
|
||||
internal void PersistStore()
|
||||
{
|
||||
string sPeristSecrets = null;
|
||||
|
||||
// is policy set to persist secrets
|
||||
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory());
|
||||
if (uiPolicy != null)
|
||||
{
|
||||
sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
|
||||
}
|
||||
|
||||
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
|
||||
{
|
||||
// delete .miCASA file and .IV file
|
||||
File.Delete(userStore.GetPersistenceFilePath());
|
||||
return;
|
||||
}
|
||||
|
||||
//userStore.DumpSecretstore();
|
||||
try
|
||||
{
|
||||
MemoryStream ms1 = GetSecretsAsXMLStream();
|
||||
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);
|
||||
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
|
||||
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
|
||||
|
||||
@ -412,7 +488,7 @@ namespace sscs.lss
|
||||
}
|
||||
}
|
||||
|
||||
internal MemoryStream GetSecretsAsXMLStream()
|
||||
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
|
||||
{
|
||||
try
|
||||
{
|
||||
@ -438,12 +514,13 @@ namespace sscs.lss
|
||||
sTmpId = new string(tmpId);
|
||||
|
||||
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
|
||||
/* If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.ToString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.ToString());
|
||||
writer.WriteEndElement();
|
||||
*/
|
||||
// If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.Ticks.ToString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.Ticks.ToString());
|
||||
writer.WriteEndElement();
|
||||
|
||||
PersistencePol policy = null;
|
||||
|
||||
IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets());
|
||||
while(secIter.MoveNext())
|
||||
@ -451,18 +528,37 @@ namespace sscs.lss
|
||||
Secret secret = (Secret)secIter.Value;
|
||||
writer.WriteStartElement(XmlConsts.secretNode);
|
||||
string secretId = secret.GetKey();
|
||||
|
||||
tmpId = new char[secretId.Length-1];
|
||||
for(int i = 0; i < secretId.Length-1; i++ )
|
||||
{
|
||||
tmpId[i] = secretId[i];
|
||||
}
|
||||
sTmpId = new string(tmpId);
|
||||
|
||||
// TODO: Does Policy allow persisting this secret.
|
||||
if (policy == null)
|
||||
{
|
||||
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory());
|
||||
}
|
||||
|
||||
bool bSaveValues = true;
|
||||
if (policy != null)
|
||||
{
|
||||
if (policy.GetSecretPolicy(sTmpId, "Persistent", "True").Equals("False"))
|
||||
{
|
||||
//continue;
|
||||
bSaveValues = false;
|
||||
}
|
||||
}
|
||||
|
||||
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
|
||||
/* If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.ToString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.ToString());
|
||||
writer.WriteEndElement();
|
||||
*/
|
||||
// If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.Ticks.ToString());
|
||||
writer.WriteAttributeString("LazyTime",secret.CreatedTime.ToShortDateString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.Ticks.ToString());
|
||||
writer.WriteEndElement();
|
||||
|
||||
writer.WriteStartElement(XmlConsts.valueNode);
|
||||
// byte[] byteArr = secret.GetValue();
|
||||
@ -475,14 +571,19 @@ namespace sscs.lss
|
||||
writer.WriteStartElement(XmlConsts.keyNode);
|
||||
writer.WriteAttributeString(XmlConsts.idAttr, sKey);
|
||||
writer.WriteStartElement(XmlConsts.keyValueNode);
|
||||
writer.WriteString(value);
|
||||
|
||||
if (bSaveValues)
|
||||
writer.WriteString(value);
|
||||
else
|
||||
writer.WriteString("");
|
||||
|
||||
writer.WriteEndElement();
|
||||
/* If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).ToString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).ToString());
|
||||
writer.WriteEndElement();
|
||||
*/
|
||||
// If we need to store time
|
||||
writer.WriteStartElement(XmlConsts.timeNode);
|
||||
writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).Ticks.ToString());
|
||||
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).Ticks.ToString());
|
||||
writer.WriteEndElement();
|
||||
|
||||
// write all LinkKeys
|
||||
Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey);
|
||||
if (htLinkedKeys != null)
|
||||
|
@ -56,6 +56,13 @@ namespace sscs.verbs
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
|
||||
// extension operations
|
||||
private uint extId = 0;
|
||||
#if W32
|
||||
private int luidLow = 0;
|
||||
private int luidHigh = 0;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
*/
|
||||
@ -77,6 +84,7 @@ namespace sscs.verbs
|
||||
Secret secret = null;
|
||||
|
||||
CSSSLogger.ExecutionTrace(this);
|
||||
UserIdentifier tempUserId = userId;
|
||||
|
||||
/* If an exception occurs in message format decoding,
|
||||
* it is handled by AppHandler
|
||||
@ -108,12 +116,41 @@ namespace sscs.verbs
|
||||
byte[] keyArr = new byte[keyLen];
|
||||
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
|
||||
key = Encoding.UTF8.GetString(keyArr);
|
||||
|
||||
try
|
||||
{
|
||||
// get extension ID
|
||||
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
|
||||
extId = BitConverter.ToUInt32(inBuf, extLocation);
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
//CSSSLogger.ExpLog(e.ToString());
|
||||
}
|
||||
|
||||
SecretStore ssStore;
|
||||
|
||||
if (extId == 1)
|
||||
{
|
||||
#if W32
|
||||
WinUserIdentifier test = (WinUserIdentifier)userId;
|
||||
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
|
||||
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
|
||||
{
|
||||
// WINDOWS LUID
|
||||
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
|
||||
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
|
||||
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
|
||||
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
try
|
||||
{
|
||||
KeyChain keyChain = null;
|
||||
// Secret secret = null;
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||
if (!ssStore.IsStoreLocked())
|
||||
{
|
||||
if( ssStore.CheckIfKeyChainExists(keyChainId) )
|
||||
|
@ -56,6 +56,13 @@ namespace sscs.verbs
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
|
||||
// extension operations
|
||||
private uint extId = 0;
|
||||
#if W32
|
||||
private int luidLow = 0;
|
||||
private int luidHigh = 0;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
*/
|
||||
@ -77,6 +84,7 @@ namespace sscs.verbs
|
||||
Secret secret = null;
|
||||
|
||||
CSSSLogger.ExecutionTrace(this);
|
||||
UserIdentifier tempUserId = userId;
|
||||
|
||||
/* If an exception occurs in message format decoding,
|
||||
* it is handled by AppHandler
|
||||
@ -108,12 +116,44 @@ namespace sscs.verbs
|
||||
byte[] keyArr = new byte[keyLen];
|
||||
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
|
||||
key = Encoding.UTF8.GetString(keyArr);
|
||||
|
||||
try
|
||||
{
|
||||
// get extension ID
|
||||
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
|
||||
extId = BitConverter.ToUInt32(inBuf, extLocation);
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
//CSSSLogger.ExpLog(e.ToString());
|
||||
}
|
||||
|
||||
SecretStore ssStore;
|
||||
|
||||
if (extId == 1)
|
||||
{
|
||||
#if W32
|
||||
WinUserIdentifier test = (WinUserIdentifier)userId;
|
||||
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
|
||||
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
|
||||
{
|
||||
// WINDOWS LUID
|
||||
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
|
||||
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
|
||||
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
|
||||
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
|
||||
}
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
|
||||
try
|
||||
{
|
||||
KeyChain keyChain = null;
|
||||
// Secret secret = null;
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
|
||||
KeyChain keyChain = null;
|
||||
ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||
|
||||
if (!ssStore.IsStoreLocked())
|
||||
{
|
||||
if( ssStore.CheckIfKeyChainExists(keyChainId) )
|
||||
|
@ -51,6 +51,13 @@ namespace sscs.verbs
|
||||
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
|
||||
// extension operations
|
||||
private uint extId = 0;
|
||||
#if W32
|
||||
private int luidLow = 0;
|
||||
private int luidHigh = 0;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
@ -73,6 +80,7 @@ namespace sscs.verbs
|
||||
Secret secret = null;
|
||||
|
||||
CSSSLogger.ExecutionTrace(this);
|
||||
UserIdentifier tempUserId = userId;
|
||||
|
||||
/* If an exception occurs in message format decoding,
|
||||
* it is handled by AppHandler
|
||||
@ -99,11 +107,40 @@ namespace sscs.verbs
|
||||
secretId = Encoding.UTF8.GetString(secretIdArr);
|
||||
// Message Format decipher - End
|
||||
|
||||
try
|
||||
{
|
||||
// get extension ID
|
||||
int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen);
|
||||
extId = BitConverter.ToUInt32(inBuf, extLocation);
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
//CSSSLogger.ExpLog(e.ToString());
|
||||
}
|
||||
|
||||
SecretStore ssStore;
|
||||
|
||||
if (extId == 1)
|
||||
{
|
||||
#if W32
|
||||
WinUserIdentifier test = (WinUserIdentifier)userId;
|
||||
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
|
||||
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
|
||||
{
|
||||
// WINDOWS LUID
|
||||
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
|
||||
luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
|
||||
luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
|
||||
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
try
|
||||
{
|
||||
KeyChain keyChain = null;
|
||||
// Secret secret = null;
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||
|
||||
if (!ssStore.IsStoreLocked())
|
||||
{
|
||||
|
@ -52,6 +52,13 @@ namespace sscs.verbs
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
|
||||
// extension operations
|
||||
private uint extId = 0;
|
||||
#if W32
|
||||
private int luidLow = 0;
|
||||
private int luidHigh = 0;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
*/
|
||||
@ -78,6 +85,8 @@ namespace sscs.verbs
|
||||
* it is handled by AppHandler
|
||||
*/
|
||||
|
||||
UserIdentifier tempUserId = userId;
|
||||
|
||||
// Message Format decipher - Start
|
||||
msgId = BitConverter.ToUInt16(inBuf,0);
|
||||
inMsgLen = BitConverter.ToUInt32(inBuf,2);
|
||||
@ -105,11 +114,45 @@ namespace sscs.verbs
|
||||
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
|
||||
key = Encoding.UTF8.GetString(keyArr);
|
||||
|
||||
try
|
||||
{
|
||||
// get extension ID
|
||||
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
|
||||
extId = BitConverter.ToUInt32(inBuf, extLocation);
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
//CSSSLogger.ExpLog(e.ToString());
|
||||
}
|
||||
|
||||
if (extId == 1)
|
||||
{
|
||||
#if W32
|
||||
// WINDOWS LUID
|
||||
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
|
||||
// we might be able to change this if/when we abstract the session.
|
||||
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
|
||||
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
|
||||
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
|
||||
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
|
||||
try
|
||||
{
|
||||
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
try
|
||||
{
|
||||
KeyChain keyChain = null;
|
||||
// Secret secret = null;
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||
if (!ssStore.IsStoreLocked())
|
||||
{
|
||||
if( ssStore.CheckIfKeyChainExists(keyChainId) )
|
||||
|
@ -50,6 +50,14 @@ namespace sscs.verbs
|
||||
|
||||
private byte[] inBuf;
|
||||
private byte[] outBuf;
|
||||
|
||||
// extension operations
|
||||
private uint extId = 0;
|
||||
#if W32
|
||||
private int luidLow = 0;
|
||||
private int luidHigh = 0;
|
||||
#endif
|
||||
|
||||
/*
|
||||
* This method sets the class member with the byte array received.
|
||||
*/
|
||||
@ -69,6 +77,9 @@ namespace sscs.verbs
|
||||
{
|
||||
|
||||
CSSSLogger.ExecutionTrace(this);
|
||||
|
||||
UserIdentifier tempUserId = userId;
|
||||
|
||||
/* If an exception occurs in message format decoding,
|
||||
* it is handled by AppHandler
|
||||
*/
|
||||
@ -92,11 +103,44 @@ namespace sscs.verbs
|
||||
byte[] secretIdArr = new byte[secretIdLen];
|
||||
Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen);
|
||||
secretId = Encoding.UTF8.GetString(secretIdArr);
|
||||
// Message Format decipher - End
|
||||
|
||||
try
|
||||
{
|
||||
// get extension ID
|
||||
int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen);
|
||||
extId = BitConverter.ToUInt32(inBuf, extLocation);
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
//CSSSLogger.ExpLog(e.ToString());
|
||||
}
|
||||
|
||||
if (extId == 1)
|
||||
{
|
||||
#if W32
|
||||
// WINDOWS LUID
|
||||
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
|
||||
// we might be able to change this if/when we abstract the session.
|
||||
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
|
||||
luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
|
||||
luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
|
||||
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
|
||||
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
|
||||
try
|
||||
{
|
||||
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
|
||||
}
|
||||
#endif
|
||||
}
|
||||
// Message Format decipher - End
|
||||
|
||||
try
|
||||
{
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
|
||||
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
|
||||
if (!ssStore.IsStoreLocked())
|
||||
{
|
||||
|
||||
|
@ -35,6 +35,7 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
|
||||
|
@ -40,6 +40,7 @@ LINK_DEF_BLD = \
|
||||
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
|
||||
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\
|
||||
|
@ -10,6 +10,7 @@ EXPORTS
|
||||
miCASARemoveCredential
|
||||
miCASAOpenSecretStoreCache
|
||||
miCASACloseSecretStoreCache
|
||||
miCASAMergeCache
|
||||
miCASAReadSecret
|
||||
miCASARemoveSecret
|
||||
miCASAWriteSecret
|
||||
|
@ -1107,7 +1107,7 @@ miCASAReadSecret
|
||||
}
|
||||
|
||||
if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf,
|
||||
epPassword, &bytesRequired, readData))
|
||||
epPassword, &bytesRequired, ext))
|
||||
{
|
||||
goto errorLevel1;
|
||||
}
|
||||
@ -1285,7 +1285,7 @@ miCASARemoveSecret
|
||||
}
|
||||
|
||||
rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID,
|
||||
&secretID, epPassword, NULL);
|
||||
&secretID, epPassword, ext);
|
||||
|
||||
|
||||
/* ############################### CODE EXITS HERE ############################# */
|
||||
@ -3207,7 +3207,7 @@ miCASAGetCredential
|
||||
|
||||
// read credset for this app
|
||||
secID.type = SSCS_CREDENTIAL_TYPE_F;
|
||||
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
|
||||
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
|
||||
|
||||
if(rcode == NSSCS_SUCCESS)
|
||||
{
|
||||
@ -3231,7 +3231,7 @@ miCASAGetCredential
|
||||
secID.type = SSCS_CREDENTIAL_TYPE_F;
|
||||
secID.len = appSecretID->len;
|
||||
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
|
||||
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
|
||||
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
|
||||
if(rcode == NSSCS_SUCCESS)
|
||||
{
|
||||
// read the username and password
|
||||
@ -3605,7 +3605,7 @@ miCASADeleteCredential
|
||||
secID.len = appSecretID->len;
|
||||
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
|
||||
|
||||
rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL);
|
||||
rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, ext);
|
||||
|
||||
// close the secretstore
|
||||
miCASACloseSecretStoreCache(context, ssFlags, NULL);
|
||||
@ -3750,3 +3750,46 @@ miCASAIsSecretPersistent
|
||||
/* ############################### CODE ENDS HERE ############################# */
|
||||
} // end of miCASAIsSecretPersistent
|
||||
|
||||
/*
|
||||
* NAME - miCASAMergeCache
|
||||
*
|
||||
* DESCRIPTION
|
||||
* This call merges the src cache with the destination cache
|
||||
*
|
||||
*/
|
||||
SSCS_GLOBAL_LIBCALL(int32_t)
|
||||
miCASAMergeCache
|
||||
(
|
||||
SSCS_EXT_T *srcExt,
|
||||
SSCS_EXT_T *targetExt,
|
||||
uint32_t bDestroySrcCache
|
||||
)
|
||||
{ /* beginning of the call */
|
||||
/* ########################## DECLARATIONS START HERE ######################### */
|
||||
|
||||
void *context = NULL;
|
||||
int32_t rcode = 0;
|
||||
SSCS_SECRETSTORE_T store = {0};
|
||||
SSCS_CONTEXT_T *storeContext;
|
||||
|
||||
/* ############################## CODE STARTS HERE ############################ */
|
||||
|
||||
// open secretStore
|
||||
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
|
||||
store.version = 1;
|
||||
context = miCASAOpenSecretStoreCache(&store, 0, NULL);
|
||||
|
||||
storeContext = (SSCS_CONTEXT_T *)context;
|
||||
|
||||
if(context == NULL)
|
||||
{
|
||||
return NSSCS_E_SYSTEM_FAILURE;
|
||||
}
|
||||
|
||||
rcode = sscs_MergeCache(storeContext->ssHandle, srcExt, targetExt, bDestroySrcCache);
|
||||
miCASACloseSecretStoreCache(context, 0, NULL);
|
||||
|
||||
return rcode;
|
||||
|
||||
/* ############################### CODE ENDS HERE ############################# */
|
||||
} // end of miCASAIsSecretPersistent
|
Loading…
Reference in New Issue
Block a user