Add support for Dynamic Local User(DLU) on windows

This commit is contained in:
Jim Norman 2006-10-10 17:56:57 +00:00
parent 18e290e209
commit 0e03e5e475
23 changed files with 896 additions and 67 deletions

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Oct 10 11:56:10 MDT 2006 - jnorman@novell.com
- Add support for Dynamic Local User(DLU) on windows
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Oct 6 16:12:10 MDT 2006 - schoi@novell.com Fri Oct 6 16:12:10 MDT 2006 - schoi@novell.com

View File

@ -536,6 +536,14 @@ miCASASetMasterPasscode
SSCS_EXT_T *ext SSCS_EXT_T *ext
); );
SSCS_EXTERN_LIBCALL(int32_t)
miCASAMergeCache
(
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrcCache
);
//************************************************************** //**************************************************************

View File

@ -28,6 +28,7 @@ extern "C"
{ {
#endif #endif
//#include <wchar.h> //#include <wchar.h>
#include <sscs_sdk.h> #include <sscs_sdk.h>
#include <sscs_utf8.h> #include <sscs_utf8.h>
@ -554,6 +555,13 @@ int sscs_IsSecretPersistent
void *reserved void *reserved
); );
int sscs_MergeCache
(
void *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrc
);
#if defined(__cplusplus) || defined(c_plusplus) #if defined(__cplusplus) || defined(c_plusplus)

View File

@ -125,7 +125,8 @@ int ipc_ReadSecret
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SSCS_SECRET_T *secretData, SSCS_SECRET_T *secretData,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
unsigned int *bytesRequired unsigned int *bytesRequired,
SSCS_EXT_T *ext
); );
int ipc_WriteSecret int ipc_WriteSecret
@ -144,7 +145,8 @@ int ipc_RemoveSecret
SSCS_SECRETSTORE_HANDLE_T *ssHandle, SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID, SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SSCS_PASSWORD_T *epPassword SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
); );
int ipc_GetSecretStoreInfo int ipc_GetSecretStoreInfo
@ -187,7 +189,8 @@ int ipc_ReadKey
uint8_t *val, uint8_t *val,
uint32_t *valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired,
SSCS_EXT_T *ext
); );
int ipc_WriteKey int ipc_WriteKey
@ -211,7 +214,8 @@ int ipc_RemoveKey
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
SSCS_PASSWORD_T *epPassword SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
); );
int ipc_ReadBinaryKey int ipc_ReadBinaryKey
@ -224,7 +228,8 @@ int ipc_ReadBinaryKey
uint8_t *val, uint8_t *val,
uint32_t *valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired,
SSCS_EXT_T *ext
); );
int ipc_WriteBinaryKey int ipc_WriteBinaryKey
@ -257,6 +262,15 @@ int ipc_IsSecretPersistent
SSCS_EXT_T *ext SSCS_EXT_T *ext
); );
int ipc_MergeCache
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
int32_t bDestorySrc
);
#endif #endif
#endif #endif

View File

@ -147,6 +147,9 @@
#define REQ_REMOVE_KEY_MSGID 0x0017 #define REQ_REMOVE_KEY_MSGID 0x0017
#define RESP_REMOVE_KEY_MSGID 0x1017 #define RESP_REMOVE_KEY_MSGID 0x1017
#define REQ_MERGE_CACHE_MSGID 0x0018
#define RESP_MERGE_CACHE_MSGID 0x1018
#define EXT_TYPE_WINDOWS_LUID 0x00000001; #define EXT_TYPE_WINDOWS_LUID 0x00000001;
#define WINDOWS_LUID_LEN 0x00000008; #define WINDOWS_LUID_LEN 0x00000008;

View File

@ -34,6 +34,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

View File

@ -36,6 +36,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\ echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\ echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\ echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

View File

@ -10,6 +10,7 @@ EXPORTS
sscs_CacheGetSecretStoreInfo sscs_CacheGetSecretStoreInfo
sscs_CacheGetKeychainInfo sscs_CacheGetKeychainInfo
sscs_LockCache sscs_LockCache
sscs_MergeCache
sscs_UnlockCache sscs_UnlockCache
sscs_CacheRemoveSecret sscs_CacheRemoveSecret
sscs_SetMasterPasscode sscs_SetMasterPasscode

View File

@ -317,7 +317,7 @@ int32_t sscs_CacheReadSecret
int32_t retVal = 0; int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired); retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired, reserved);
return retVal; return retVal;
} }
@ -397,18 +397,18 @@ int sscs_CacheWriteSecret
*/ */
int32_t sscs_CacheRemoveSecret int32_t sscs_CacheRemoveSecret
( (
void *ssHandle, void *ssHandle,
uint32_t ssFlags, uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keyChainID, SSCS_KEYCHAIN_ID_T *keyChainID,
SSCS_SECRET_ID_T *secredID, SSCS_SECRET_ID_T *secredID,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
void *reserved void *reserved
) )
{ {
int32_t retVal = 0; int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword); retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword,reserved);
return retVal; return retVal;
} }
@ -668,7 +668,7 @@ int32_t sscs_CacheRemoveKey
int32_t retVal = 0; int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword); retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword,reserved);
return retVal; return retVal;
} }
@ -721,7 +721,7 @@ int32_t sscs_CacheReadKey
int32_t retVal = 0; int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired); retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
return retVal; return retVal;
} }
@ -744,7 +744,7 @@ int32_t sscs_CacheReadBinaryKey
int32_t retVal = 0; int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle; SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired); retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
return retVal; return retVal;
} }
@ -766,6 +766,23 @@ int sscs_IsSecretPersistent
return retVal; return retVal;
} }
int sscs_MergeCache
(
void *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrc
)
{
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_MergeCache(ssHandleCopy,srcExt,targetExt,bDestroySrc);
return retVal;
}
//#endif //#endif
#if defined(__cplusplus) || defined(c_plusplus) #if defined(__cplusplus) || defined(c_plusplus)

View File

@ -979,7 +979,8 @@ int32_t ipc_ReadSecret
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SSCS_SECRET_T *secretData, SSCS_SECRET_T *secretData,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired,
SSCS_EXT_T *ext
) )
{ {
int retVal = 0; //to be used in the function internally int retVal = 0; //to be used in the function internally
@ -992,6 +993,9 @@ int32_t ipc_ReadSecret
uint32_t secretIDLen = 0; uint32_t secretIDLen = 0;
uint32_t msgLen = 0; uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""}; SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@ -1029,7 +1033,24 @@ int32_t ipc_ReadSecret
secretIDLen + // SecretID secretIDLen + // SecretID
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID; msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1049,6 +1070,36 @@ int32_t ipc_ReadSecret
memcpy(pReq, epPassword->pword, epPassword->pwordLen); memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -1335,7 +1386,8 @@ int32_t ipc_RemoveSecret
SSCS_SECRETSTORE_HANDLE_T *ssHandle, SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID, SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SSCS_PASSWORD_T *epPassword SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
) )
{ {
int retVal = 0; //to be used in the function internally int retVal = 0; //to be used in the function internally
@ -1351,6 +1403,9 @@ int32_t ipc_RemoveSecret
uint32_t secretIDLen = 0; uint32_t secretIDLen = 0;
uint32_t msgLen = 0; uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
memset(gpReqBuf,0,sizeof(gpReqBuf)); memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf)); memset(gpReplyBuf,0,sizeof(gpReplyBuf));
@ -1384,6 +1439,23 @@ int32_t ipc_RemoveSecret
msgLen += epPassword->pwordLen; msgLen += epPassword->pwordLen;
} }
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_SECRET_MSGID; msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
@ -1411,8 +1483,39 @@ int32_t ipc_RemoveSecret
{ {
int pwordlen = 0; int pwordlen = 0;
memcpy(pReq, &pwordlen, MSG_STRING_LEN); memcpy(pReq, &pwordlen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
} }
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -1853,7 +1956,8 @@ int32_t ipc_RemoveKey
SSCS_SECRET_ID_T *secretID, SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key, SS_UTF8_T *key,
uint32_t keyLen, uint32_t keyLen,
SSCS_PASSWORD_T *epPassword SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
) )
{ {
int retVal = 0; //to be used in the function internally int retVal = 0; //to be used in the function internally
@ -1868,6 +1972,9 @@ int32_t ipc_RemoveKey
SSCS_PASSWORD_T myPassword = {0,0,""}; SSCS_PASSWORD_T myPassword = {0,0,""};
uint32_t extID = 0;
uint32_t luidLen = 0;
Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN]; Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL; Byte *pReq = NULL, *pReply = NULL;
@ -1911,6 +2018,31 @@ int32_t ipc_RemoveKey
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID; msgid = REQ_REMOVE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -1936,6 +2068,35 @@ int32_t ipc_RemoveKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen); memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -1976,7 +2137,8 @@ int32_t ipc_ReadKey
uint8_t *val, uint8_t *val,
uint32_t *valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired,
SSCS_EXT_T *ext
) )
{ {
int retVal = 0; //to be used in the function internally int retVal = 0; //to be used in the function internally
@ -1989,6 +2151,10 @@ int32_t ipc_ReadKey
uint32_t secretIDLen = 0; uint32_t secretIDLen = 0;
uint32_t msgLen = 0; uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""}; SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@ -2019,6 +2185,7 @@ int32_t ipc_ReadKey
// epPassword is optional. So, the code should not break. // epPassword is optional. So, the code should not break.
if( NULL == epPassword ) if( NULL == epPassword )
epPassword = &myPassword; epPassword = &myPassword;
msgLen = MSGID_LEN + MSG_LEN + msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + // KeychainID length MSG_STRING_LEN + // KeychainID length
keychainIDLen + // Keychain ID keychainIDLen + // Keychain ID
@ -2028,6 +2195,24 @@ int32_t ipc_ReadKey
keyLen + //key keyLen + //key
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID; msgid = REQ_READ_KEY_MSGID;
@ -2054,6 +2239,36 @@ int32_t ipc_ReadKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen); memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -2144,7 +2359,8 @@ int32_t ipc_ReadBinaryKey
uint8_t *val, uint8_t *val,
uint32_t *valLen, uint32_t *valLen,
SSCS_PASSWORD_T *epPassword, SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired uint32_t *bytesRequired,
SSCS_EXT_T *ext
) )
{ {
int retVal = 0; //to be used in the function internally int retVal = 0; //to be used in the function internally
@ -2157,6 +2373,9 @@ int32_t ipc_ReadBinaryKey
uint32_t secretIDLen = 0; uint32_t secretIDLen = 0;
uint32_t msgLen = 0; uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""}; SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN]; Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@ -2195,7 +2414,25 @@ int32_t ipc_ReadBinaryKey
keyLen + //key keyLen + //key
MSG_STRING_LEN + // epPassword len MSG_STRING_LEN + // epPassword len
epPassword->pwordLen; epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf; pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID; msgid = REQ_READ_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN); memcpy(pReq, &msgid, MSGID_LEN);
@ -2221,6 +2458,35 @@ int32_t ipc_ReadBinaryKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen); memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen; pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0) if(retVal < 0)
{ {
@ -2965,3 +3231,150 @@ int ipc_IsSecretPersistent
return retCode; return retCode;
} }
int32_t ipc_MergeCache(SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
int32_t bDestroySrc)
{
int retVal = 0; //to be used in the function internally
int32_t retCode = NSSCS_SUCCESS; //to be returned to caller
int32_t sockReturn = 0; //obtained from the server
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL;
Byte *tmpBuf = NULL;
uint16_t msgid = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
do
{
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
// compute the size of the extensions we marshall
if (srcExt && targetExt)
{
if ((srcExt->extID == WINDOWS_LOGIN_ID) && (targetExt->extID == WINDOWS_LOGIN_ID))
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // src
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // target
msgLen += sizeof(int32_t); // destroy flag
}
else
{
retCode = NSSCS_E_NOT_SUPPORTED;
break;
}
}
else
{
retCode = NSSCS_E_NOT_SUPPORTED;
break;
}
// if no errors, marshal the data.
if (!retCode)
{
if( msgLen > MIN_REQUEST_BUF_LEN )
{
tmpBuf = (Byte*)malloc(msgLen);
if( NULL == tmpBuf )
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memset(tmpBuf,0,msgLen);
pReq = tmpBuf;
}
else
{
pReq = gpReqBuf;
}
msgid = REQ_MERGE_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
// copy the srcExt
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, srcExt->ext, 8);
pReq += 8;
// copy the targetExt
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, targetExt->ext, 8);
pReq += 8;
// copy destroy flag
memcpy(pReq, &bDestroySrc, sizeof(int32_t));
if(tmpBuf != NULL)
{
retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen);
}
else
{
retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen);
}
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
// Read reply
pReply = gpReplyBuf;
retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memcpy(&msgid,pReply, MSGID_LEN);
pReply += MSGID_LEN;
memcpy(&msgLen,pReply, MSG_LEN);
pReply += MSG_LEN;
memcpy(&sockReturn, pReply, MSG_DWORD_LEN);
retCode = mapReturnCode(sockReturn);
}
}while(0);
if( tmpBuf != NULL )
{
free(tmpBuf);
tmpBuf = NULL;
}
return retCode;
}

View File

@ -904,7 +904,7 @@ namespace sscs.cache
{ {
if (lss != null) if (lss != null)
{ {
MemoryStream ms = lss.GetSecretsAsXMLStream(); MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
byte[] baSecrets = ms.ToArray(); byte[] baSecrets = ms.ToArray();
// encrypt if an encryptionstring was passed // encrypt if an encryptionstring was passed
@ -939,10 +939,7 @@ namespace sscs.cache
XmlDocument doc = new XmlDocument(); XmlDocument doc = new XmlDocument();
String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets); String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets);
doc.LoadXml(sXMLData); doc.LoadXml(sXMLData);
if (lss != null) LocalStorage.AddXMLSecretsToStore(this, doc);
{
lss.AddXMLSecretsToStore(doc);
}
} }
internal void CreatePolicyDirectory() internal void CreatePolicyDirectory()

View File

@ -84,6 +84,7 @@ namespace sscs.common
msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey"); msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey");
msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey"); msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey");
msgIdMap.Add(23,"sscs.verbs.RemoveKey"); msgIdMap.Add(23,"sscs.verbs.RemoveKey");
msgIdMap.Add(24,"sscs.verbs.MergeCache");
} }

View File

@ -72,7 +72,9 @@ namespace sscs.common
} }
public void PrintIdentifier() public void PrintIdentifier()
{ {
// Console.WriteLine("WinUserIdentifier : uid is {0}",uid); CSSSLogger.DbgLog(" High: " + this.uidHigh);
CSSSLogger.DbgLog(" LOW: " + this.uidLow);
CSSSLogger.DbgLog(" SID: " + this.m_sSID);
} }
public int GetUID() public int GetUID()
@ -80,5 +82,15 @@ namespace sscs.common
return -1; return -1;
} }
internal int GetUIDLow()
{
return this.uidLow;
}
internal int GetUIDHigh()
{
return this.uidHigh;
}
} }
} }

View File

@ -35,6 +35,7 @@ using sscs.crypto;
using sscs.common; using sscs.common;
using sscs.constants; using sscs.constants;
using Novell.CASA.MiCasa.Common; using Novell.CASA.MiCasa.Common;
using Novell.CASA.CASAPolicy;
namespace sscs.lss namespace sscs.lss
{ {
@ -239,7 +240,7 @@ namespace sscs.lss
} }
// add these to the store // add these to the store
AddXMLSecretsToStore(doc); AddXMLSecretsToStore(userStore, doc);
} }
catch(Exception e) catch(Exception e)
{ {
@ -252,7 +253,7 @@ namespace sscs.lss
return true; return true;
} }
internal void AddXMLSecretsToStore(XmlDocument doc) internal static void AddXMLSecretsToStore(SecretStore userStore, XmlDocument doc)
{ {
string xpath = ""; string xpath = "";
xpath = "//" + XmlConsts.miCASANode; xpath = "//" + XmlConsts.miCASANode;
@ -271,11 +272,38 @@ namespace sscs.lss
{ {
keyChain = new KeyChain(keyChainId); keyChain = new KeyChain(keyChainId);
userStore.AddKeyChain(keyChain); userStore.AddKeyChain(keyChain);
} }
else else
{ {
keyChain = userStore.GetKeyChain(keyChainId); keyChain = userStore.GetKeyChain(keyChainId);
// set the created time if possible
XmlNode timeNode = node.SelectSingleNode("descendant::" + XmlConsts.timeNode);
if (timeNode != null)
{
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
if (timeAttribCol != null)
{
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
if (createdTimeNode != null)
{
//Console.WriteLine("KeyChain create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
}
else
{
//Console.WriteLine("Create time not found");
}
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
if (modifiedTimeNode != null)
{
//Console.WriteLine("KeyChain mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
}
}
}
} }
xpath = "descendant::" + XmlConsts.secretNode; xpath = "descendant::" + XmlConsts.secretNode;
XmlNodeList secretNodeList = node.SelectNodes(xpath); XmlNodeList secretNodeList = node.SelectNodes(xpath);
foreach(XmlNode secretNode in secretNodeList) foreach(XmlNode secretNode in secretNodeList)
@ -284,6 +312,39 @@ namespace sscs.lss
string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0"; string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0";
xpath = "descendant::" + XmlConsts.valueNode; xpath = "descendant::" + XmlConsts.valueNode;
Secret secret = new Secret(secretId); Secret secret = new Secret(secretId);
// get time stamps for this secret
XmlNode timeNode = secretNode.SelectSingleNode("descendant::" + XmlConsts.timeNode);
if (timeNode != null)
{
//Console.WriteLine("Secret: " + secretId);
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
if (timeAttribCol != null)
{
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
if (createdTimeNode != null)
{
//Console.WriteLine("Secret create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
}
else
{
//Console.WriteLine("Create time not found");
}
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
if (modifiedTimeNode != null)
{
//Console.WriteLine("Secret mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
}
else
{
//Console.WriteLine("mod time not found");
}
}
}
if( keyChain.CheckIfSecretExists(secretId) == false) if( keyChain.CheckIfSecretExists(secretId) == false)
{ {
keyChain.AddSecret(secret); keyChain.AddSecret(secret);
@ -309,9 +370,8 @@ namespace sscs.lss
xpath = "descendant::" + XmlConsts.keyValueNode; xpath = "descendant::" + XmlConsts.keyValueNode;
XmlNode keyValNode = keyNode.SelectSingleNode(xpath); XmlNode keyValNode = keyNode.SelectSingleNode(xpath);
string keyValue = keyValNode.InnerText; string keyValue = keyValNode.InnerText;
secret.SetKeyValue(key,keyValue); secret.SetKeyValue(key,keyValue);
// add linked keys // add linked keys
xpath = "descendant::" + XmlConsts.linkedKeyNode; xpath = "descendant::" + XmlConsts.linkedKeyNode;
XmlNodeList linkNodeList = keyNode.SelectNodes(xpath); XmlNodeList linkNodeList = keyNode.SelectNodes(xpath);
@ -362,10 +422,26 @@ namespace sscs.lss
internal void PersistStore() internal void PersistStore()
{ {
string sPeristSecrets = null;
// is policy set to persist secrets
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory());
if (uiPolicy != null)
{
sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
}
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
{
// delete .miCASA file and .IV file
File.Delete(userStore.GetPersistenceFilePath());
return;
}
//userStore.DumpSecretstore(); //userStore.DumpSecretstore();
try try
{ {
MemoryStream ms1 = GetSecretsAsXMLStream(); MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath()); //byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath()); byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
@ -412,7 +488,7 @@ namespace sscs.lss
} }
} }
internal MemoryStream GetSecretsAsXMLStream() internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
{ {
try try
{ {
@ -438,12 +514,13 @@ namespace sscs.lss
sTmpId = new string(tmpId); sTmpId = new string(tmpId);
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
/* If we need to store time // If we need to store time
writer.WriteStartElement(XmlConsts.timeNode); writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.ToString()); writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.Ticks.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.ToString()); writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.Ticks.ToString());
writer.WriteEndElement(); writer.WriteEndElement();
*/
PersistencePol policy = null;
IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets()); IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets());
while(secIter.MoveNext()) while(secIter.MoveNext())
@ -451,18 +528,37 @@ namespace sscs.lss
Secret secret = (Secret)secIter.Value; Secret secret = (Secret)secIter.Value;
writer.WriteStartElement(XmlConsts.secretNode); writer.WriteStartElement(XmlConsts.secretNode);
string secretId = secret.GetKey(); string secretId = secret.GetKey();
tmpId = new char[secretId.Length-1]; tmpId = new char[secretId.Length-1];
for(int i = 0; i < secretId.Length-1; i++ ) for(int i = 0; i < secretId.Length-1; i++ )
{
tmpId[i] = secretId[i]; tmpId[i] = secretId[i];
}
sTmpId = new string(tmpId); sTmpId = new string(tmpId);
// TODO: Does Policy allow persisting this secret.
if (policy == null)
{
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory());
}
bool bSaveValues = true;
if (policy != null)
{
if (policy.GetSecretPolicy(sTmpId, "Persistent", "True").Equals("False"))
{
//continue;
bSaveValues = false;
}
}
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId); writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
/* If we need to store time // If we need to store time
writer.WriteStartElement(XmlConsts.timeNode); writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.ToString()); writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.Ticks.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.ToString()); writer.WriteAttributeString("LazyTime",secret.CreatedTime.ToShortDateString());
writer.WriteEndElement(); writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.Ticks.ToString());
*/ writer.WriteEndElement();
writer.WriteStartElement(XmlConsts.valueNode); writer.WriteStartElement(XmlConsts.valueNode);
// byte[] byteArr = secret.GetValue(); // byte[] byteArr = secret.GetValue();
@ -475,14 +571,19 @@ namespace sscs.lss
writer.WriteStartElement(XmlConsts.keyNode); writer.WriteStartElement(XmlConsts.keyNode);
writer.WriteAttributeString(XmlConsts.idAttr, sKey); writer.WriteAttributeString(XmlConsts.idAttr, sKey);
writer.WriteStartElement(XmlConsts.keyValueNode); writer.WriteStartElement(XmlConsts.keyValueNode);
writer.WriteString(value);
if (bSaveValues)
writer.WriteString(value);
else
writer.WriteString("");
writer.WriteEndElement(); writer.WriteEndElement();
/* If we need to store time // If we need to store time
writer.WriteStartElement(XmlConsts.timeNode); writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).ToString()); writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).Ticks.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).ToString()); writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).Ticks.ToString());
writer.WriteEndElement(); writer.WriteEndElement();
*/
// write all LinkKeys // write all LinkKeys
Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey); Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey);
if (htLinkedKeys != null) if (htLinkedKeys != null)

View File

@ -56,6 +56,13 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
*/ */
@ -77,6 +84,7 @@ namespace sscs.verbs
Secret secret = null; Secret secret = null;
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding, /* If an exception occurs in message format decoding,
* it is handled by AppHandler * it is handled by AppHandler
@ -108,12 +116,41 @@ namespace sscs.verbs
byte[] keyArr = new byte[keyLen]; byte[] keyArr = new byte[keyLen];
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr); key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try try
{ {
KeyChain keyChain = null; KeyChain keyChain = null;
// Secret secret = null; // Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId); ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {
if( ssStore.CheckIfKeyChainExists(keyChainId) ) if( ssStore.CheckIfKeyChainExists(keyChainId) )

View File

@ -56,6 +56,13 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
*/ */
@ -77,6 +84,7 @@ namespace sscs.verbs
Secret secret = null; Secret secret = null;
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding, /* If an exception occurs in message format decoding,
* it is handled by AppHandler * it is handled by AppHandler
@ -108,12 +116,44 @@ namespace sscs.verbs
byte[] keyArr = new byte[keyLen]; byte[] keyArr = new byte[keyLen];
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr); key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try try
{ {
KeyChain keyChain = null;
// Secret secret = null; KeyChain keyChain = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId); ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {
if( ssStore.CheckIfKeyChainExists(keyChainId) ) if( ssStore.CheckIfKeyChainExists(keyChainId) )

View File

@ -51,6 +51,13 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
@ -73,6 +80,7 @@ namespace sscs.verbs
Secret secret = null; Secret secret = null;
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding, /* If an exception occurs in message format decoding,
* it is handled by AppHandler * it is handled by AppHandler
@ -99,11 +107,40 @@ namespace sscs.verbs
secretId = Encoding.UTF8.GetString(secretIdArr); secretId = Encoding.UTF8.GetString(secretIdArr);
// Message Format decipher - End // Message Format decipher - End
try
{
// get extension ID
int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try try
{ {
KeyChain keyChain = null; KeyChain keyChain = null;
// Secret secret = null; // Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId); ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {

View File

@ -52,6 +52,13 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
*/ */
@ -78,6 +85,8 @@ namespace sscs.verbs
* it is handled by AppHandler * it is handled by AppHandler
*/ */
UserIdentifier tempUserId = userId;
// Message Format decipher - Start // Message Format decipher - Start
msgId = BitConverter.ToUInt16(inBuf,0); msgId = BitConverter.ToUInt16(inBuf,0);
inMsgLen = BitConverter.ToUInt32(inBuf,2); inMsgLen = BitConverter.ToUInt32(inBuf,2);
@ -105,11 +114,45 @@ namespace sscs.verbs
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen); Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr); key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
if (extId == 1)
{
#if W32
// WINDOWS LUID
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
// we might be able to change this if/when we abstract the session.
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
try
{
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
}
catch (Exception)
{
}
#endif
}
try try
{ {
KeyChain keyChain = null; KeyChain keyChain = null;
// Secret secret = null; // Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId); SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {
if( ssStore.CheckIfKeyChainExists(keyChainId) ) if( ssStore.CheckIfKeyChainExists(keyChainId) )

View File

@ -50,6 +50,14 @@ namespace sscs.verbs
private byte[] inBuf; private byte[] inBuf;
private byte[] outBuf; private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/* /*
* This method sets the class member with the byte array received. * This method sets the class member with the byte array received.
*/ */
@ -69,6 +77,9 @@ namespace sscs.verbs
{ {
CSSSLogger.ExecutionTrace(this); CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding, /* If an exception occurs in message format decoding,
* it is handled by AppHandler * it is handled by AppHandler
*/ */
@ -92,11 +103,44 @@ namespace sscs.verbs
byte[] secretIdArr = new byte[secretIdLen]; byte[] secretIdArr = new byte[secretIdLen];
Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen); Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen);
secretId = Encoding.UTF8.GetString(secretIdArr); secretId = Encoding.UTF8.GetString(secretIdArr);
// Message Format decipher - End
try
{
// get extension ID
int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
if (extId == 1)
{
#if W32
// WINDOWS LUID
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
// we might be able to change this if/when we abstract the session.
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
try
{
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
}
catch (Exception)
{
}
#endif
}
// Message Format decipher - End
try try
{ {
SecretStore ssStore = SessionManager.GetUserSecretStore(userId); SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked()) if (!ssStore.IsStoreLocked())
{ {

View File

@ -35,6 +35,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

View File

@ -40,6 +40,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\ echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

View File

@ -10,6 +10,7 @@ EXPORTS
miCASARemoveCredential miCASARemoveCredential
miCASAOpenSecretStoreCache miCASAOpenSecretStoreCache
miCASACloseSecretStoreCache miCASACloseSecretStoreCache
miCASAMergeCache
miCASAReadSecret miCASAReadSecret
miCASARemoveSecret miCASARemoveSecret
miCASAWriteSecret miCASAWriteSecret

View File

@ -1107,7 +1107,7 @@ miCASAReadSecret
} }
if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf,
epPassword, &bytesRequired, readData)) epPassword, &bytesRequired, ext))
{ {
goto errorLevel1; goto errorLevel1;
} }
@ -1285,7 +1285,7 @@ miCASARemoveSecret
} }
rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID, rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID,
&secretID, epPassword, NULL); &secretID, epPassword, ext);
/* ############################### CODE EXITS HERE ############################# */ /* ############################### CODE EXITS HERE ############################# */
@ -3207,7 +3207,7 @@ miCASAGetCredential
// read credset for this app // read credset for this app
secID.type = SSCS_CREDENTIAL_TYPE_F; secID.type = SSCS_CREDENTIAL_TYPE_F;
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
if(rcode == NSSCS_SUCCESS) if(rcode == NSSCS_SUCCESS)
{ {
@ -3231,7 +3231,7 @@ miCASAGetCredential
secID.type = SSCS_CREDENTIAL_TYPE_F; secID.type = SSCS_CREDENTIAL_TYPE_F;
secID.len = appSecretID->len; secID.len = appSecretID->len;
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
if(rcode == NSSCS_SUCCESS) if(rcode == NSSCS_SUCCESS)
{ {
// read the username and password // read the username and password
@ -3605,7 +3605,7 @@ miCASADeleteCredential
secID.len = appSecretID->len; secID.len = appSecretID->len;
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL); rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, ext);
// close the secretstore // close the secretstore
miCASACloseSecretStoreCache(context, ssFlags, NULL); miCASACloseSecretStoreCache(context, ssFlags, NULL);
@ -3750,3 +3750,46 @@ miCASAIsSecretPersistent
/* ############################### CODE ENDS HERE ############################# */ /* ############################### CODE ENDS HERE ############################# */
} // end of miCASAIsSecretPersistent } // end of miCASAIsSecretPersistent
/*
* NAME - miCASAMergeCache
*
* DESCRIPTION
* This call merges the src cache with the destination cache
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASAMergeCache
(
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrcCache
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
void *context = NULL;
int32_t rcode = 0;
SSCS_SECRETSTORE_T store = {0};
SSCS_CONTEXT_T *storeContext;
/* ############################## CODE STARTS HERE ############################ */
// open secretStore
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
store.version = 1;
context = miCASAOpenSecretStoreCache(&store, 0, NULL);
storeContext = (SSCS_CONTEXT_T *)context;
if(context == NULL)
{
return NSSCS_E_SYSTEM_FAILURE;
}
rcode = sscs_MergeCache(storeContext->ssHandle, srcExt, targetExt, bDestroySrcCache);
miCASACloseSecretStoreCache(context, 0, NULL);
return rcode;
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASAIsSecretPersistent