geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix for Zen/Security issue

Browse Source
This commit is contained in:
Jim Norman 2008-03-27 22:38:13 +00:00
parent 91d35ccb7c
commit a31cb2ba90
12 changed files with 197 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
CASA/logincapture/windows/lcredmgr.cpp
View File

@ -57,6 +57,8 @@
#define KERB_AUTH_TYPE L"Kerberos:Interactive"
#define WNNC_CRED_MANAGER 0xFFFF0000
#define HOOKCLIENT_OPTION L"hookclient"
#define WINDOWS_LOGON_ID 1
//===[ Type definitions ]==================================================
@ -455,7 +457,7 @@ NPLogonNotify (
#ifdef _DEBUG
DebugPrint("Domain exists - [%s], length %d\n", domainCredential.id, domainCredential.len);
#endif
/* Removed - not needed
ccode = (*pCASASetCredential)(
0,
&desktopCredential,
@ -474,8 +476,8 @@ NPLogonNotify (
DebugPrint("NSSCSSetCredential failed 0x%X\n", ccode);
}
#endif
}
*/
}
}
}
#ifdef _DEBUG
@ -936,60 +938,65 @@ DllInstall(
}
}
if (rc == S_OK)
{
rc = RegCreateKeyExA(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Novell\\Graphical Login\\NWLGE\\LCredMgr",
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
NULL);
// Install client hook if cmdline contains "hookclient"
if (rc == S_OK)
{
rc = RegSetValueExA(
hKey,
"LoginExtName",
0,
REG_SZ,
(BYTE *)szModule,
valueSize + 1);
if ((pszCmdLine != NULL) && (wcsncmp(HOOKCLIENT_OPTION, pszCmdLine, wcslen(HOOKCLIENT_OPTION))==0))
{
if (rc == S_OK)
{
rc = RegCreateKeyExA(
HKEY_LOCAL_MACHINE,
"SOFTWARE\\Novell\\Graphical Login\\NWLGE\\LCredMgr",
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hKey,
NULL);
if (rc != S_OK)
{
goto ErrorExit;
}
if (rc == S_OK)
{
rc = RegSetValueExA(
hKey,
"LoginExtName",
0,
REG_SZ,
(BYTE *)szModule,
valueSize + 1);
rc = RegSetValueExA(
hKey,
"LoginExtDesc",
0,
REG_SZ,
(BYTE *)"CASA Login Extension",
20);
if (rc != S_OK)
{
goto ErrorExit;
}
if (rc != S_OK)
{
goto ErrorExit;
}
rc = RegSetValueExA(
hKey,
"LoginExtDesc",
0,
REG_SZ,
(BYTE *)"CASA Login Extension",
20);
value = 0x00008002;
if (rc != S_OK)
{
goto ErrorExit;
}
rc = RegSetValueExA(
hKey,
"LoginExtType",
0,
REG_DWORD,
(BYTE *)&value,
sizeof(value));
value = 0x00008002;
ErrorExit:
RegCloseKey(hKey);
}
rc = RegSetValueExA(
hKey,
"LoginExtType",
0,
REG_DWORD,
(BYTE *)&value,
sizeof(value));
ErrorExit:
RegCloseKey(hKey);
}
}
}
}
else

1
CASA/logincapture/windows/windows.vcproj
View File

@ -4,6 +4,7 @@
Version="8.00"
Name="lcredmgr"
ProjectGUID="{55E85618-3643-4213-A15F-08DA1F02D9BB}"
RootNamespace="lcredmgr"
Keyword="Win32Proj"
>
<Platforms>

62
CASA/micasad/cache/SecretStore.cs vendored
View File

@ -889,38 +889,60 @@ namespace sscs.cache
internal Secret GetDesktopSecret()
{
return m_DesktopSecret;
if (common.CSSSUtils.StoreDesktopPasswordInCache())
{
try
{
string keyChainId = ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0";
KeyChain keyChain = GetKeyChain(keyChainId);
Secret secret;
try
{
secret = keyChain.GetSecret(ConstStrings.MICASA_DESKTOP_PASSWD);
return secret;
}
catch (SecretNotFoundException e)
{
CSSSLogger.DbgLog("Desktop password not found in cache, creating one");
secret = new Secret(ConstStrings.MICASA_DESKTOP_PASSWD);
keyChain.AddSecret(secret);
return secret;
}
catch (Exception e1)
{
CSSSLogger.DbgLog(e1.ToString());
}
}
catch (Exception)
{
CSSSLogger.DbgLog("KeyChain does not exist");
return null;
}
}
else
{
return m_DesktopSecret;
}
return null;
}
internal string GetDesktopPasswd()
{
try
{
Secret secret = GetDesktopSecret();
string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue();
return passwd;
if (secret != null)
{
string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue();
return passwd;
}
}
catch
{
CSSSLogger.DbgLog("Desktop password not set in Session");
}
try
{
string keyChainId = ConstStrings.SSCS_SESSION_KEY_CHAIN_ID + "\0";
KeyChain keyChain = GetKeyChain(keyChainId);
Secret secret = keyChain.GetSecret(ConstStrings.MICASA_DESKTOP_PASSWD);
string passwd = secret.GetKeyValue(ConstStrings.MICASA_DESKTOP_PASSWD_KEYNAME).GetValue();
return passwd;
}
catch (Exception e)
{
CSSSLogger.DbgLog("Desktop password not set");
}
}
return null;
}
internal string GetUserHomeDirectory()

29
CASA/micasad/common/CSSSUtils.cs
View File

@ -27,6 +27,8 @@ using System.Text;
using Mono.Unix;
using Mono.Unix.Native;
#endif
using sscs.common;
using sscs.constants;
@ -35,12 +37,35 @@ namespace sscs.common
class CSSSUtils
{
public static bool AllowDesktopPasswordAccess()
#if W32
private static bool IsRegKeySet(string sPath, string sValue)
{
Microsoft.Win32.RegistryKey key;
try
{
key = Microsoft.Win32.Registry.LocalMachine.OpenSubKey(sPath);
int iValue = (int)key.GetValue(sValue);
key.Close();
if (iValue > 0)
{
return true;
}
}
catch (Exception e)
{
}
return false;
}
#endif
public static bool StoreDesktopPasswordInCache()
{
#if LINUX
return true;
#else
return true;
return IsRegKeySet("SOFTWARE\\Novell\\CASA", "CacheDesktopPassword");
#endif
}

11
CASA/micasad/init/CredMgr.cs
View File

@ -35,7 +35,7 @@ namespace sscs.init
{
}
public static void Install()
public static void Install(string sInstallOption)
{
System.Diagnostics.Trace.WriteLine("CASA: attempting to register lcredmgr");
string sExePath = GetRegSvrPath();
@ -44,7 +44,14 @@ namespace sscs.init
string sCredMgrPath = GetCredMgrPath();
if (sCredMgrPath != null)
{
RunProcess(sExePath, "/i:thecommandline /n /s " + "\"" + sCredMgrPath + "\"");
if (sInstallOption != null)
{
RunProcess(sExePath, "/i:"+ sInstallOption + " /n /s " + "\"" + sCredMgrPath + "\"");
}
else
{
RunProcess(sExePath, "/i /n /s " + "\"" + sCredMgrPath + "\"");
}
}
}
}

10
CASA/micasad/init/ProjectInstaller.cs
View File

@ -131,15 +131,25 @@ namespace sscs.init
//Open the HKEY_LOCAL_MACHINE\SYSTEM key
system = Microsoft.Win32.Registry.LocalMachine.OpenSubKey("System");
//Open CurrentControlSet
currentControlSet = system.OpenSubKey("CurrentControlSet");
//Go to the services key
services = currentControlSet.OpenSubKey("Services");
//Open the key for your service, and allow writing
service = services.OpenSubKey(this.serviceInstaller1.ServiceName, true);
//Add service's description as a REG_SZ value named "Description"
service.SetValue("Description", SERVICE_DESCRIPTION);
service.SetValue("Group", SERVICE_GROUP);
service.Close();
services.Close();
currentControlSet.Close();
system.Close();
}
catch(Exception e)
{

5
CASA/micasad/init/WinSecretStoreClientService.cs
View File

@ -100,9 +100,9 @@ namespace sscs.init
System.Diagnostics.Debug.WriteLine("arg: " + arg);
}
if (opt != null && opt.ToLower() == "/capturelogin")
if (opt != null && opt.ToLower() == "/hookclient")
{
CredMgr.Install();
CredMgr.Install("hookclient");
return;
}
else if (opt != null && opt.ToLower() == "/install")
@ -110,6 +110,7 @@ namespace sscs.init
stopService();
uninstallService();
CredMgr.Uninstall();
CredMgr.Install(null);
installService();
startService();
return;

14
CASA/micasad/verbs/WriteKey.cs
View File

@ -206,23 +206,9 @@ namespace sscs.verbs
keyChain = ssStore.GetKeyChain(keyChainId);
Secret secret = null;
if (ConstStrings.MICASA_DESKTOP_PASSWD == secretId)
{
secret = ssStore.GetDesktopSecret();
if (common.CSSSUtils.AllowDesktopPasswordAccess())
{
if (keyChain.CheckIfSecretExists(secretId) == false)
{
keyChain.AddSecret(secret);
}
}
else
{
// NOTE: This removes secret is session too...
//keyChain.RemoveSecret(secretId);
}
}
else
{

148
CASA/package/windows/vs_solutions/CASA-msm/CASA-msm.vdproj
View File

@ -21,14 +21,8 @@
}
"Entry"
{
"MsmKey" = "8:_093DBD038821017381C58C1600BB65FF"
"OwnerKey" = "8:_69B8715C6C864CE4BA0C8234D344175F"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_093DBD038821017381C58C1600BB65FF"
"OwnerKey" = "8:_3FAA064A5C5743BB8AD74340F1E51D54"
"MsmKey" = "8:_048A7B362F6B1443A28BF3E3A36F6137"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
@ -39,6 +33,12 @@
}
"Entry"
{
"MsmKey" = "8:_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_3FAA064A5C5743BB8AD74340F1E51D54"
"OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED"
@ -51,12 +51,6 @@
}
"Entry"
{
"MsmKey" = "8:_67362662FCA5430D78E969E0849E5DA3"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_69B8715C6C864CE4BA0C8234D344175F"
"OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED"
@ -69,26 +63,14 @@
}
"Entry"
{
"MsmKey" = "8:_9758D1FBAC2381225654B6F8C266D939"
"MsmKey" = "8:_A80E6ED76A07359BE8DF5958EBDC7009"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_9758D1FBAC2381225654B6F8C266D939"
"OwnerKey" = "8:_9FC7A3EA3E129FBD361CE309C7C43080"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_9758D1FBAC2381225654B6F8C266D939"
"OwnerKey" = "8:_D83EEDA088D84DFF9B8BD181EA25EE66"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_9FC7A3EA3E129FBD361CE309C7C43080"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmKey" = "8:_A80E6ED76A07359BE8DF5958EBDC7009"
"OwnerKey" = "8:_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
@ -99,20 +81,20 @@
}
"Entry"
{
"MsmKey" = "8:_D83EEDA088D84DFF9B8BD181EA25EE66"
"MsmKey" = "8:_C41423472EC7318AE0EF12EEFFAF6195"
"OwnerKey" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_D83EEDA088D84DFF9B8BD181EA25EE66"
"OwnerKey" = "8:_9FC7A3EA3E129FBD361CE309C7C43080"
"MsmKey" = "8:_C41423472EC7318AE0EF12EEFFAF6195"
"OwnerKey" = "8:_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_FCA9C6770F0FB28185373954659263CB"
"OwnerKey" = "8:_01C1EAD583CE4AD39778A1F9EC86204D"
"MsmKey" = "8:_C41423472EC7318AE0EF12EEFFAF6195"
"OwnerKey" = "8:_A80E6ED76A07359BE8DF5958EBDC7009"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
@ -124,25 +106,25 @@
"Entry"
{
"MsmKey" = "8:_UNDEFINED"
"OwnerKey" = "8:_67362662FCA5430D78E969E0849E5DA3"
"OwnerKey" = "8:_048A7B362F6B1443A28BF3E3A36F6137"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_UNDEFINED"
"OwnerKey" = "8:_9FC7A3EA3E129FBD361CE309C7C43080"
"OwnerKey" = "8:_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_UNDEFINED"
"OwnerKey" = "8:_D83EEDA088D84DFF9B8BD181EA25EE66"
"OwnerKey" = "8:_A80E6ED76A07359BE8DF5958EBDC7009"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_UNDEFINED"
"OwnerKey" = "8:_9758D1FBAC2381225654B6F8C266D939"
"OwnerKey" = "8:_C41423472EC7318AE0EF12EEFFAF6195"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
@ -234,7 +216,7 @@
"Object" = "8:_C37A35F33FD14730BC7E7C47DF9C2DD1"
"FileType" = "3:2"
"InstallAction" = "3:1"
"Arguments" = "8:/capturelogin"
"Arguments" = "8:/hookclient"
"EntryPoint" = "8:"
"Sequence" = "3:2"
"Identifier" = "8:_59E88BBE_39ED_4920_A453_12AA5451C45A"
@ -264,34 +246,14 @@
}
"File"
{
"{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_093DBD038821017381C58C1600BB65FF"
{
"SourcePath" = "8:micasa.dll"
"TargetName" = "8:micasa.dll"
"Tag" = "8:"
"Folder" = "8:_4913CF477F8E455DA2D13A4A6892F4F7"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"
"ReadOnly" = "11:FALSE"
"Hidden" = "11:FALSE"
"System" = "11:FALSE"
"Permanent" = "11:FALSE"
"SharedLegacy" = "11:FALSE"
"PackageAs" = "3:1"
"Register" = "3:1"
"Exclude" = "11:FALSE"
"IsDependency" = "11:TRUE"
"IsolateTo" = "8:"
}
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_67362662FCA5430D78E969E0849E5DA3"
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_048A7B362F6B1443A28BF3E3A36F6137"
{
"AssemblyRegister" = "3:1"
"AssemblyIsInGAC" = "11:FALSE"
"AssemblyAsmDisplayName" = "8:Novell.CASA.CASAPol, Version=1.6.2992.23043, Culture=neutral, processorArchitecture=x86"
"AssemblyAsmDisplayName" = "8:Novell.CASA.CASAPol, Version=1.6.3008.18192, Culture=neutral, processorArchitecture=x86"
"ScatterAssemblies"
{
"_67362662FCA5430D78E969E0849E5DA3"
"_048A7B362F6B1443A28BF3E3A36F6137"
{
"Name" = "8:Novell.CASA.CASAPol.dll"
"Attributes" = "3:512"
@ -315,45 +277,14 @@
"IsDependency" = "11:TRUE"
"IsolateTo" = "8:"
}
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_9758D1FBAC2381225654B6F8C266D939"
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
{
"AssemblyRegister" = "3:1"
"AssemblyIsInGAC" = "11:FALSE"
"AssemblyAsmDisplayName" = "8:AppModule.InterProcessComm, Version=1.6.0.23042, Culture=neutral, processorArchitecture=MSIL"
"AssemblyAsmDisplayName" = "8:Novell.CASA.Common, Version=1.6.3008.18189, Culture=neutral, processorArchitecture=x86"
"ScatterAssemblies"
{
"_9758D1FBAC2381225654B6F8C266D939"
{
"Name" = "8:AppModule.InterProcessComm.dll"
"Attributes" = "3:512"
}
}
"SourcePath" = "8:AppModule.InterProcessComm.dll"
"TargetName" = "8:"
"Tag" = "8:"
"Folder" = "8:_24B477312C8840DB8DF8C1E373E7FC6D"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"
"ReadOnly" = "11:FALSE"
"Hidden" = "11:FALSE"
"System" = "11:FALSE"
"Permanent" = "11:FALSE"
"SharedLegacy" = "11:FALSE"
"PackageAs" = "3:1"
"Register" = "3:1"
"Exclude" = "11:FALSE"
"IsDependency" = "11:TRUE"
"IsolateTo" = "8:"
}
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_9FC7A3EA3E129FBD361CE309C7C43080"
{
"AssemblyRegister" = "3:1"
"AssemblyIsInGAC" = "11:FALSE"
"AssemblyAsmDisplayName" = "8:Novell.CASA.Common, Version=1.6.2992.23043, Culture=neutral, processorArchitecture=x86"
"ScatterAssemblies"
{
"_9FC7A3EA3E129FBD361CE309C7C43080"
"_3E7ABF8D4ECD72CBED6AB0E40638BDF1"
{
"Name" = "8:Novell.CASA.Common.dll"
"Attributes" = "3:512"
@ -377,14 +308,14 @@
"IsDependency" = "11:TRUE"
"IsolateTo" = "8:"
}
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_D83EEDA088D84DFF9B8BD181EA25EE66"
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_A80E6ED76A07359BE8DF5958EBDC7009"
{
"AssemblyRegister" = "3:1"
"AssemblyIsInGAC" = "11:FALSE"
"AssemblyAsmDisplayName" = "8:AppModule.NamedPipes, Version=1.6.0.23042, Culture=neutral, processorArchitecture=MSIL"
"AssemblyAsmDisplayName" = "8:AppModule.NamedPipes, Version=1.6.0.18189, Culture=neutral, processorArchitecture=MSIL"
"ScatterAssemblies"
{
"_D83EEDA088D84DFF9B8BD181EA25EE66"
"_A80E6ED76A07359BE8DF5958EBDC7009"
{
"Name" = "8:AppModule.NamedPipes.dll"
"Attributes" = "3:512"
@ -408,12 +339,23 @@
"IsDependency" = "11:TRUE"
"IsolateTo" = "8:"
}
"{1FB2D0AE-D3B9-43D4-B9DD-F88EC61E35DE}:_FCA9C6770F0FB28185373954659263CB"
"{9F6F8455-1EF1-4B85-886A-4223BCC8E7F7}:_C41423472EC7318AE0EF12EEFFAF6195"
{
"SourcePath" = "8:micasacache.dll"
"TargetName" = "8:micasacache.dll"
"AssemblyRegister" = "3:1"
"AssemblyIsInGAC" = "11:FALSE"
"AssemblyAsmDisplayName" = "8:AppModule.InterProcessComm, Version=1.6.0.18189, Culture=neutral, processorArchitecture=MSIL"
"ScatterAssemblies"
{
"_C41423472EC7318AE0EF12EEFFAF6195"
{
"Name" = "8:AppModule.InterProcessComm.dll"
"Attributes" = "3:512"
}
}
"SourcePath" = "8:AppModule.InterProcessComm.dll"
"TargetName" = "8:"
"Tag" = "8:"
"Folder" = "8:_4913CF477F8E455DA2D13A4A6892F4F7"
"Folder" = "8:_24B477312C8840DB8DF8C1E373E7FC6D"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"

BIN
CASA/package/windows/vs_solutions/CASA32-msi/CASA.ncb
View File

Binary file not shown.

BIN
CASA/package/windows/vs_solutions/CASA32-msi/CASA.suo
View File

Binary file not shown.

6
CASA/package/windows/vs_solutions/CASA32-msi/CASA.vdproj
View File

@ -316,7 +316,7 @@
"Name" = "8:Microsoft Visual Studio"
"ProductName" = "8:CASA"
"ProductCode" = "8:{82D754E5-AC82-48BC-B7AF-FAC9DBCBA9BF}"
"PackageCode" = "8:{543D4D2F-3245-43B6-A0C7-3E0EFA146CD3}"
"PackageCode" = "8:{115E9F7C-F53A-4CC6-801F-E9293BB56FA5}"
"UpgradeCode" = "8:{DFD8B8A0-EA51-4202-831C-7CD2B90A63AE}"
"RestartWWWService" = "11:FALSE"
"RemovePreviousVersions" = "11:TRUE"
@ -708,7 +708,7 @@
"ContextData" = "8:"
"Attributes" = "3:0"
"Setting" = "3:2"
"Value" = "8:By capturing your desktop password, CASA will remember saved passwords after restarts "
"Value" = "8:CASA can capture your username and password when you authenticate to Directory Services. Your credentials can then be used by other applications to authenticate."
"DefaultValue" = "8:#1215"
"UsePlugInResources" = "11:TRUE"
}
@ -721,7 +721,7 @@
"ContextData" = "8:"
"Attributes" = "3:0"
"Setting" = "3:2"
"Value" = "8:Capture Desktop Password"
"Value" = "8:Capture my credentials when Netware Client is present"
"DefaultValue" = "8:#1234"
"UsePlugInResources" = "11:TRUE"
}