Add support for Dynamic Local User(DLU) on windows

CASA/CASA.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Tue Oct 10 11:56:10 MDT 2006 - jnorman@novell.com
+
+- Add support for Dynamic Local User(DLU) on windows
+
 -------------------------------------------------------------------
 Fri Oct  6 16:12:10 MDT 2006 - schoi@novell.com
 

CASA/include/micasa.h

@@ -536,6 +536,14 @@ miCASASetMasterPasscode
         SSCS_EXT_T                      *ext
 );
 
+SSCS_EXTERN_LIBCALL(int32_t)
+miCASAMergeCache
+(
+	SSCS_EXT_T	*srcExt,
+	SSCS_EXT_T	*targetExt,
+	uint32_t	 bDestroySrcCache
+);
+
 
 
 //**************************************************************

CASA/include/sscs_cache.h

@@ -28,6 +28,7 @@ extern "C"
 {
 #endif
 
+
 //#include <wchar.h>
 #include <sscs_sdk.h>
 #include <sscs_utf8.h>
@@ -554,6 +555,13 @@ int sscs_IsSecretPersistent
 	void			*reserved
 );
 
+int sscs_MergeCache
+(	
+	void		*ssHandle,
+	SSCS_EXT_T	*srcExt,
+	SSCS_EXT_T	*targetExt,
+	uint32_t	bDestroySrc
+);
 
 
 #if defined(__cplusplus) || defined(c_plusplus)

CASA/include/sscs_ipc.h

@@ -125,7 +125,8 @@ int ipc_ReadSecret
     SSCS_SECRET_ID_T          *secretID,
     SSCS_SECRET_T             *secretData,
     SSCS_PASSWORD_T           *epPassword,
-    unsigned int              *bytesRequired
+    unsigned int              *bytesRequired,
+	SSCS_EXT_T				  *ext
 );
 
 int ipc_WriteSecret
@@ -144,7 +145,8 @@ int ipc_RemoveSecret
     SSCS_SECRETSTORE_HANDLE_T *ssHandle,
     SSCS_KEYCHAIN_ID_T        *keychainID,
     SSCS_SECRET_ID_T          *secretID,
-    SSCS_PASSWORD_T           *epPassword
+    SSCS_PASSWORD_T           *epPassword,
+	SSCS_EXT_T				  *ext
 );
 
 int  ipc_GetSecretStoreInfo
@@ -187,7 +189,8 @@ int ipc_ReadKey
     uint8_t                    *val,
     uint32_t                   *valLen,
     SSCS_PASSWORD_T           *epPassword,
-    uint32_t                  *bytesRequired
+    uint32_t                  *bytesRequired,
+	SSCS_EXT_T				  *ext
 );
 
 int ipc_WriteKey
@@ -211,7 +214,8 @@ int ipc_RemoveKey
     SSCS_SECRET_ID_T          *secretID,
     SS_UTF8_T                 *key,
     uint32_t                   keyLen,
-    SSCS_PASSWORD_T           *epPassword
+    SSCS_PASSWORD_T           *epPassword,
+	SSCS_EXT_T				  *ext
 );
 
 int ipc_ReadBinaryKey
@@ -224,7 +228,8 @@ int ipc_ReadBinaryKey
     uint8_t                    *val,
     uint32_t                   *valLen,
     SSCS_PASSWORD_T           *epPassword,
-    uint32_t                  *bytesRequired
+    uint32_t                  *bytesRequired,
+	SSCS_EXT_T				  *ext
 );
 
 int ipc_WriteBinaryKey
@@ -257,6 +262,15 @@ int ipc_IsSecretPersistent
     SSCS_EXT_T				  *ext
 );
 
+int ipc_MergeCache
+(
+	SSCS_SECRETSTORE_HANDLE_T *ssHandle,
+	SSCS_EXT_T				 *srcExt,
+	SSCS_EXT_T				 *targetExt,
+	int32_t				     bDestorySrc
+);
+
+
 #endif
 #endif
 

CASA/include/sscs_unx_cache_defines.h

@@ -147,6 +147,9 @@
 #define REQ_REMOVE_KEY_MSGID					0x0017
 #define RESP_REMOVE_KEY_MSGID				    0x1017
 
+#define REQ_MERGE_CACHE_MSGID					0x0018
+#define RESP_MERGE_CACHE_MSGID				    0x1018
+
 #define EXT_TYPE_WINDOWS_LUID					0x00000001;
 #define WINDOWS_LUID_LEN						0x00000008;
 

CASA/micasacache/link.w32

@@ -34,6 +34,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
 	echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
 	echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
+	echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
 	echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
 	echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
 	echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

CASA/micasacache/link_mdd.w32

@@ -36,6 +36,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
 	echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
 	echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
+	echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
 	echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
 	echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
 	echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

CASA/micasacache/micasacache.def

@@ -10,6 +10,7 @@ EXPORTS
 	sscs_CacheGetSecretStoreInfo
 	sscs_CacheGetKeychainInfo
 	sscs_LockCache
+	sscs_MergeCache
 	sscs_UnlockCache
 	sscs_CacheRemoveSecret
 	sscs_SetMasterPasscode

CASA/micasacache/sscs_unx_cache.c

@@ -317,7 +317,7 @@ int32_t sscs_CacheReadSecret
     int32_t retVal = 0;
     SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
 
-    retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired);
+	retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired, reserved);
 	
     return retVal;
 }
@@ -408,7 +408,7 @@ int32_t sscs_CacheRemoveSecret
     int32_t retVal = 0;
     SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
 	
-    retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword);
+	retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword,reserved);
 	
     return retVal;
 }
@@ -668,7 +668,7 @@ int32_t sscs_CacheRemoveKey
     int32_t retVal = 0;
     SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
 	
-    retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword);
+    retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword,reserved);
 	
     return retVal;
 }
@@ -721,7 +721,7 @@ int32_t sscs_CacheReadKey
     int32_t retVal = 0;
     SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
 
-    retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
+	retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
 
     return retVal;
 }
@@ -744,7 +744,7 @@ int32_t sscs_CacheReadBinaryKey
     int32_t retVal = 0;
     SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
 
-    retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
+    retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
 
     return retVal;
 }
@@ -766,6 +766,23 @@ int sscs_IsSecretPersistent
     return retVal;
 }
 
+int sscs_MergeCache
+(
+	void		*ssHandle,
+	SSCS_EXT_T	*srcExt,
+	SSCS_EXT_T	*targetExt,
+	uint32_t	bDestroySrc
+)
+{
+    int32_t retVal = 0;
+    SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
+
+	retVal = ipc_MergeCache(ssHandleCopy,srcExt,targetExt,bDestroySrc);
+
+    return retVal;
+}
+
+
 //#endif
 
 #if defined(__cplusplus) || defined(c_plusplus)

CASA/micasacache/sscs_unx_ipc_client.c

@@ -979,7 +979,8 @@ int32_t ipc_ReadSecret
     SSCS_SECRET_ID_T          *secretID,
     SSCS_SECRET_T             *secretData,
     SSCS_PASSWORD_T           *epPassword,
-    uint32_t              *bytesRequired
+    uint32_t				  *bytesRequired,
+	SSCS_EXT_T				  *ext
 )
 {
     int retVal         = 0; //to be used in the function internally
@@ -992,6 +993,9 @@ int32_t ipc_ReadSecret
     uint32_t secretIDLen   = 0;
     uint32_t msgLen        = 0;
 
+	uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+
     SSCS_PASSWORD_T    myPassword = {0,0,""};
 
     Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -1030,6 +1034,23 @@ int32_t ipc_ReadSecret
                  MSG_STRING_LEN + // epPassword len
                  epPassword->pwordLen; 
 
+		// is there an ext, account for it
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
+			}						
+            else
+                msgLen += MSG_DWORD_LEN;
+		}
+		else
+		{
+			// the cache daemon expects a ext, add it here
+			msgLen += MSG_DWORD_LEN;
+		}
+
         pReq = gpReqBuf;
         msgid = REQ_CACHE_READ_SECRET_MSGID;
         memcpy(pReq, &msgid, MSGID_LEN);
@@ -1049,6 +1070,36 @@ int32_t ipc_ReadSecret
         memcpy(pReq, epPassword->pword, epPassword->pwordLen);
         pReq += epPassword->pwordLen;
 
+        // marshall the extension if there is one
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				extID = EXT_TYPE_WINDOWS_LUID;
+				memcpy(pReq, &extID, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+
+				luidLen = WINDOWS_LUID_LEN;
+				memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+				
+				memcpy(pReq, ext->ext, 8);
+				pReq += 8;
+  			}
+            else
+            {
+                uint32_t extID = 0;
+                memcpy(pReq,&extID,MSG_DWORD_LEN); 
+                
+            }
+		}
+        else
+        {
+			uint32_t extID = 0;
+            memcpy(pReq,&extID,MSG_DWORD_LEN);
+        }
+
+
         retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
         if(retVal < 0)
         {
@@ -1335,7 +1386,8 @@ int32_t ipc_RemoveSecret
     SSCS_SECRETSTORE_HANDLE_T *ssHandle,
     SSCS_KEYCHAIN_ID_T        *keychainID,
     SSCS_SECRET_ID_T          *secretID,
-    SSCS_PASSWORD_T           *epPassword
+    SSCS_PASSWORD_T           *epPassword,
+	SSCS_EXT_T				  *ext
 )
 {
     int retVal         = 0; //to be used in the function internally
@@ -1351,6 +1403,9 @@ int32_t ipc_RemoveSecret
     uint32_t secretIDLen   = 0;
     uint32_t msgLen        = 0;
 
+    uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+
     memset(gpReqBuf,0,sizeof(gpReqBuf));
     memset(gpReplyBuf,0,sizeof(gpReplyBuf));
 
@@ -1384,6 +1439,23 @@ int32_t ipc_RemoveSecret
             msgLen += epPassword->pwordLen;
         }
 
+		// is there an ext, account for it
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
+			}						
+            else
+                msgLen += MSG_DWORD_LEN;
+		}
+		else
+		{
+			// the cache daemon expects a ext, add it here
+			msgLen += MSG_DWORD_LEN;
+		}
+
         pReq = gpReqBuf;
 
         msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
@@ -1411,8 +1483,39 @@ int32_t ipc_RemoveSecret
         {
             int pwordlen = 0;
             memcpy(pReq, &pwordlen, MSG_STRING_LEN);
+			pReq += MSG_STRING_LEN;
         }
 
+        // marshall the extension if there is one
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				extID = EXT_TYPE_WINDOWS_LUID;
+				memcpy(pReq, &extID, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+
+				luidLen = WINDOWS_LUID_LEN;
+				memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+				
+				memcpy(pReq, ext->ext, 8);
+				pReq += 8;
+  			}
+            else
+            {
+                uint32_t extID = 0;
+                memcpy(pReq,&extID,MSG_DWORD_LEN); 
+                
+            }
+		}
+        else
+        {
+			uint32_t extID = 0;
+            memcpy(pReq,&extID,MSG_DWORD_LEN);
+        }
+
+
         retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
         if(retVal < 0)
         {
@@ -1853,7 +1956,8 @@ int32_t ipc_RemoveKey
     SSCS_SECRET_ID_T          *secretID,
     SS_UTF8_T                 *key,
     uint32_t                   keyLen,
-    SSCS_PASSWORD_T           *epPassword    
+    SSCS_PASSWORD_T           *epPassword,
+	SSCS_EXT_T				  *ext
 )
 {
     int retVal         = 0; //to be used in the function internally
@@ -1868,6 +1972,9 @@ int32_t ipc_RemoveKey
 
     SSCS_PASSWORD_T    myPassword = {0,0,""};
 
+    uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+
     Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
     Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
     Byte *pReq = NULL, *pReply = NULL;
@@ -1911,6 +2018,31 @@ int32_t ipc_RemoveKey
                  MSG_STRING_LEN + // epPassword len
                  epPassword->pwordLen; 
             
+		// is there an ext, account for it
+		if (ext)
+		{
+			// The login capture on Windows determines the LUID of the user
+			// and sends it as an Extension, marshall it across the pipe
+			// see the WriteSecret verb for handling it.
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;   				
+				// as setup in the capture module
+				//ext.extID = WINDOWS_LOGON_ID;
+				//ext.version = 0x00010000;  // 1.0.0
+				//ext.ext = (void *)lpLogonId;
+				// _LUID {  DWORD LowPart;  LONG HighPart; // 8 byte 
+			}						
+                        else
+                            msgLen += MSG_DWORD_LEN;
+		}
+		else
+		{
+			// the cache daemon expects a ext, add it here
+			msgLen += MSG_DWORD_LEN;
+		}
+
         pReq = gpReqBuf;
         msgid = REQ_REMOVE_KEY_MSGID;
         memcpy(pReq, &msgid, MSGID_LEN);
@@ -1936,6 +2068,35 @@ int32_t ipc_RemoveKey
         memcpy(pReq, epPassword->pword, epPassword->pwordLen);
         pReq += epPassword->pwordLen;
 
+        // marshall the extension if there is one
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				extID = EXT_TYPE_WINDOWS_LUID;
+				memcpy(pReq, &extID, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+
+				luidLen = WINDOWS_LUID_LEN;
+				memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+				
+				memcpy(pReq, ext->ext, 8);
+				pReq += 8;
+  			}
+            else
+            {
+                uint32_t extID = 0;
+                memcpy(pReq,&extID,MSG_DWORD_LEN); 
+                
+            }
+		}
+        else
+        {
+			uint32_t extID = 0;
+            memcpy(pReq,&extID,MSG_DWORD_LEN);
+        }
+
         retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
         if(retVal < 0)
         {
@@ -1976,7 +2137,8 @@ int32_t ipc_ReadKey
     uint8_t                    *val,
     uint32_t                   *valLen,
     SSCS_PASSWORD_T           *epPassword,
-    uint32_t			      *bytesRequired
+    uint32_t			      *bytesRequired,
+	SSCS_EXT_T				  *ext
 )
 {
     int retVal         = 0; //to be used in the function internally
@@ -1989,6 +2151,10 @@ int32_t ipc_ReadKey
     uint32_t secretIDLen   = 0;
     uint32_t msgLen        = 0;
 
+	uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+	
+
     SSCS_PASSWORD_T    myPassword = {0,0,""};
 
     Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -2019,6 +2185,7 @@ int32_t ipc_ReadKey
         // epPassword is optional. So, the code should not break.
         if( NULL == epPassword )
             epPassword = &myPassword;
+
         msgLen = MSGID_LEN + MSG_LEN + 
                  MSG_STRING_LEN + // KeychainID length
                  keychainIDLen + // Keychain ID
@@ -2029,6 +2196,24 @@ int32_t ipc_ReadKey
                  MSG_STRING_LEN + // epPassword len
                  epPassword->pwordLen; 
 
+
+		// is there an ext, account for it
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
+			}						
+            else
+                msgLen += MSG_DWORD_LEN;
+		}
+		else
+		{
+			// the cache daemon expects a ext, add it here
+			msgLen += MSG_DWORD_LEN;
+		}
+            
         pReq = gpReqBuf;
         msgid = REQ_READ_KEY_MSGID;
         memcpy(pReq, &msgid, MSGID_LEN);
@@ -2054,6 +2239,36 @@ int32_t ipc_ReadKey
         memcpy(pReq, epPassword->pword, epPassword->pwordLen);
         pReq += epPassword->pwordLen;
 
+        // marshall the extension if there is one
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				extID = EXT_TYPE_WINDOWS_LUID;
+				memcpy(pReq, &extID, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+
+				luidLen = WINDOWS_LUID_LEN;
+				memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+				
+				memcpy(pReq, ext->ext, 8);
+				pReq += 8;
+  			}
+            else
+            {
+                uint32_t extID = 0;
+                memcpy(pReq,&extID,MSG_DWORD_LEN); 
+                
+            }
+		}
+        else
+        {
+			uint32_t extID = 0;
+            memcpy(pReq,&extID,MSG_DWORD_LEN);
+        }
+
+
         retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
         if(retVal < 0)
         {
@@ -2144,7 +2359,8 @@ int32_t ipc_ReadBinaryKey
     uint8_t                   *val,
     uint32_t                  *valLen,
     SSCS_PASSWORD_T           *epPassword,
-    uint32_t			      *bytesRequired
+    uint32_t			      *bytesRequired,
+	SSCS_EXT_T				  *ext	
 )
 {
     int retVal         = 0; //to be used in the function internally
@@ -2157,6 +2373,9 @@ int32_t ipc_ReadBinaryKey
     uint32_t secretIDLen   = 0;
     uint32_t msgLen        = 0;
 
+	uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+
     SSCS_PASSWORD_T    myPassword = {0,0,""};
 
     Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -2196,6 +2415,24 @@ int32_t ipc_ReadBinaryKey
                  MSG_STRING_LEN + // epPassword len
                  epPassword->pwordLen; 
 
+		// is there an ext, account for it
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
+			}						
+            else
+                msgLen += MSG_DWORD_LEN;
+		}
+		else
+		{
+			// the cache daemon expects a ext, add it here
+			msgLen += MSG_DWORD_LEN;
+		}
+
+
         pReq = gpReqBuf;
         msgid = REQ_READ_BINARY_KEY_MSGID;
         memcpy(pReq, &msgid, MSGID_LEN);
@@ -2221,6 +2458,35 @@ int32_t ipc_ReadBinaryKey
         memcpy(pReq, epPassword->pword, epPassword->pwordLen);
         pReq += epPassword->pwordLen;
 
+        // marshall the extension if there is one
+		if (ext)
+		{
+			if (ext->extID == WINDOWS_LOGIN_ID)
+			{
+				extID = EXT_TYPE_WINDOWS_LUID;
+				memcpy(pReq, &extID, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+
+				luidLen = WINDOWS_LUID_LEN;
+				memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+				pReq += MSG_DWORD_LEN;
+				
+				memcpy(pReq, ext->ext, 8);
+				pReq += 8;
+  			}
+            else
+            {
+                uint32_t extID = 0;
+                memcpy(pReq,&extID,MSG_DWORD_LEN); 
+                
+            }
+		}
+        else
+        {
+			uint32_t extID = 0;
+            memcpy(pReq,&extID,MSG_DWORD_LEN);
+        }
+
         retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
         if(retVal < 0)
         {
@@ -2965,3 +3231,150 @@ int ipc_IsSecretPersistent
     return retCode;
 }
 
+int32_t ipc_MergeCache(SSCS_SECRETSTORE_HANDLE_T *ssHandle,
+					   SSCS_EXT_T				 *srcExt, 
+					   SSCS_EXT_T				 *targetExt, 
+					   int32_t					 bDestroySrc)
+{
+    int retVal         = 0;				//to be used in the function internally
+    int32_t retCode    = NSSCS_SUCCESS; //to be returned to caller
+    int32_t sockReturn = 0;				//obtained from the server
+
+    Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
+    Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
+    Byte *pReq = NULL, *pReply = NULL;
+    Byte *tmpBuf = NULL;
+
+    uint16_t msgid		   = 0;        
+    uint32_t msgLen        = 0;
+
+	uint32_t extID		   = 0;
+    uint32_t luidLen	   = 0; 
+
+    memset(gpReqBuf,0,sizeof(gpReqBuf));
+    memset(gpReplyBuf,0,sizeof(gpReplyBuf));
+
+    do
+    {
+		
+        // Prepare Request buffer
+        msgLen = MSGID_LEN + MSG_LEN;
+
+		// compute the size of the extensions we marshall		
+		if (srcExt && targetExt)
+		{
+			if ((srcExt->extID == WINDOWS_LOGIN_ID) && (targetExt->extID == WINDOWS_LOGIN_ID))
+			{
+				// 4 byte ext type, 4 byte len and 8 bytes of LUID
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;  // src
+				msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;  // target
+				msgLen += sizeof(int32_t);									 // destroy flag
+			}
+			else
+			{
+				retCode = NSSCS_E_NOT_SUPPORTED;
+				break;
+			}
+		}
+		else
+		{
+			retCode = NSSCS_E_NOT_SUPPORTED;
+			break;
+		}
+
+		// if no errors, marshal the data.
+		if (!retCode)
+		{
+			if( msgLen > MIN_REQUEST_BUF_LEN )
+			{        
+				tmpBuf = (Byte*)malloc(msgLen);
+				if( NULL == tmpBuf )
+				{
+					retCode = NSSCS_E_SYSTEM_FAILURE;
+					break;
+				}
+				memset(tmpBuf,0,msgLen);
+				pReq = tmpBuf;
+			}
+			else
+			{
+				pReq = gpReqBuf;
+			}        
+
+			msgid = REQ_MERGE_CACHE_MSGID;
+			memcpy(pReq, &msgid, MSGID_LEN);
+			pReq += MSGID_LEN;
+			memcpy(pReq, &msgLen, MSG_LEN);
+			pReq += MSG_LEN;
+
+			// copy the srcExt
+			extID = EXT_TYPE_WINDOWS_LUID;
+			memcpy(pReq, &extID, MSG_DWORD_LEN);
+			pReq += MSG_DWORD_LEN;
+
+			luidLen = WINDOWS_LUID_LEN;
+			memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+			pReq += MSG_DWORD_LEN;
+			
+			memcpy(pReq, srcExt->ext, 8);
+			pReq += 8;
+
+			// copy the targetExt
+			extID = EXT_TYPE_WINDOWS_LUID;
+			memcpy(pReq, &extID, MSG_DWORD_LEN);
+			pReq += MSG_DWORD_LEN;
+
+			luidLen = WINDOWS_LUID_LEN;
+			memcpy(pReq, &luidLen, MSG_DWORD_LEN);
+			pReq += MSG_DWORD_LEN;
+			
+			memcpy(pReq, targetExt->ext, 8);
+			pReq += 8;
+
+			// copy destroy flag
+			memcpy(pReq, &bDestroySrc, sizeof(int32_t));
+	                
+			if(tmpBuf != NULL)
+			{
+				retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen);
+			}
+			else
+			{
+				retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen);
+			}
+			if(retVal < 0)
+			{
+				//log debug info here
+				retCode = NSSCS_E_SYSTEM_FAILURE;
+				break;     
+			}
+
+			// Read reply
+			pReply = gpReplyBuf;
+			retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
+			if(retVal < 0)
+			{
+				//log debug info here
+				retCode = NSSCS_E_SYSTEM_FAILURE;
+				break;
+			}
+
+			memcpy(&msgid,pReply, MSGID_LEN);
+			pReply += MSGID_LEN;
+			memcpy(&msgLen,pReply, MSG_LEN);
+			pReply += MSG_LEN;
+			memcpy(&sockReturn, pReply, MSG_DWORD_LEN);
+			retCode = mapReturnCode(sockReturn);
+		}
+
+    }while(0);
+
+    if( tmpBuf != NULL )
+    {
+        free(tmpBuf);
+        tmpBuf = NULL;
+    }
+
+	return retCode;
+}
+

CASA/micasad/cache/SecretStore.cs

@@ -904,7 +904,7 @@ namespace sscs.cache
 		{
 			if (lss != null)
 			{
-				MemoryStream ms = lss.GetSecretsAsXMLStream();
+				MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
 				byte[] baSecrets = ms.ToArray();
 
 				// encrypt if an encryptionstring was passed
@@ -939,10 +939,7 @@ namespace sscs.cache
 			XmlDocument doc = new XmlDocument();
 			String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets);
 			doc.LoadXml(sXMLData);
-			if (lss != null)
+			LocalStorage.AddXMLSecretsToStore(this, doc);
-			{
-				lss.AddXMLSecretsToStore(doc);
-			}
 		}
 
 		internal void CreatePolicyDirectory()

CASA/micasad/common/RequestParser.cs

@@ -84,6 +84,7 @@ namespace sscs.common
 			msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey");
 			msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey");
             msgIdMap.Add(23,"sscs.verbs.RemoveKey");
+			msgIdMap.Add(24,"sscs.verbs.MergeCache");
         }
 	
 	    		

CASA/micasad/common/WinUserIdentifier.cs

@@ -72,7 +72,9 @@ namespace sscs.common
 		}
 		public void PrintIdentifier()
 		{
-			//            Console.WriteLine("WinUserIdentifier : uid is {0}",uid);
+			CSSSLogger.DbgLog("  High: " + this.uidHigh);
+			CSSSLogger.DbgLog("   LOW: " + this.uidLow);
+			CSSSLogger.DbgLog("   SID: " + this.m_sSID);
 		}
 
 		public int GetUID()
@@ -80,5 +82,15 @@ namespace sscs.common
 			return -1;
 		}        
 
+		internal int GetUIDLow()
+		{
+			return this.uidLow;
+		}
+
+		internal int GetUIDHigh()
+		{
+			return this.uidHigh;
+		}
+
 	}
 }

CASA/micasad/lss/LocalStorage.cs

@@ -35,6 +35,7 @@ using sscs.crypto;
 using sscs.common;
 using sscs.constants;
 using Novell.CASA.MiCasa.Common;
+using Novell.CASA.CASAPolicy;
 
 namespace sscs.lss
 {
@@ -239,7 +240,7 @@ namespace sscs.lss
 				}
 
 				// add these to the store
-				AddXMLSecretsToStore(doc);
+				AddXMLSecretsToStore(userStore, doc);
 			}
 			catch(Exception e)
 			{
@@ -252,7 +253,7 @@ namespace sscs.lss
 			return true;
 		}
 
-		internal void AddXMLSecretsToStore(XmlDocument doc)
+		internal static void AddXMLSecretsToStore(SecretStore userStore, XmlDocument doc)
 		{
 			string xpath = "";
 			xpath = "//" + XmlConsts.miCASANode;
@@ -271,11 +272,38 @@ namespace sscs.lss
 					{
 						keyChain = new KeyChain(keyChainId);
 						userStore.AddKeyChain(keyChain);
+						
+
 					}
 					else
 					{
 						keyChain = userStore.GetKeyChain(keyChainId);
+
+						// set the created time if possible
+						XmlNode timeNode = node.SelectSingleNode("descendant::" + XmlConsts.timeNode);
+						if (timeNode != null)
+						{
+							XmlAttributeCollection timeAttribCol = timeNode.Attributes;
+							if (timeAttribCol != null)
+							{
+								XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
+								if (createdTimeNode != null)
+								{	
+									//Console.WriteLine("KeyChain create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
 								}
+								else
+								{
+									//Console.WriteLine("Create time not found");
+								}
+								XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
+								if (modifiedTimeNode != null)
+								{
+									//Console.WriteLine("KeyChain mod   time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
+								}
+							}
+						}						
+					}
+
 					xpath = "descendant::" + XmlConsts.secretNode;
 					XmlNodeList secretNodeList = node.SelectNodes(xpath);
 					foreach(XmlNode secretNode in secretNodeList)
@@ -284,6 +312,39 @@ namespace sscs.lss
 						string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0";
 						xpath = "descendant::" + XmlConsts.valueNode;
 						Secret secret = new Secret(secretId);
+
+						
+						// get time stamps for this secret
+						XmlNode timeNode = secretNode.SelectSingleNode("descendant::" + XmlConsts.timeNode);
+						if (timeNode != null)
+						{
+							//Console.WriteLine("Secret: " + secretId);
+							XmlAttributeCollection timeAttribCol = timeNode.Attributes;
+							if (timeAttribCol != null)
+							{						
+								XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
+								if (createdTimeNode != null)
+								{	
+									//Console.WriteLine("Secret create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
+								}
+								else
+								{
+									//Console.WriteLine("Create time not found");
+								}
+
+								XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
+								if (modifiedTimeNode != null)
+								{
+									//Console.WriteLine("Secret  mod   time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
+								}
+								else
+								{
+									//Console.WriteLine("mod time not found");
+								}
+							}
+						}	
+
+
 						if( keyChain.CheckIfSecretExists(secretId) == false)
 						{
 							keyChain.AddSecret(secret);
@@ -311,7 +372,6 @@ namespace sscs.lss
 								string keyValue = keyValNode.InnerText;
 								secret.SetKeyValue(key,keyValue);								
 																				
-										
 								// add linked keys
 								xpath = "descendant::" + XmlConsts.linkedKeyNode;
 								XmlNodeList linkNodeList = keyNode.SelectNodes(xpath);
@@ -362,10 +422,26 @@ namespace sscs.lss
 
 		internal void PersistStore()
 		{
+			string sPeristSecrets = null;
+
+			// is policy set to persist secrets
+			UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory());
+			if (uiPolicy != null)
+			{
+				sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
+			}
+		
+			if ((sPeristSecrets !=  null) && (sPeristSecrets.Equals("0")))
+			{
+				// delete .miCASA file and .IV file
+				File.Delete(userStore.GetPersistenceFilePath());
+				return;
+			}			
+
 			//userStore.DumpSecretstore();
 			try
 			{
-				MemoryStream ms1 = GetSecretsAsXMLStream();				
+				MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);				
 				//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
 				byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
 
@@ -412,7 +488,7 @@ namespace sscs.lss
 			}
 		}
 
-		internal MemoryStream GetSecretsAsXMLStream()
+		internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
 		{
 			try
 			{
@@ -438,12 +514,13 @@ namespace sscs.lss
 					sTmpId = new string(tmpId);
 
 					writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
-					/* If we need to store time
+					// If we need to store time
 					writer.WriteStartElement(XmlConsts.timeNode);
-											writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.ToString());
+					writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.Ticks.ToString());
-											writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.ToString());
+					writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.Ticks.ToString());
 					writer.WriteEndElement();
-					*/
+					
+					PersistencePol policy = null;
 
 					IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets());
 					while(secIter.MoveNext())
@@ -451,18 +528,37 @@ namespace sscs.lss
 						Secret secret = (Secret)secIter.Value;
 						writer.WriteStartElement(XmlConsts.secretNode);
 						string secretId = secret.GetKey();
+																
 						tmpId = new char[secretId.Length-1];
 						for(int i = 0; i < secretId.Length-1; i++ )
+						{
 							tmpId[i] = secretId[i];
+						}
 						sTmpId = new string(tmpId);
 
+						// TODO: Does Policy allow persisting this secret.
+						if (policy == null)
+						{
+							policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory());
+						}
+
+						bool bSaveValues = true;
+						if (policy != null)
+						{
+							if (policy.GetSecretPolicy(sTmpId, "Persistent", "True").Equals("False"))
+							{
+								//continue;
+								bSaveValues = false;
+							}
+						}
+						
 						writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
-						/* If we need to store time
+						// If we need to store time
 						writer.WriteStartElement(XmlConsts.timeNode);
-													writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.ToString());
+						writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.Ticks.ToString());
-													writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.ToString());
+						writer.WriteAttributeString("LazyTime",secret.CreatedTime.ToShortDateString());
+						writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.Ticks.ToString());
 						writer.WriteEndElement();
-						*/
 
 						writer.WriteStartElement(XmlConsts.valueNode); 
 						//                            byte[] byteArr = secret.GetValue();
@@ -475,14 +571,19 @@ namespace sscs.lss
 							writer.WriteStartElement(XmlConsts.keyNode);
 							writer.WriteAttributeString(XmlConsts.idAttr, sKey);
 							writer.WriteStartElement(XmlConsts.keyValueNode);
+
+							if (bSaveValues)
 								writer.WriteString(value);
+							else
+								writer.WriteString("");
+
 							writer.WriteEndElement();
-							/* If we need to store time
+							// If we need to store time
 							writer.WriteStartElement(XmlConsts.timeNode);
-															writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).ToString());
+							writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).Ticks.ToString());
-															writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).ToString());
+							writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).Ticks.ToString());
 							writer.WriteEndElement();
-							*/
+							
 							// write all LinkKeys
 							Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey);
 							if (htLinkedKeys != null)

CASA/micasad/verbs/ReadBinaryKey.cs

@@ -56,6 +56,13 @@ namespace sscs.verbs
         private byte[] inBuf;
         private byte[] outBuf;
 
+		// extension operations
+		private uint extId = 0;
+#if W32
+		private int  luidLow = 0;
+		private int  luidHigh = 0;
+#endif
+
         /*
         * This method sets the class member with the byte array received.
         */
@@ -77,6 +84,7 @@ namespace sscs.verbs
             Secret secret = null;
 
             CSSSLogger.ExecutionTrace(this); 
+			UserIdentifier tempUserId = userId;
 
             /* If an exception occurs in message format decoding,
              * it is handled by AppHandler
@@ -108,12 +116,41 @@ namespace sscs.verbs
             byte[] keyArr = new byte[keyLen];
             Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
             key = Encoding.UTF8.GetString(keyArr);
+			try 
+			{
+				// get extension ID
+				int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
+				extId = BitConverter.ToUInt32(inBuf, extLocation);
+			}
+			catch (Exception)
+			{
+				//CSSSLogger.ExpLog(e.ToString());
+			}
                 
+			SecretStore ssStore;
+
+			if (extId == 1)
+			{
+#if W32
+				WinUserIdentifier test = (WinUserIdentifier)userId;
+				// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
+				if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
+				{	
+					// WINDOWS LUID
+					// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
+					luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
+					luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
+					tempUserId = new WinUserIdentifier(luidLow, luidHigh);
+					SecretStore ss = SessionManager.CreateUserSession(tempUserId);
+				}
+#endif
+
+			}
             try
             {
                 KeyChain keyChain = null;
                // Secret secret = null;
-                SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
+				ssStore = SessionManager.GetUserSecretStore(tempUserId);
 				if (!ssStore.IsStoreLocked())
 				{
 					if( ssStore.CheckIfKeyChainExists(keyChainId) )

CASA/micasad/verbs/ReadKey.cs

@@ -56,6 +56,13 @@ namespace sscs.verbs
         private byte[] inBuf;
         private byte[] outBuf;
 
+		// extension operations
+		private uint extId = 0;
+#if W32
+		private int  luidLow = 0;
+		private int  luidHigh = 0;
+#endif
+
         /*
         * This method sets the class member with the byte array received.
         */
@@ -77,6 +84,7 @@ namespace sscs.verbs
             Secret secret = null;
 
             CSSSLogger.ExecutionTrace(this); 
+			UserIdentifier tempUserId = userId;
 
             /* If an exception occurs in message format decoding,
              * it is handled by AppHandler
@@ -108,12 +116,44 @@ namespace sscs.verbs
             byte[] keyArr = new byte[keyLen];
             Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
             key = Encoding.UTF8.GetString(keyArr);
+			try 
+			{
+				// get extension ID
+				int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
+				extId = BitConverter.ToUInt32(inBuf, extLocation);
+			}
+			catch (Exception)
+			{
+				//CSSSLogger.ExpLog(e.ToString());
+			}
+                
+			SecretStore ssStore;
+
+			if (extId == 1)
+			{
+#if W32
+				WinUserIdentifier test = (WinUserIdentifier)userId;
+				// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
+				if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
+				{	
+					// WINDOWS LUID
+					// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
+					luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
+					luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
+					tempUserId = new WinUserIdentifier(luidLow, luidHigh);
+					SecretStore ss = SessionManager.CreateUserSession(tempUserId);
+				}
+#endif
+
+			}
+
 
             try
             {
+
                 KeyChain keyChain = null;				
-               // Secret secret = null;
+				ssStore = SessionManager.GetUserSecretStore(tempUserId);
-                SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
+
 				if (!ssStore.IsStoreLocked())
 				{
 					if( ssStore.CheckIfKeyChainExists(keyChainId) )

CASA/micasad/verbs/ReadSecret.cs

@@ -52,6 +52,13 @@ namespace sscs.verbs
         private byte[] inBuf;
         private byte[] outBuf;
 
+		// extension operations
+		private uint extId = 0;
+#if W32
+		private int  luidLow = 0;
+		private int  luidHigh = 0;
+#endif
+
         /*
         * This method sets the class member with the byte array received.
         */
@@ -73,6 +80,7 @@ namespace sscs.verbs
             Secret secret = null;
 
             CSSSLogger.ExecutionTrace(this); 
+			UserIdentifier tempUserId = userId;
 
             /* If an exception occurs in message format decoding,
              * it is handled by AppHandler
@@ -100,10 +108,39 @@ namespace sscs.verbs
             // Message Format decipher - End
  
 			try 
+			{
+				// get extension ID
+				int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen);
+				extId = BitConverter.ToUInt32(inBuf, extLocation);
+			}
+			catch (Exception)
+			{
+				//CSSSLogger.ExpLog(e.ToString());
+			}
+                
+			SecretStore ssStore;
+
+			if (extId == 1)
+			{
+#if W32
+				WinUserIdentifier test = (WinUserIdentifier)userId;
+				// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
+				if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
+				{									
+					// WINDOWS LUID
+					// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
+					luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
+					luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
+					tempUserId = new WinUserIdentifier(luidLow, luidHigh);
+					SecretStore ss = SessionManager.CreateUserSession(tempUserId);
+				}
+#endif
+			}
+            try
             {
                 KeyChain keyChain = null;
                // Secret secret = null;
-                SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
+				ssStore = SessionManager.GetUserSecretStore(tempUserId);
 
 				if (!ssStore.IsStoreLocked())
 				{

CASA/micasad/verbs/RemoveKey.cs

@@ -52,6 +52,13 @@ namespace sscs.verbs
         private byte[] inBuf;
         private byte[] outBuf;
 
+		// extension operations
+		private uint extId = 0;
+#if W32
+		private int  luidLow = 0;
+		private int  luidHigh = 0;
+#endif
+
         /*
         * This method sets the class member with the byte array received.
         */
@@ -78,6 +85,8 @@ namespace sscs.verbs
              * it is handled by AppHandler
              */
 
+			UserIdentifier tempUserId = userId;
+
             // Message Format decipher - Start
             msgId          = BitConverter.ToUInt16(inBuf,0);
             inMsgLen       = BitConverter.ToUInt32(inBuf,2);
@@ -105,11 +114,45 @@ namespace sscs.verbs
             Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
             key = Encoding.UTF8.GetString(keyArr);
  
+			try 
+			{
+				// get extension ID
+				int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
+				extId = BitConverter.ToUInt32(inBuf, extLocation);
+			}
+			catch (Exception)
+			{
+				//CSSSLogger.ExpLog(e.ToString());
+			}
+                
+			if (extId == 1)
+			{
+#if W32
+				// WINDOWS LUID
+				// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
+				// we might be able to change this if/when we abstract the session.    
+				// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
+				luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
+				luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
+				tempUserId = new WinUserIdentifier(luidLow, luidHigh);
+				SecretStore ss = SessionManager.CreateUserSession(tempUserId);
+				try 
+				{
+					ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));                                        
+				}
+				catch (Exception)
+				{
+
+				}
+#endif
+			}
+
+
             try
             {
                 KeyChain keyChain = null;
                // Secret secret = null;
-                SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
+                SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
 				if (!ssStore.IsStoreLocked())
 				{
 					if( ssStore.CheckIfKeyChainExists(keyChainId) )

CASA/micasad/verbs/RemoveSecret.cs

@@ -50,6 +50,14 @@ namespace sscs.verbs
         
         private byte[] inBuf;
         private byte[] outBuf;
+
+		// extension operations
+		private uint extId = 0;
+#if W32
+		private int  luidLow = 0;
+		private int  luidHigh = 0;
+#endif
+
         /*
         * This method sets the class member with the byte array received.
         */
@@ -69,6 +77,9 @@ namespace sscs.verbs
         {
 
             CSSSLogger.ExecutionTrace(this);
+
+			UserIdentifier tempUserId = userId;
+
             /* If an exception occurs in message format decoding,
              * it is handled by AppHandler
              */
@@ -92,11 +103,44 @@ namespace sscs.verbs
             byte[] secretIdArr = new byte[secretIdLen];
             Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen);
             secretId = Encoding.UTF8.GetString(secretIdArr);
+            
+			try 
+			{
+				// get extension ID
+				int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen);				
+				extId = BitConverter.ToUInt32(inBuf, extLocation);
+			}
+			catch (Exception)
+			{
+				//CSSSLogger.ExpLog(e.ToString());
+			}
+
+			if (extId == 1)
+			{
+#if W32				
+				// WINDOWS LUID
+				// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
+				// we might be able to change this if/when we abstract the session.    
+				// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
+				luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
+				luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
+				tempUserId = new WinUserIdentifier(luidLow, luidHigh);
+				SecretStore ss = SessionManager.CreateUserSession(tempUserId);
+				try 
+				{
+					ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));                                        
+				}
+				catch (Exception)
+				{
+
+				}
+#endif
+			}
 			// Message Format decipher - End
 
             try
             {
-                SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
+                SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
                 if (!ssStore.IsStoreLocked())
                 {
 

CASA/micasadk/link.w32

@@ -35,6 +35,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
+	echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
 	echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

CASA/micasadk/link_mdd.w32

@@ -40,6 +40,7 @@ LINK_DEF_BLD = \
 	echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
+	echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
 	echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
 	echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

CASA/micasadk/micasa.def

@@ -10,6 +10,7 @@ EXPORTS
 	miCASARemoveCredential
 	miCASAOpenSecretStoreCache
 	miCASACloseSecretStoreCache
+	miCASAMergeCache
 	miCASAReadSecret
 	miCASARemoveSecret
 	miCASAWriteSecret

CASA/micasadk/sscs_ndk.c

@@ -1107,7 +1107,7 @@ miCASAReadSecret
 	}
 
 	if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, 
-						epPassword, &bytesRequired, readData))
+		epPassword, &bytesRequired, ext))
 	{
 		goto errorLevel1;
 	}
@@ -1285,7 +1285,7 @@ miCASARemoveSecret
 	}
 
 	rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID, 
-					&secretID, epPassword, NULL);
+		&secretID, epPassword, ext);
 
 
 /* ############################### CODE EXITS HERE ############################# */
@@ -3207,7 +3207,7 @@ miCASAGetCredential
 
 			// read credset for this app
 			secID.type = SSCS_CREDENTIAL_TYPE_F;
-			rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
+			rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
 			
 			if(rcode == NSSCS_SUCCESS)
 			{
@@ -3231,7 +3231,7 @@ miCASAGetCredential
 		secID.type = SSCS_CREDENTIAL_TYPE_F;
 		secID.len = appSecretID->len;		
 		sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
-		rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
+		rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
 		if(rcode == NSSCS_SUCCESS)
 		{
 			// read the username and password
@@ -3605,7 +3605,7 @@ miCASADeleteCredential
 	secID.len = appSecretID->len;	
 	sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
 		
-	rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL);
+	rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, ext);
 	
 	// close the secretstore
 	miCASACloseSecretStoreCache(context, ssFlags, NULL);
@@ -3750,3 +3750,46 @@ miCASAIsSecretPersistent
 /* ############################### CODE ENDS HERE ############################# */
 }	// end of miCASAIsSecretPersistent
 
+/*
+ * NAME - miCASAMergeCache
+ *
+ * DESCRIPTION
+ *	 This call merges the src cache with the destination cache
+ *
+ */
+SSCS_GLOBAL_LIBCALL(int32_t)
+miCASAMergeCache
+(
+	SSCS_EXT_T			*srcExt,
+	SSCS_EXT_T			*targetExt,        
+    uint32_t			bDestroySrcCache
+)
+{ /* beginning of the call */
+/* ########################## DECLARATIONS START HERE ######################### */
+
+    void 				*context = NULL;
+    int32_t				rcode = 0;
+	SSCS_SECRETSTORE_T	store = {0};
+    SSCS_CONTEXT_T		*storeContext;
+
+/* ############################## CODE STARTS HERE ############################ */
+
+    // open secretStore
+    sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
+    store.version = 1;
+    context = miCASAOpenSecretStoreCache(&store, 0, NULL);
+
+    storeContext = (SSCS_CONTEXT_T *)context;
+
+    if(context == NULL)
+    {
+        return NSSCS_E_SYSTEM_FAILURE;
+    }
+
+	rcode = sscs_MergeCache(storeContext->ssHandle, srcExt, targetExt, bDestroySrcCache);    
+    miCASACloseSecretStoreCache(context, 0, NULL);
+
+    return rcode;
+
+/* ############################### CODE ENDS HERE ############################# */
+}	// end of miCASAIsSecretPersistent