diff --git a/CASA/CASA.changes b/CASA/CASA.changes index df7e188e..6faaf061 100644 --- a/CASA/CASA.changes +++ b/CASA/CASA.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Oct 10 11:56:10 MDT 2006 - jnorman@novell.com + +- Add support for Dynamic Local User(DLU) on windows + ------------------------------------------------------------------- Fri Oct 6 16:12:10 MDT 2006 - schoi@novell.com diff --git a/CASA/include/micasa.h b/CASA/include/micasa.h index 7fcfcb1e..b3f14037 100644 --- a/CASA/include/micasa.h +++ b/CASA/include/micasa.h @@ -536,6 +536,14 @@ miCASASetMasterPasscode SSCS_EXT_T *ext ); +SSCS_EXTERN_LIBCALL(int32_t) +miCASAMergeCache +( + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + uint32_t bDestroySrcCache +); + //************************************************************** diff --git a/CASA/include/sscs_cache.h b/CASA/include/sscs_cache.h index afdcb84d..923a5164 100644 --- a/CASA/include/sscs_cache.h +++ b/CASA/include/sscs_cache.h @@ -28,6 +28,7 @@ extern "C" { #endif + //#include #include #include @@ -554,6 +555,13 @@ int sscs_IsSecretPersistent void *reserved ); +int sscs_MergeCache +( + void *ssHandle, + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + uint32_t bDestroySrc +); #if defined(__cplusplus) || defined(c_plusplus) diff --git a/CASA/include/sscs_ipc.h b/CASA/include/sscs_ipc.h index 4d03cf7b..9c1635f0 100644 --- a/CASA/include/sscs_ipc.h +++ b/CASA/include/sscs_ipc.h @@ -125,7 +125,8 @@ int ipc_ReadSecret SSCS_SECRET_ID_T *secretID, SSCS_SECRET_T *secretData, SSCS_PASSWORD_T *epPassword, - unsigned int *bytesRequired + unsigned int *bytesRequired, + SSCS_EXT_T *ext ); int ipc_WriteSecret @@ -144,7 +145,8 @@ int ipc_RemoveSecret SSCS_SECRETSTORE_HANDLE_T *ssHandle, SSCS_KEYCHAIN_ID_T *keychainID, SSCS_SECRET_ID_T *secretID, - SSCS_PASSWORD_T *epPassword + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext ); int ipc_GetSecretStoreInfo @@ -187,7 +189,8 @@ int ipc_ReadKey uint8_t *val, uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired, + SSCS_EXT_T *ext ); int ipc_WriteKey @@ -211,7 +214,8 @@ int ipc_RemoveKey SSCS_SECRET_ID_T *secretID, SS_UTF8_T *key, uint32_t keyLen, - SSCS_PASSWORD_T *epPassword + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext ); int ipc_ReadBinaryKey @@ -224,7 +228,8 @@ int ipc_ReadBinaryKey uint8_t *val, uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired, + SSCS_EXT_T *ext ); int ipc_WriteBinaryKey @@ -257,6 +262,15 @@ int ipc_IsSecretPersistent SSCS_EXT_T *ext ); +int ipc_MergeCache +( + SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + int32_t bDestorySrc +); + + #endif #endif diff --git a/CASA/include/sscs_unx_cache_defines.h b/CASA/include/sscs_unx_cache_defines.h index f0b47c3e..86c21388 100644 --- a/CASA/include/sscs_unx_cache_defines.h +++ b/CASA/include/sscs_unx_cache_defines.h @@ -147,6 +147,9 @@ #define REQ_REMOVE_KEY_MSGID 0x0017 #define RESP_REMOVE_KEY_MSGID 0x1017 +#define REQ_MERGE_CACHE_MSGID 0x0018 +#define RESP_MERGE_CACHE_MSGID 0x1018 + #define EXT_TYPE_WINDOWS_LUID 0x00000001; #define WINDOWS_LUID_LEN 0x00000008; diff --git a/CASA/micasacache/link.w32 b/CASA/micasacache/link.w32 index b59f858e..acdcce72 100644 --- a/CASA/micasacache/link.w32 +++ b/CASA/micasacache/link.w32 @@ -34,6 +34,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\ echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\ + echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ diff --git a/CASA/micasacache/link_mdd.w32 b/CASA/micasacache/link_mdd.w32 index f40cb3f5..b00f01ef 100644 --- a/CASA/micasacache/link_mdd.w32 +++ b/CASA/micasacache/link_mdd.w32 @@ -36,6 +36,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\ echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\ + echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ diff --git a/CASA/micasacache/micasacache.def b/CASA/micasacache/micasacache.def index 494354d6..0c61f693 100644 --- a/CASA/micasacache/micasacache.def +++ b/CASA/micasacache/micasacache.def @@ -10,6 +10,7 @@ EXPORTS sscs_CacheGetSecretStoreInfo sscs_CacheGetKeychainInfo sscs_LockCache + sscs_MergeCache sscs_UnlockCache sscs_CacheRemoveSecret sscs_SetMasterPasscode diff --git a/CASA/micasacache/sscs_unx_cache.c b/CASA/micasacache/sscs_unx_cache.c index 3ce05672..3fcb9444 100644 --- a/CASA/micasacache/sscs_unx_cache.c +++ b/CASA/micasacache/sscs_unx_cache.c @@ -317,7 +317,7 @@ int32_t sscs_CacheReadSecret int32_t retVal = 0; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; - retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired); + retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired, reserved); return retVal; } @@ -397,18 +397,18 @@ int sscs_CacheWriteSecret */ int32_t sscs_CacheRemoveSecret ( - void *ssHandle, - uint32_t ssFlags, + void *ssHandle, + uint32_t ssFlags, SSCS_KEYCHAIN_ID_T *keyChainID, SSCS_SECRET_ID_T *secredID, SSCS_PASSWORD_T *epPassword, - void *reserved + void *reserved ) { int32_t retVal = 0; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; - retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword); + retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword,reserved); return retVal; } @@ -668,7 +668,7 @@ int32_t sscs_CacheRemoveKey int32_t retVal = 0; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; - retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword); + retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword,reserved); return retVal; } @@ -721,7 +721,7 @@ int32_t sscs_CacheReadKey int32_t retVal = 0; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; - retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired); + retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved); return retVal; } @@ -744,7 +744,7 @@ int32_t sscs_CacheReadBinaryKey int32_t retVal = 0; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; - retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired); + retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved); return retVal; } @@ -766,6 +766,23 @@ int sscs_IsSecretPersistent return retVal; } +int sscs_MergeCache +( + void *ssHandle, + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + uint32_t bDestroySrc +) +{ + int32_t retVal = 0; + SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; + + retVal = ipc_MergeCache(ssHandleCopy,srcExt,targetExt,bDestroySrc); + + return retVal; +} + + //#endif #if defined(__cplusplus) || defined(c_plusplus) diff --git a/CASA/micasacache/sscs_unx_ipc_client.c b/CASA/micasacache/sscs_unx_ipc_client.c index 82907719..dcd60056 100644 --- a/CASA/micasacache/sscs_unx_ipc_client.c +++ b/CASA/micasacache/sscs_unx_ipc_client.c @@ -979,7 +979,8 @@ int32_t ipc_ReadSecret SSCS_SECRET_ID_T *secretID, SSCS_SECRET_T *secretData, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired, + SSCS_EXT_T *ext ) { int retVal = 0; //to be used in the function internally @@ -992,6 +993,9 @@ int32_t ipc_ReadSecret uint32_t secretIDLen = 0; uint32_t msgLen = 0; + uint32_t extID = 0; + uint32_t luidLen = 0; + SSCS_PASSWORD_T myPassword = {0,0,""}; Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; @@ -1029,7 +1033,24 @@ int32_t ipc_ReadSecret secretIDLen + // SecretID MSG_STRING_LEN + // epPassword len epPassword->pwordLen; - + + // is there an ext, account for it + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } + pReq = gpReqBuf; msgid = REQ_CACHE_READ_SECRET_MSGID; memcpy(pReq, &msgid, MSGID_LEN); @@ -1049,6 +1070,36 @@ int32_t ipc_ReadSecret memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { @@ -1335,7 +1386,8 @@ int32_t ipc_RemoveSecret SSCS_SECRETSTORE_HANDLE_T *ssHandle, SSCS_KEYCHAIN_ID_T *keychainID, SSCS_SECRET_ID_T *secretID, - SSCS_PASSWORD_T *epPassword + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext ) { int retVal = 0; //to be used in the function internally @@ -1351,6 +1403,9 @@ int32_t ipc_RemoveSecret uint32_t secretIDLen = 0; uint32_t msgLen = 0; + uint32_t extID = 0; + uint32_t luidLen = 0; + memset(gpReqBuf,0,sizeof(gpReqBuf)); memset(gpReplyBuf,0,sizeof(gpReplyBuf)); @@ -1384,6 +1439,23 @@ int32_t ipc_RemoveSecret msgLen += epPassword->pwordLen; } + // is there an ext, account for it + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } + pReq = gpReqBuf; msgid = REQ_CACHE_REMOVE_SECRET_MSGID; @@ -1411,8 +1483,39 @@ int32_t ipc_RemoveSecret { int pwordlen = 0; memcpy(pReq, &pwordlen, MSG_STRING_LEN); + pReq += MSG_STRING_LEN; } + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { @@ -1853,7 +1956,8 @@ int32_t ipc_RemoveKey SSCS_SECRET_ID_T *secretID, SS_UTF8_T *key, uint32_t keyLen, - SSCS_PASSWORD_T *epPassword + SSCS_PASSWORD_T *epPassword, + SSCS_EXT_T *ext ) { int retVal = 0; //to be used in the function internally @@ -1868,6 +1972,9 @@ int32_t ipc_RemoveKey SSCS_PASSWORD_T myPassword = {0,0,""}; + uint32_t extID = 0; + uint32_t luidLen = 0; + Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; Byte *pReq = NULL, *pReply = NULL; @@ -1911,6 +2018,31 @@ int32_t ipc_RemoveKey MSG_STRING_LEN + // epPassword len epPassword->pwordLen; + // is there an ext, account for it + if (ext) + { + // The login capture on Windows determines the LUID of the user + // and sends it as an Extension, marshall it across the pipe + // see the WriteSecret verb for handling it. + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + // as setup in the capture module + //ext.extID = WINDOWS_LOGON_ID; + //ext.version = 0x00010000; // 1.0.0 + //ext.ext = (void *)lpLogonId; + // _LUID { DWORD LowPart; LONG HighPart; // 8 byte + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } + pReq = gpReqBuf; msgid = REQ_REMOVE_KEY_MSGID; memcpy(pReq, &msgid, MSGID_LEN); @@ -1936,6 +2068,35 @@ int32_t ipc_RemoveKey memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { @@ -1976,7 +2137,8 @@ int32_t ipc_ReadKey uint8_t *val, uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired, + SSCS_EXT_T *ext ) { int retVal = 0; //to be used in the function internally @@ -1989,6 +2151,10 @@ int32_t ipc_ReadKey uint32_t secretIDLen = 0; uint32_t msgLen = 0; + uint32_t extID = 0; + uint32_t luidLen = 0; + + SSCS_PASSWORD_T myPassword = {0,0,""}; Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; @@ -2019,6 +2185,7 @@ int32_t ipc_ReadKey // epPassword is optional. So, the code should not break. if( NULL == epPassword ) epPassword = &myPassword; + msgLen = MSGID_LEN + MSG_LEN + MSG_STRING_LEN + // KeychainID length keychainIDLen + // Keychain ID @@ -2028,6 +2195,24 @@ int32_t ipc_ReadKey keyLen + //key MSG_STRING_LEN + // epPassword len epPassword->pwordLen; + + + // is there an ext, account for it + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } pReq = gpReqBuf; msgid = REQ_READ_KEY_MSGID; @@ -2054,6 +2239,36 @@ int32_t ipc_ReadKey memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { @@ -2144,7 +2359,8 @@ int32_t ipc_ReadBinaryKey uint8_t *val, uint32_t *valLen, SSCS_PASSWORD_T *epPassword, - uint32_t *bytesRequired + uint32_t *bytesRequired, + SSCS_EXT_T *ext ) { int retVal = 0; //to be used in the function internally @@ -2157,6 +2373,9 @@ int32_t ipc_ReadBinaryKey uint32_t secretIDLen = 0; uint32_t msgLen = 0; + uint32_t extID = 0; + uint32_t luidLen = 0; + SSCS_PASSWORD_T myPassword = {0,0,""}; Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; @@ -2195,7 +2414,25 @@ int32_t ipc_ReadBinaryKey keyLen + //key MSG_STRING_LEN + // epPassword len epPassword->pwordLen; - + + // is there an ext, account for it + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; + } + else + msgLen += MSG_DWORD_LEN; + } + else + { + // the cache daemon expects a ext, add it here + msgLen += MSG_DWORD_LEN; + } + + pReq = gpReqBuf; msgid = REQ_READ_BINARY_KEY_MSGID; memcpy(pReq, &msgid, MSGID_LEN); @@ -2221,6 +2458,35 @@ int32_t ipc_ReadBinaryKey memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; + // marshall the extension if there is one + if (ext) + { + if (ext->extID == WINDOWS_LOGIN_ID) + { + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, ext->ext, 8); + pReq += 8; + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + + } + } + else + { + uint32_t extID = 0; + memcpy(pReq,&extID,MSG_DWORD_LEN); + } + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { @@ -2965,3 +3231,150 @@ int ipc_IsSecretPersistent return retCode; } +int32_t ipc_MergeCache(SSCS_SECRETSTORE_HANDLE_T *ssHandle, + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + int32_t bDestroySrc) +{ + int retVal = 0; //to be used in the function internally + int32_t retCode = NSSCS_SUCCESS; //to be returned to caller + int32_t sockReturn = 0; //obtained from the server + + Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; + Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; + Byte *pReq = NULL, *pReply = NULL; + Byte *tmpBuf = NULL; + + uint16_t msgid = 0; + uint32_t msgLen = 0; + + uint32_t extID = 0; + uint32_t luidLen = 0; + + memset(gpReqBuf,0,sizeof(gpReqBuf)); + memset(gpReplyBuf,0,sizeof(gpReplyBuf)); + + do + { + + // Prepare Request buffer + msgLen = MSGID_LEN + MSG_LEN; + + // compute the size of the extensions we marshall + if (srcExt && targetExt) + { + if ((srcExt->extID == WINDOWS_LOGIN_ID) && (targetExt->extID == WINDOWS_LOGIN_ID)) + { + // 4 byte ext type, 4 byte len and 8 bytes of LUID + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // src + msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // target + msgLen += sizeof(int32_t); // destroy flag + } + else + { + retCode = NSSCS_E_NOT_SUPPORTED; + break; + } + } + else + { + retCode = NSSCS_E_NOT_SUPPORTED; + break; + } + + // if no errors, marshal the data. + if (!retCode) + { + if( msgLen > MIN_REQUEST_BUF_LEN ) + { + tmpBuf = (Byte*)malloc(msgLen); + if( NULL == tmpBuf ) + { + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + memset(tmpBuf,0,msgLen); + pReq = tmpBuf; + } + else + { + pReq = gpReqBuf; + } + + msgid = REQ_MERGE_CACHE_MSGID; + memcpy(pReq, &msgid, MSGID_LEN); + pReq += MSGID_LEN; + memcpy(pReq, &msgLen, MSG_LEN); + pReq += MSG_LEN; + + // copy the srcExt + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, srcExt->ext, 8); + pReq += 8; + + // copy the targetExt + extID = EXT_TYPE_WINDOWS_LUID; + memcpy(pReq, &extID, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + luidLen = WINDOWS_LUID_LEN; + memcpy(pReq, &luidLen, MSG_DWORD_LEN); + pReq += MSG_DWORD_LEN; + + memcpy(pReq, targetExt->ext, 8); + pReq += 8; + + // copy destroy flag + memcpy(pReq, &bDestroySrc, sizeof(int32_t)); + + if(tmpBuf != NULL) + { + retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen); + } + else + { + retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen); + } + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + // Read reply + pReply = gpReplyBuf; + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + if(retVal < 0) + { + //log debug info here + retCode = NSSCS_E_SYSTEM_FAILURE; + break; + } + + memcpy(&msgid,pReply, MSGID_LEN); + pReply += MSGID_LEN; + memcpy(&msgLen,pReply, MSG_LEN); + pReply += MSG_LEN; + memcpy(&sockReturn, pReply, MSG_DWORD_LEN); + retCode = mapReturnCode(sockReturn); + } + + }while(0); + + if( tmpBuf != NULL ) + { + free(tmpBuf); + tmpBuf = NULL; + } + + return retCode; +} + diff --git a/CASA/micasad/cache/SecretStore.cs b/CASA/micasad/cache/SecretStore.cs index 0d859bec..1dc7d16f 100644 --- a/CASA/micasad/cache/SecretStore.cs +++ b/CASA/micasad/cache/SecretStore.cs @@ -904,7 +904,7 @@ namespace sscs.cache { if (lss != null) { - MemoryStream ms = lss.GetSecretsAsXMLStream(); + MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this); byte[] baSecrets = ms.ToArray(); // encrypt if an encryptionstring was passed @@ -939,10 +939,7 @@ namespace sscs.cache XmlDocument doc = new XmlDocument(); String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets); doc.LoadXml(sXMLData); - if (lss != null) - { - lss.AddXMLSecretsToStore(doc); - } + LocalStorage.AddXMLSecretsToStore(this, doc); } internal void CreatePolicyDirectory() diff --git a/CASA/micasad/common/RequestParser.cs b/CASA/micasad/common/RequestParser.cs index 3b3cf822..ee687c56 100644 --- a/CASA/micasad/common/RequestParser.cs +++ b/CASA/micasad/common/RequestParser.cs @@ -84,6 +84,7 @@ namespace sscs.common msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey"); msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey"); msgIdMap.Add(23,"sscs.verbs.RemoveKey"); + msgIdMap.Add(24,"sscs.verbs.MergeCache"); } diff --git a/CASA/micasad/common/WinUserIdentifier.cs b/CASA/micasad/common/WinUserIdentifier.cs index a3fd945d..581d2819 100644 --- a/CASA/micasad/common/WinUserIdentifier.cs +++ b/CASA/micasad/common/WinUserIdentifier.cs @@ -72,7 +72,9 @@ namespace sscs.common } public void PrintIdentifier() { - // Console.WriteLine("WinUserIdentifier : uid is {0}",uid); + CSSSLogger.DbgLog(" High: " + this.uidHigh); + CSSSLogger.DbgLog(" LOW: " + this.uidLow); + CSSSLogger.DbgLog(" SID: " + this.m_sSID); } public int GetUID() @@ -80,5 +82,15 @@ namespace sscs.common return -1; } + internal int GetUIDLow() + { + return this.uidLow; + } + + internal int GetUIDHigh() + { + return this.uidHigh; + } + } } diff --git a/CASA/micasad/lss/LocalStorage.cs b/CASA/micasad/lss/LocalStorage.cs index 7df6a40b..895413f1 100644 --- a/CASA/micasad/lss/LocalStorage.cs +++ b/CASA/micasad/lss/LocalStorage.cs @@ -35,6 +35,7 @@ using sscs.crypto; using sscs.common; using sscs.constants; using Novell.CASA.MiCasa.Common; +using Novell.CASA.CASAPolicy; namespace sscs.lss { @@ -239,7 +240,7 @@ namespace sscs.lss } // add these to the store - AddXMLSecretsToStore(doc); + AddXMLSecretsToStore(userStore, doc); } catch(Exception e) { @@ -252,7 +253,7 @@ namespace sscs.lss return true; } - internal void AddXMLSecretsToStore(XmlDocument doc) + internal static void AddXMLSecretsToStore(SecretStore userStore, XmlDocument doc) { string xpath = ""; xpath = "//" + XmlConsts.miCASANode; @@ -271,11 +272,38 @@ namespace sscs.lss { keyChain = new KeyChain(keyChainId); userStore.AddKeyChain(keyChain); + + } else { keyChain = userStore.GetKeyChain(keyChainId); + + // set the created time if possible + XmlNode timeNode = node.SelectSingleNode("descendant::" + XmlConsts.timeNode); + if (timeNode != null) + { + XmlAttributeCollection timeAttribCol = timeNode.Attributes; + if (timeAttribCol != null) + { + XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode); + if (createdTimeNode != null) + { + //Console.WriteLine("KeyChain create time:" + new DateTime(long.Parse(createdTimeNode.Value))); + } + else + { + //Console.WriteLine("Create time not found"); + } + XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode); + if (modifiedTimeNode != null) + { + //Console.WriteLine("KeyChain mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value))); + } + } + } } + xpath = "descendant::" + XmlConsts.secretNode; XmlNodeList secretNodeList = node.SelectNodes(xpath); foreach(XmlNode secretNode in secretNodeList) @@ -284,6 +312,39 @@ namespace sscs.lss string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0"; xpath = "descendant::" + XmlConsts.valueNode; Secret secret = new Secret(secretId); + + + // get time stamps for this secret + XmlNode timeNode = secretNode.SelectSingleNode("descendant::" + XmlConsts.timeNode); + if (timeNode != null) + { + //Console.WriteLine("Secret: " + secretId); + XmlAttributeCollection timeAttribCol = timeNode.Attributes; + if (timeAttribCol != null) + { + XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode); + if (createdTimeNode != null) + { + //Console.WriteLine("Secret create time:" + new DateTime(long.Parse(createdTimeNode.Value))); + } + else + { + //Console.WriteLine("Create time not found"); + } + + XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode); + if (modifiedTimeNode != null) + { + //Console.WriteLine("Secret mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value))); + } + else + { + //Console.WriteLine("mod time not found"); + } + } + } + + if( keyChain.CheckIfSecretExists(secretId) == false) { keyChain.AddSecret(secret); @@ -309,9 +370,8 @@ namespace sscs.lss xpath = "descendant::" + XmlConsts.keyValueNode; XmlNode keyValNode = keyNode.SelectSingleNode(xpath); string keyValue = keyValNode.InnerText; - secret.SetKeyValue(key,keyValue); - - + secret.SetKeyValue(key,keyValue); + // add linked keys xpath = "descendant::" + XmlConsts.linkedKeyNode; XmlNodeList linkNodeList = keyNode.SelectNodes(xpath); @@ -362,10 +422,26 @@ namespace sscs.lss internal void PersistStore() { + string sPeristSecrets = null; + + // is policy set to persist secrets + UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory()); + if (uiPolicy != null) + { + sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS); + } + + if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0"))) + { + // delete .miCASA file and .IV file + File.Delete(userStore.GetPersistenceFilePath()); + return; + } + //userStore.DumpSecretstore(); try { - MemoryStream ms1 = GetSecretsAsXMLStream(); + MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore); //byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath()); byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath()); @@ -412,7 +488,7 @@ namespace sscs.lss } } - internal MemoryStream GetSecretsAsXMLStream() + internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore) { try { @@ -438,12 +514,13 @@ namespace sscs.lss sTmpId = new string(tmpId); writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); - /* If we need to store time - writer.WriteStartElement(XmlConsts.timeNode); - writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.ToString()); - writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.ToString()); - writer.WriteEndElement(); - */ + // If we need to store time + writer.WriteStartElement(XmlConsts.timeNode); + writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.Ticks.ToString()); + writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.Ticks.ToString()); + writer.WriteEndElement(); + + PersistencePol policy = null; IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets()); while(secIter.MoveNext()) @@ -451,18 +528,37 @@ namespace sscs.lss Secret secret = (Secret)secIter.Value; writer.WriteStartElement(XmlConsts.secretNode); string secretId = secret.GetKey(); + tmpId = new char[secretId.Length-1]; for(int i = 0; i < secretId.Length-1; i++ ) + { tmpId[i] = secretId[i]; + } sTmpId = new string(tmpId); + // TODO: Does Policy allow persisting this secret. + if (policy == null) + { + policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory()); + } + + bool bSaveValues = true; + if (policy != null) + { + if (policy.GetSecretPolicy(sTmpId, "Persistent", "True").Equals("False")) + { + //continue; + bSaveValues = false; + } + } + writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); - /* If we need to store time - writer.WriteStartElement(XmlConsts.timeNode); - writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.ToString()); - writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.ToString()); - writer.WriteEndElement(); - */ + // If we need to store time + writer.WriteStartElement(XmlConsts.timeNode); + writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.Ticks.ToString()); + writer.WriteAttributeString("LazyTime",secret.CreatedTime.ToShortDateString()); + writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.Ticks.ToString()); + writer.WriteEndElement(); writer.WriteStartElement(XmlConsts.valueNode); // byte[] byteArr = secret.GetValue(); @@ -475,14 +571,19 @@ namespace sscs.lss writer.WriteStartElement(XmlConsts.keyNode); writer.WriteAttributeString(XmlConsts.idAttr, sKey); writer.WriteStartElement(XmlConsts.keyValueNode); - writer.WriteString(value); + + if (bSaveValues) + writer.WriteString(value); + else + writer.WriteString(""); + writer.WriteEndElement(); - /* If we need to store time - writer.WriteStartElement(XmlConsts.timeNode); - writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).ToString()); - writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).ToString()); - writer.WriteEndElement(); - */ + // If we need to store time + writer.WriteStartElement(XmlConsts.timeNode); + writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).Ticks.ToString()); + writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).Ticks.ToString()); + writer.WriteEndElement(); + // write all LinkKeys Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey); if (htLinkedKeys != null) diff --git a/CASA/micasad/verbs/ReadBinaryKey.cs b/CASA/micasad/verbs/ReadBinaryKey.cs index 951f3b87..4d8dab82 100644 --- a/CASA/micasad/verbs/ReadBinaryKey.cs +++ b/CASA/micasad/verbs/ReadBinaryKey.cs @@ -56,6 +56,13 @@ namespace sscs.verbs private byte[] inBuf; private byte[] outBuf; + // extension operations + private uint extId = 0; +#if W32 + private int luidLow = 0; + private int luidHigh = 0; +#endif + /* * This method sets the class member with the byte array received. */ @@ -77,6 +84,7 @@ namespace sscs.verbs Secret secret = null; CSSSLogger.ExecutionTrace(this); + UserIdentifier tempUserId = userId; /* If an exception occurs in message format decoding, * it is handled by AppHandler @@ -108,12 +116,41 @@ namespace sscs.verbs byte[] keyArr = new byte[keyLen]; Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); key = Encoding.UTF8.GetString(keyArr); - + try + { + // get extension ID + int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen); + extId = BitConverter.ToUInt32(inBuf, extLocation); + } + catch (Exception) + { + //CSSSLogger.ExpLog(e.ToString()); + } + + SecretStore ssStore; + + if (extId == 1) + { +#if W32 + WinUserIdentifier test = (WinUserIdentifier)userId; + // NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM" + if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0)) + { + // WINDOWS LUID + // System Services, like DLU create fake UIDs, store credentials and then want to read that data. + luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8); + luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12); + tempUserId = new WinUserIdentifier(luidLow, luidHigh); + SecretStore ss = SessionManager.CreateUserSession(tempUserId); + } +#endif + + } try { KeyChain keyChain = null; // Secret secret = null; - SecretStore ssStore = SessionManager.GetUserSecretStore(userId); + ssStore = SessionManager.GetUserSecretStore(tempUserId); if (!ssStore.IsStoreLocked()) { if( ssStore.CheckIfKeyChainExists(keyChainId) ) diff --git a/CASA/micasad/verbs/ReadKey.cs b/CASA/micasad/verbs/ReadKey.cs index 1f6b9ca7..3edf14cc 100644 --- a/CASA/micasad/verbs/ReadKey.cs +++ b/CASA/micasad/verbs/ReadKey.cs @@ -56,6 +56,13 @@ namespace sscs.verbs private byte[] inBuf; private byte[] outBuf; + // extension operations + private uint extId = 0; +#if W32 + private int luidLow = 0; + private int luidHigh = 0; +#endif + /* * This method sets the class member with the byte array received. */ @@ -77,6 +84,7 @@ namespace sscs.verbs Secret secret = null; CSSSLogger.ExecutionTrace(this); + UserIdentifier tempUserId = userId; /* If an exception occurs in message format decoding, * it is handled by AppHandler @@ -108,12 +116,44 @@ namespace sscs.verbs byte[] keyArr = new byte[keyLen]; Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); key = Encoding.UTF8.GetString(keyArr); - + try + { + // get extension ID + int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen); + extId = BitConverter.ToUInt32(inBuf, extLocation); + } + catch (Exception) + { + //CSSSLogger.ExpLog(e.ToString()); + } + + SecretStore ssStore; + + if (extId == 1) + { +#if W32 + WinUserIdentifier test = (WinUserIdentifier)userId; + // NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM" + if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0)) + { + // WINDOWS LUID + // System Services, like DLU create fake UIDs, store credentials and then want to read that data. + luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8); + luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12); + tempUserId = new WinUserIdentifier(luidLow, luidHigh); + SecretStore ss = SessionManager.CreateUserSession(tempUserId); + } +#endif + + } + + try { - KeyChain keyChain = null; - // Secret secret = null; - SecretStore ssStore = SessionManager.GetUserSecretStore(userId); + + KeyChain keyChain = null; + ssStore = SessionManager.GetUserSecretStore(tempUserId); + if (!ssStore.IsStoreLocked()) { if( ssStore.CheckIfKeyChainExists(keyChainId) ) diff --git a/CASA/micasad/verbs/ReadSecret.cs b/CASA/micasad/verbs/ReadSecret.cs index 2aeb97cc..9c610b44 100644 --- a/CASA/micasad/verbs/ReadSecret.cs +++ b/CASA/micasad/verbs/ReadSecret.cs @@ -51,6 +51,13 @@ namespace sscs.verbs private byte[] inBuf; private byte[] outBuf; + + // extension operations + private uint extId = 0; +#if W32 + private int luidLow = 0; + private int luidHigh = 0; +#endif /* * This method sets the class member with the byte array received. @@ -73,6 +80,7 @@ namespace sscs.verbs Secret secret = null; CSSSLogger.ExecutionTrace(this); + UserIdentifier tempUserId = userId; /* If an exception occurs in message format decoding, * it is handled by AppHandler @@ -99,11 +107,40 @@ namespace sscs.verbs secretId = Encoding.UTF8.GetString(secretIdArr); // Message Format decipher - End + try + { + // get extension ID + int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen); + extId = BitConverter.ToUInt32(inBuf, extLocation); + } + catch (Exception) + { + //CSSSLogger.ExpLog(e.ToString()); + } + + SecretStore ssStore; + + if (extId == 1) + { +#if W32 + WinUserIdentifier test = (WinUserIdentifier)userId; + // NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM" + if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0)) + { + // WINDOWS LUID + // System Services, like DLU create fake UIDs, store credentials and then want to read that data. + luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8); + luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12); + tempUserId = new WinUserIdentifier(luidLow, luidHigh); + SecretStore ss = SessionManager.CreateUserSession(tempUserId); + } +#endif + } try { KeyChain keyChain = null; // Secret secret = null; - SecretStore ssStore = SessionManager.GetUserSecretStore(userId); + ssStore = SessionManager.GetUserSecretStore(tempUserId); if (!ssStore.IsStoreLocked()) { diff --git a/CASA/micasad/verbs/RemoveKey.cs b/CASA/micasad/verbs/RemoveKey.cs index b6b0e8b8..7a6e24cb 100644 --- a/CASA/micasad/verbs/RemoveKey.cs +++ b/CASA/micasad/verbs/RemoveKey.cs @@ -52,6 +52,13 @@ namespace sscs.verbs private byte[] inBuf; private byte[] outBuf; + // extension operations + private uint extId = 0; +#if W32 + private int luidLow = 0; + private int luidHigh = 0; +#endif + /* * This method sets the class member with the byte array received. */ @@ -78,6 +85,8 @@ namespace sscs.verbs * it is handled by AppHandler */ + UserIdentifier tempUserId = userId; + // Message Format decipher - Start msgId = BitConverter.ToUInt16(inBuf,0); inMsgLen = BitConverter.ToUInt32(inBuf,2); @@ -105,11 +114,45 @@ namespace sscs.verbs Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); key = Encoding.UTF8.GetString(keyArr); + try + { + // get extension ID + int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen); + extId = BitConverter.ToUInt32(inBuf, extLocation); + } + catch (Exception) + { + //CSSSLogger.ExpLog(e.ToString()); + } + + if (extId == 1) + { +#if W32 + // WINDOWS LUID + // This is how the Login Capture module on windows, running as System, sets the Desktop Credential. + // we might be able to change this if/when we abstract the session. + // [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh] + luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8); + luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12); + tempUserId = new WinUserIdentifier(luidLow, luidHigh); + SecretStore ss = SessionManager.CreateUserSession(tempUserId); + try + { + ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0")); + } + catch (Exception) + { + + } +#endif + } + + try { KeyChain keyChain = null; // Secret secret = null; - SecretStore ssStore = SessionManager.GetUserSecretStore(userId); + SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId); if (!ssStore.IsStoreLocked()) { if( ssStore.CheckIfKeyChainExists(keyChainId) ) diff --git a/CASA/micasad/verbs/RemoveSecret.cs b/CASA/micasad/verbs/RemoveSecret.cs index aa1d3208..186a3149 100644 --- a/CASA/micasad/verbs/RemoveSecret.cs +++ b/CASA/micasad/verbs/RemoveSecret.cs @@ -50,6 +50,14 @@ namespace sscs.verbs private byte[] inBuf; private byte[] outBuf; + + // extension operations + private uint extId = 0; +#if W32 + private int luidLow = 0; + private int luidHigh = 0; +#endif + /* * This method sets the class member with the byte array received. */ @@ -69,6 +77,9 @@ namespace sscs.verbs { CSSSLogger.ExecutionTrace(this); + + UserIdentifier tempUserId = userId; + /* If an exception occurs in message format decoding, * it is handled by AppHandler */ @@ -92,11 +103,44 @@ namespace sscs.verbs byte[] secretIdArr = new byte[secretIdLen]; Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen); secretId = Encoding.UTF8.GetString(secretIdArr); - // Message Format decipher - End + + try + { + // get extension ID + int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen); + extId = BitConverter.ToUInt32(inBuf, extLocation); + } + catch (Exception) + { + //CSSSLogger.ExpLog(e.ToString()); + } + + if (extId == 1) + { +#if W32 + // WINDOWS LUID + // This is how the Login Capture module on windows, running as System, sets the Desktop Credential. + // we might be able to change this if/when we abstract the session. + // [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh] + luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8); + luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12); + tempUserId = new WinUserIdentifier(luidLow, luidHigh); + SecretStore ss = SessionManager.CreateUserSession(tempUserId); + try + { + ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0")); + } + catch (Exception) + { + + } +#endif + } + // Message Format decipher - End try { - SecretStore ssStore = SessionManager.GetUserSecretStore(userId); + SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId); if (!ssStore.IsStoreLocked()) { diff --git a/CASA/micasadk/link.w32 b/CASA/micasadk/link.w32 index 50613824..6d925e35 100644 --- a/CASA/micasadk/link.w32 +++ b/CASA/micasadk/link.w32 @@ -35,6 +35,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ + echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ diff --git a/CASA/micasadk/link_mdd.w32 b/CASA/micasadk/link_mdd.w32 index 4e98f753..46c13e23 100644 --- a/CASA/micasadk/link_mdd.w32 +++ b/CASA/micasadk/link_mdd.w32 @@ -40,6 +40,7 @@ LINK_DEF_BLD = \ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ + echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ diff --git a/CASA/micasadk/micasa.def b/CASA/micasadk/micasa.def index 5c8c31ed..4cd2c554 100644 --- a/CASA/micasadk/micasa.def +++ b/CASA/micasadk/micasa.def @@ -10,6 +10,7 @@ EXPORTS miCASARemoveCredential miCASAOpenSecretStoreCache miCASACloseSecretStoreCache + miCASAMergeCache miCASAReadSecret miCASARemoveSecret miCASAWriteSecret diff --git a/CASA/micasadk/sscs_ndk.c b/CASA/micasadk/sscs_ndk.c index a814c26a..e3ed7dd1 100644 --- a/CASA/micasadk/sscs_ndk.c +++ b/CASA/micasadk/sscs_ndk.c @@ -1107,7 +1107,7 @@ miCASAReadSecret } if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, - epPassword, &bytesRequired, readData)) + epPassword, &bytesRequired, ext)) { goto errorLevel1; } @@ -1285,7 +1285,7 @@ miCASARemoveSecret } rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID, - &secretID, epPassword, NULL); + &secretID, epPassword, ext); /* ############################### CODE EXITS HERE ############################# */ @@ -3207,7 +3207,7 @@ miCASAGetCredential // read credset for this app secID.type = SSCS_CREDENTIAL_TYPE_F; - rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); + rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext); if(rcode == NSSCS_SUCCESS) { @@ -3231,7 +3231,7 @@ miCASAGetCredential secID.type = SSCS_CREDENTIAL_TYPE_F; secID.len = appSecretID->len; sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); - rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); + rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext); if(rcode == NSSCS_SUCCESS) { // read the username and password @@ -3605,7 +3605,7 @@ miCASADeleteCredential secID.len = appSecretID->len; sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); - rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL); + rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, ext); // close the secretstore miCASACloseSecretStoreCache(context, ssFlags, NULL); @@ -3750,3 +3750,46 @@ miCASAIsSecretPersistent /* ############################### CODE ENDS HERE ############################# */ } // end of miCASAIsSecretPersistent +/* + * NAME - miCASAMergeCache + * + * DESCRIPTION + * This call merges the src cache with the destination cache + * + */ +SSCS_GLOBAL_LIBCALL(int32_t) +miCASAMergeCache +( + SSCS_EXT_T *srcExt, + SSCS_EXT_T *targetExt, + uint32_t bDestroySrcCache +) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + void *context = NULL; + int32_t rcode = 0; + SSCS_SECRETSTORE_T store = {0}; + SSCS_CONTEXT_T *storeContext; + +/* ############################## CODE STARTS HERE ############################ */ + + // open secretStore + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); + store.version = 1; + context = miCASAOpenSecretStoreCache(&store, 0, NULL); + + storeContext = (SSCS_CONTEXT_T *)context; + + if(context == NULL) + { + return NSSCS_E_SYSTEM_FAILURE; + } + + rcode = sscs_MergeCache(storeContext->ssHandle, srcExt, targetExt, bDestroySrcCache); + miCASACloseSecretStoreCache(context, 0, NULL); + + return rcode; + +/* ############################### CODE ENDS HERE ############################# */ +} // end of miCASAIsSecretPersistent \ No newline at end of file