diff --git a/auth_token/client/authmech.c b/auth_token/client/authmech.c index 8f579bd6..991a64bb 100644 --- a/auth_token/client/authmech.c +++ b/auth_token/client/authmech.c @@ -88,7 +88,7 @@ GetAuthTokenIf( { LIST_ENTRY *pListEntry; AuthMechMod *pAuthMechMod = NULL; - int32_t authTypeNameLen = (int32_t) strlen(pAuthTypeName); + int authTypeNameLen = strlen(pAuthTypeName); // Look if we already have the module in our list pListEntry = g_authMechModuleListHead.Flink; @@ -260,14 +260,15 @@ GetAuthMechToken( // // Notes: // -// L0 +// L2 //=======================================================================-- { - CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); + CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); AuthTokenIf *pAuthTokenIf; + DbgTrace(1, "-GetAuthMechToken- Start\n", 0); // Initialize output parameter @@ -275,7 +276,7 @@ GetAuthMechToken( // Obtain the appropriate token interface for the authentication type retStatus = GetAuthTokenIf(pAuthContext->pMechanism, - &pAuthTokenIf); + &pAuthTokenIf); if (CASA_SUCCESS(retStatus)) { char *pAuthToken = NULL; @@ -284,10 +285,10 @@ GetAuthMechToken( // We found a provider for the service, query it for the buffer size // needed to obtain the authentication token. retStatus = pAuthTokenIf->getAuthToken(pAuthTokenIf, - pAuthContext->pContext, - pAuthContext->pMechInfo, - pAuthToken, - &authTokenBufLen); + pAuthContext->pContext, + pAuthContext->pMechInfo, + pAuthToken, + &authTokenBufLen); if (CasaStatusCode(retStatus) == CASA_STATUS_BUFFER_OVERFLOW) { // Allocate buffer to hold the authentication token @@ -296,10 +297,10 @@ GetAuthMechToken( { // Request the token from the provider retStatus = pAuthTokenIf->getAuthToken(pAuthTokenIf, - pAuthContext->pContext, - pAuthContext->pMechInfo, - pAuthToken, - &authTokenBufLen); + pAuthContext->pContext, + pAuthContext->pMechInfo, + pAuthToken, + &authTokenBufLen); if (CASA_SUCCESS(retStatus)) { // Return the buffer containing the token to the caller @@ -331,3 +332,8 @@ GetAuthMechToken( return retStatus; } + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/authmsg.c b/auth_token/client/authmsg.c index bc4a27d4..850677dc 100644 --- a/auth_token/client/authmsg.c +++ b/auth_token/client/authmsg.c @@ -60,7 +60,7 @@ typedef struct _AuthRespParse { XML_Parser p; int state; - int tokenDataProcessed; + int elementDataProcessed; AuthenticateResp *pAuthenticateResp; CasaStatus status; @@ -85,7 +85,7 @@ BuildAuthenticateMsg( // // Notes: // -// L0 +// L2 //=======================================================================-- { char *pMsg = NULL; @@ -184,7 +184,7 @@ AuthRespStartElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-AuthRespStartElementHandler- Start\n", 0); @@ -278,6 +278,95 @@ AuthRespStartElementHandler( } +//++======================================================================= +static +CasaStatus +ConsumeElementData( + IN AuthRespParse *pAuthRespParse, + IN const XML_Char *s, + IN int len, + INOUT char **ppElementData, + INOUT int *pElementDataLen) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + + DbgTrace(3, "-ConsumeElementData- Start\n", 0); + + // Proceed based on whether or not we have already consumed data + // for this element. + if (*ppElementData == NULL) + { + // We have not yet consumed data for this element + pAuthRespParse->elementDataProcessed = len; + + // Allocate a buffer to hold this element data (null terminated). + *ppElementData = (char*) malloc(len + 1); + if (*ppElementData) + { + memset(*ppElementData, 0, len + 1); + memcpy(*ppElementData, s, len); + + // Return the length of the element data buffer + *pElementDataLen = pAuthRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + else + { + char *pNewBuf; + + // We have already received token data, append this data to it. + pNewBuf = (char*) malloc(pAuthRespParse->elementDataProcessed + len + 1); + if (pNewBuf) + { + memset(pNewBuf, + 0, + pAuthRespParse->elementDataProcessed + len + 1); + memcpy(pNewBuf, + *ppElementData, + pAuthRespParse->elementDataProcessed); + memcpy(pNewBuf + pAuthRespParse->elementDataProcessed, s, len); + pAuthRespParse->elementDataProcessed += len; + + // Swap the buffers + free(*ppElementData); + *ppElementData = pNewBuf; + + // Return the length of the element data buffer + *pElementDataLen = pAuthRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + + DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= static void XMLCALL @@ -294,7 +383,7 @@ AuthRespCharDataHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-AuthRespCharDataHandler- Start\n", 0); @@ -310,8 +399,10 @@ AuthRespCharDataHandler( switch (pAuthRespParse->state) { case AWAITING_DESCRIPTION_DATA: + case AWAITING_DESCRIPTION_ELEMENT_END: // Ignore the status description data for now. + // tbd // Advanced to the next state pAuthRespParse->state = AWAITING_DESCRIPTION_ELEMENT_END; @@ -361,58 +452,20 @@ AuthRespCharDataHandler( case AWAITING_SESSION_TOKEN_DATA: case AWAITING_SESSION_TOKEN_ELEMENT_END: - // Check if we have already processed token data - if (pAuthRespParse->tokenDataProcessed == 0) + // Consume the data + pAuthRespParse->status = ConsumeElementData(pAuthRespParse, + s, + len, + &pAuthRespParse->pAuthenticateResp->pToken, + &pAuthRespParse->pAuthenticateResp->tokenLen); + if (CASA_SUCCESS(pAuthRespParse->status)) { - // Keep a copy of the session token (null terminated) - pAuthRespParse->pAuthenticateResp->pToken = (char*) malloc(len + 1); - if (pAuthRespParse->pAuthenticateResp->pToken) - { - memset(pAuthRespParse->pAuthenticateResp->pToken, 0, len + 1); - memcpy(pAuthRespParse->pAuthenticateResp->pToken, s, len); - pAuthRespParse->tokenDataProcessed = len; - - // Advanced to the next state - pAuthRespParse->state = AWAITING_SESSION_TOKEN_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthRespCharDataHandler- Buffer allocation failure\n", 0); - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthRespParse->p, XML_FALSE); - } + // Advanced to the next state + pAuthRespParse->state = AWAITING_SESSION_TOKEN_ELEMENT_END; } else { - char *pNewBuf; - - // We have already received token data, append this data to it. - pNewBuf = (char*) malloc(pAuthRespParse->tokenDataProcessed + len + 1); - if (pNewBuf) - { - memset(pNewBuf, - 0, - pAuthRespParse->tokenDataProcessed + len + 1); - memcpy(pNewBuf, - pAuthRespParse->pAuthenticateResp->pToken, - pAuthRespParse->tokenDataProcessed); - memcpy(pNewBuf + pAuthRespParse->tokenDataProcessed, s, len); - pAuthRespParse->tokenDataProcessed += len; - - // Swap the buffers - free(pAuthRespParse->pAuthenticateResp->pToken); - pAuthRespParse->pAuthenticateResp->pToken = pNewBuf; - } - else - { - DbgTrace(0, "-AuthRespCharDataHandler- Buffer allocation failure\n", 0); - pAuthRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthRespParse->p, XML_FALSE); - } + XML_StopParser(pAuthRespParse->p, XML_FALSE); } break; @@ -443,7 +496,7 @@ AuthRespEndElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-AuthRespEndElementHandler- Start\n", 0); @@ -560,7 +613,7 @@ CreateAuthenticateResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { CasaStatus retStatus = CASA_STATUS_SUCCESS; @@ -580,7 +633,7 @@ CreateAuthenticateResp( * * * When an authentication request fails to be successfully processed, the server - * responds with an error and a error description string. The message format of + * responds with an error and an error description string. The message format of * an unsuccessful reply is as follows: * * @@ -709,7 +762,7 @@ RelAuthenticateResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(1, "-RelAuthenticateResp- Start\n", 0); @@ -723,3 +776,8 @@ RelAuthenticateResp( DbgTrace(1, "-RelAuthenticateResp- End\n", 0); } + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/authpolicy.c b/auth_token/client/authpolicy.c new file mode 100644 index 00000000..4c4ee41d --- /dev/null +++ b/auth_token/client/authpolicy.c @@ -0,0 +1,802 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + + +//===[ Include files ]===================================================== + +#include "internal.h" + +//===[ Type definitions ]================================================== + +// +// Parse states +// +#define AWAITING_ROOT_ELEMENT_START 0x0 +#define AWAITING_ROOT_ELEMENT_END 0x1 +#define AWAITING_AUTH_POLICY_ELEMENT_START 0x2 +#define AWAITING_AUTH_POLICY_ELEMENT_END 0x3 +#define AWAITING_AUTH_POLICY_DATA 0x4 +#define AWAITING_AUTH_SOURCE_ELEMENT_START 0x5 +#define AWAITING_AUTH_SOURCE_ELEMENT_END 0x6 +#define AWAITING_AUTH_SOURCE_CHILD_START 0x7 +#define AWAITING_REALM_DATA 0x8 +#define AWAITING_REALM_ELEMENT_END 0x9 +#define AWAITING_MECHANISM_DATA 0xA +#define AWAITING_MECHANISM_ELEMENT_END 0xB +#define AWAITING_MECHANISM_INFO_DATA 0xC +#define AWAITING_MECHANISM_INFO_ELEMENT_END 0xD +#define AWAITING_UNKNOWN_DATA 0xE +#define AWAITING_UNKNOWN_ELEMENT_END 0xF +#define DONE_PARSING 0x10 + +// +// Authentication Policy Parse Structure +// +typedef struct _AuthPolicyParse +{ + XML_Parser p; + int state; + int elementDataProcessed; + AuthPolicy *pAuthPolicy; + CasaStatus status; + +} AuthPolicyParse, *PAuthPolicyParse; + + +//===[ Function prototypes ]=============================================== + +//===[ Global variables ]================================================== + +//++======================================================================= +static +void XMLCALL +AuthPolicyStartElementHandler( + IN AuthPolicyParse *pAuthPolicyParse, + IN const XML_Char *name, + IN const XML_Char **atts) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + DbgTrace(2, "-AuthPolicyStartElementHandler- Start\n", 0); + + // Proceed based on the state + switch (pAuthPolicyParse->state) + { + case AWAITING_ROOT_ELEMENT_START: + + // In this state, we are only expecting the Authentication + // Policy Element. + if (strcmp(name, AUTH_POLICY_ELEMENT_NAME) == 0) + { + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_ELEMENT_START; + } + else + { + DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_AUTH_SOURCE_ELEMENT_START: + case AWAITING_ROOT_ELEMENT_END: + + // In this state, we are only expecting the start of an Authentication + // Source Element. + if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) + { + AuthContext *pAuthContext; + + // Create an authentication context structure + pAuthContext = (AuthContext*) malloc(sizeof(AuthContext)); + if (pAuthContext) + { + // Initialize the allocated AuthContext structure and associate it + // with the AuthPolicy structure. + memset(pAuthContext, 0, sizeof(*pAuthContext)); + InsertTailList(&pAuthPolicyParse->pAuthPolicy->authContextListHead, &pAuthContext->listEntry); + + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; + } + else + { + DbgTrace(0, "-AuthPolicyStartElementHandler- Buffer allocation error\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + } + else + { + DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_AUTH_SOURCE_CHILD_START: + + // Proceed based on the name of the element + if (strcmp(name, REALM_ELEMENT_NAME) == 0) + { + // Advance to the next state. + pAuthPolicyParse->state = AWAITING_REALM_DATA; + } + else if (strcmp(name, MECHANISM_ELEMENT_NAME) == 0) + { + // Advance to the next state. + pAuthPolicyParse->state = AWAITING_MECHANISM_DATA; + } + else if (strcmp(name, MECHANISM_INFO_ELEMENT_NAME) == 0) + { + // Advance to the next state. + pAuthPolicyParse->state = AWAITING_MECHANISM_INFO_DATA; + } + else if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) + { + // We are starting a new auth source entry, create an authentication + // context structure to hold its information. + AuthContext *pAuthContext; + + // Create an authentication context structure + pAuthContext = (AuthContext*) malloc(sizeof(AuthContext)); + if (pAuthContext) + { + // Initialize the allocated AuthContext structure and associate it + // with the AuthPolicy structure. + memset(pAuthContext, 0, sizeof(*pAuthContext)); + InsertTailList(&pAuthPolicyParse->pAuthPolicy->authContextListHead, &pAuthContext->listEntry); + } + else + { + DbgTrace(0, "-AuthPolicyStartElementHandler- Buffer allocation error\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + } + else + { + // Advance to the next state. + pAuthPolicyParse->state = AWAITING_UNKNOWN_DATA; + } + break; + + default: + DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected state = %d\n", pAuthPolicyParse->state); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + break; + } + + DbgTrace(2, "-AuthPolicyStartElementHandler- End\n", 0); +} + + +//++======================================================================= +static +CasaStatus +ConsumeElementData( + IN AuthPolicyParse *pAuthPolicyParse, + IN const XML_Char *s, + IN int len, + INOUT char **ppElementData, + INOUT int *pElementDataLen) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + + DbgTrace(3, "-ConsumeElementData- Start\n", 0); + + // Proceed based on whether or not we have already consumed data + // for this element. + if (*ppElementData == NULL) + { + // We have not yet consumed data for this element + pAuthPolicyParse->elementDataProcessed = len; + + // Allocate a buffer to hold this element data (null terminated). + *ppElementData = (char*) malloc(len + 1); + if (*ppElementData) + { + memset(*ppElementData, 0, len + 1); + memcpy(*ppElementData, s, len); + + // Return the length of the element data buffer + *pElementDataLen = pAuthPolicyParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + else + { + char *pNewBuf; + + // We have already received token data, append this data to it. + pNewBuf = (char*) malloc(pAuthPolicyParse->elementDataProcessed + len + 1); + if (pNewBuf) + { + memset(pNewBuf, + 0, + pAuthPolicyParse->elementDataProcessed + len + 1); + memcpy(pNewBuf, + *ppElementData, + pAuthPolicyParse->elementDataProcessed); + memcpy(pNewBuf + pAuthPolicyParse->elementDataProcessed, s, len); + pAuthPolicyParse->elementDataProcessed += len; + + // Swap the buffers + free(*ppElementData); + *ppElementData = pNewBuf; + + // Return the length of the element data buffer + *pElementDataLen = pAuthPolicyParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + + DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + +//++======================================================================= +static +void XMLCALL +AuthPolicyCharDataHandler( + IN AuthPolicyParse *pAuthPolicyParse, + IN const XML_Char *s, + IN int len) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + AuthContext *pAuthContext; + + DbgTrace(2, "-AuthPolicyCharDataHandler- Start\n", 0); + + // Just exit if being called to process LF and CR characters + if (len == 1 + && ((*s == '\n') || (*s == '\r'))) + { + goto exit; + } + + // Proceed based on the state + switch (pAuthPolicyParse->state) + { + case AWAITING_REALM_DATA: + + // Get access to the AuthContext at the tail of the list + pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, + AuthContext, + listEntry); + + // Consume the data + pAuthPolicyParse->status = ConsumeElementData(pAuthPolicyParse, + s, + len, + &pAuthContext->pContext, + &pAuthContext->contextLen); + if (CASA_SUCCESS(pAuthPolicyParse->status)) + { + // Advanced to the next state + pAuthPolicyParse->state = AWAITING_REALM_ELEMENT_END; + } + else + { + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_MECHANISM_DATA: + + // Get access to the AuthContext at the tail of the list + pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, + AuthContext, + listEntry); + + // Consume the data + pAuthPolicyParse->status = ConsumeElementData(pAuthPolicyParse, + s, + len, + &pAuthContext->pMechanism, + &pAuthContext->mechanismLen); + if (CASA_SUCCESS(pAuthPolicyParse->status)) + { + // Advanced to the next state + pAuthPolicyParse->state = AWAITING_MECHANISM_ELEMENT_END; + } + else + { + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_MECHANISM_INFO_DATA: + + // Get access to the AuthContext at the tail of the list + pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, + AuthContext, + listEntry); + + // Consume the data + pAuthPolicyParse->status = ConsumeElementData(pAuthPolicyParse, + s, + len, + &pAuthContext->pMechInfo, + &pAuthContext->mechInfoLen); + if (CASA_SUCCESS(pAuthPolicyParse->status)) + { + // Advanced to the next state + pAuthPolicyParse->state = AWAITING_MECHANISM_INFO_ELEMENT_END; + } + else + { + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_UNKNOWN_DATA: + + // Just advance the state + pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END; + break; + + default: + DbgTrace(0, "-AuthPolicyCharDataHandler- Un-expected state = %d\n", pAuthPolicyParse->state); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + break; + } + +exit: + + DbgTrace(2, "-AuthPolicyCharDataHandler- End\n", 0); +} + + +//++======================================================================= +static +void XMLCALL +AuthPolicyEndElementHandler( + IN AuthPolicyParse *pAuthPolicyParse, + IN const XML_Char *name) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + AuthContext *pAuthContext; + + DbgTrace(2, "-AuthPolicyEndElementHandler- Start\n", 0); + + // Proceed based on the state + switch (pAuthPolicyParse->state) + { + case AWAITING_ROOT_ELEMENT_END: + + // In this state, we are only expecting the Authentication + // Policy Element. + if (strcmp(name, AUTH_POLICY_ELEMENT_NAME) == 0) + { + // Done. + pAuthPolicyParse->state = DONE_PARSING; + } + else + { + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_AUTH_SOURCE_CHILD_START: + + // In this state, we are only expecting the Authentication + // Source Response Element. + if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) + { + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_ROOT_ELEMENT_END; + } + else + { + DbgTrace(0, "-AuthPolicyEndHandler- Un-expected end element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_REALM_ELEMENT_END: + + // In this state, we are only expecting the Realm Element. + if (strcmp(name, REALM_ELEMENT_NAME) == 0) + { + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; + } + else + { + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_MECHANISM_ELEMENT_END: + + // In this state, we are only expecting the Mechanism Element. + if (strcmp(name, MECHANISM_ELEMENT_NAME) == 0) + { + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; + } + else + { + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_MECHANISM_INFO_DATA: + + // Get access to the AuthContext at the tail of the list + pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, + AuthContext, + listEntry); + + // There was no mechanism info data. Set it to an empty string. + pAuthContext->pMechInfo = (char*) malloc(1); + if (pAuthContext->pMechInfo) + { + *pAuthContext->pMechInfo = '\0'; + } + else + { + DbgTrace(0, "-AuthPolicyEndElementHandler- Buffer allocation failure\n", 0); + pAuthPolicyParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + break; + } + // Fall through + + case AWAITING_MECHANISM_INFO_ELEMENT_END: + + // In this state, we are only expecting the Mechanism Info Element. + if (strcmp(name, MECHANISM_INFO_ELEMENT_NAME) == 0) + { + // Good, advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; + } + else + { + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + } + break; + + case AWAITING_UNKNOWN_ELEMENT_END: + + // Advance to the next state. + pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; + break; + + default: + DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected state = %d\n", pAuthPolicyParse->state); + XML_StopParser(pAuthPolicyParse->p, XML_FALSE); + break; + } + + DbgTrace(2, "-AuthPolicyEndElementHandler- End\n", 0); +} + + +//++======================================================================= +CasaStatus +CreateAuthPolicy( + IN char *pEncodedData, + IN int encodedDataLen, + INOUT AuthPolicy **ppAuthPolicy) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus; + AuthPolicy *pAuthPolicy = NULL; + AuthPolicyParse authPolicyParse = {0}; + char *pData = NULL; + int dataLen = 0; + + DbgTrace(1, "-CreateAuthPolicy- Start\n", 0); + + /* + * An authentication policy document has the following format: + * + * + * + * + * realm name + * authentication mechanism type + * authentication mechanism context data + * + * ... + * + * + * The authentication policy document can contain multiple auth_source + * elements. These auth_source elements can be for different authentication + * sources or for the same authentication source but specifying a different + * authentication mechanism. + * + * The following is a sample authentication policy document: + * + * + * + * + * Corp_eDirTree + * Krb5Authenticate + * host/hostname + * + * + * Corp_eDirTree + * PwdAuthenticate + * + * + * + * + * This authentication policy would tell the CASA client that it can + * authenticate to the CASA Authentication Token Service using + * credentials for the Corp_eDirTree and utilizing either the + * Krb5 authentication mechanism or the Pwd authentication mechanism. + * The Krb5 authentication mechanism context data specifies the + * name of the Kerberos service principal. + * + */ + + // Initialize output parameter + *ppAuthPolicy = NULL; + + // Decode the data + retStatus = DecodeData(pEncodedData, + encodedDataLen, + &pData, + &dataLen); + if (CASA_SUCCESS(retStatus)) + { + // Allocate space for the AuthPolicy structure + pAuthPolicy = (AuthPolicy*) malloc(sizeof(*pAuthPolicy)); + if (pAuthPolicy) + { + XML_Parser p; + + // Initialize the AuthPolicy object + memset(pAuthPolicy, 0, sizeof(*pAuthPolicy)); + InitializeListHead(&pAuthPolicy->authContextListHead); + + // Set the AuthPolicy object in the parse object + authPolicyParse.pAuthPolicy = pAuthPolicy; + + // Create parser + p = XML_ParserCreate(NULL); + if (p) + { + // Keep track of the parser in our parse object + authPolicyParse.p = p; + + // Initialize the status within the parse object + authPolicyParse.status = CASA_STATUS_SUCCESS; + + // Set the start and end element handlers + XML_SetElementHandler(p, + AuthPolicyStartElementHandler, + AuthPolicyEndElementHandler); + + // Set the character data handler + XML_SetCharacterDataHandler(p, AuthPolicyCharDataHandler); + + // Set our user data + XML_SetUserData(p, &authPolicyParse); + + // Parse the document + if (XML_Parse(p, pData, dataLen, 1) == XML_STATUS_OK) + { + // Verify that the parse operation completed successfully + if (authPolicyParse.state == DONE_PARSING) + { + // The parse operation succeded + retStatus = CASA_STATUS_SUCCESS; + } + else + { + DbgTrace(0, "-CreateAuthPolicy- Parse operation did not complete\n", 0); + + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_PROTOCOL_ERROR); + } + } + else + { + DbgTrace(0, "-CreateAuthPolicy- Parse error %d\n", XML_GetErrorCode(p)); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_PROTOCOL_ERROR); + } + + // Free the parser + XML_ParserFree(p); + } + else + { + DbgTrace(0, "-CreateAuthPolicy- Parser creation error\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + + // Return the AuthPolicy object to the caller if necessary + if (CASA_SUCCESS(retStatus)) + { + *ppAuthPolicy = pAuthPolicy; + + // Forget about the AuthPolicy object so that it is not release down below + pAuthPolicy = NULL; + } + } + else + { + DbgTrace(0, "-CreateAuthPolicy- Buffer allocation error\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + else + { + DbgTrace(0, "-CreateAuthPolicy- Buffer allocation error\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + + // Release necessary allocated resources + if (pAuthPolicy) + RelAuthPolicy(pAuthPolicy); + + if (pData) + free(pData); + + DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + +//++======================================================================= +void +RelAuthPolicy( + IN AuthPolicy *pAuthPolicy) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + LIST_ENTRY *pListEntry; + + DbgTrace(1, "-RelAuthPolicy- Start\n", 0); + + // Free all of the associated AuthContexts + pListEntry = pAuthPolicy->authContextListHead.Flink; + while (pListEntry != &pAuthPolicy->authContextListHead) + { + AuthContext *pAuthContext; + + // Get pointer to AuthContext structure + pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); + + // Free associated buffers + if (pAuthContext->pContext) + free(pAuthContext->pContext); + + if (pAuthContext->pMechanism) + free(pAuthContext->pMechanism); + + if (pAuthContext->pMechInfo) + free(pAuthContext->pMechInfo); + + // Remove the entry from the list + RemoveEntryList(&pAuthContext->listEntry); + + // Free the AuthContext + free(pAuthContext); + + // Advance to the next entry + pListEntry = pAuthPolicy->authContextListHead.Flink; + } + + // Free the AuthPolicy + free(pAuthPolicy); + + DbgTrace(1, "-RelAuthPolicy- End\n", 0); +} + + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/client.vcproj b/auth_token/client/client.vcproj index 048b2283..5305f1f1 100644 --- a/auth_token/client/client.vcproj +++ b/auth_token/client/client.vcproj @@ -21,7 +21,7 @@ Name="VCCLCompilerTool" AdditionalOptions="/D "XML_STATIC"" Optimization="0" - AdditionalIncludeDirectories=".;win32;..\..\include;..\..\..\Expat-2.0.0\source\lib" + AdditionalIncludeDirectories=".;win32;..\include;..\..\include;..\..\..\Expat-2.0.0\source\lib" PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" MinimalRebuild="TRUE" BasicRuntimeChecks="3" @@ -81,7 +81,7 @@ copy $(OutDir)\authtoken.lib \"Program Files"\novell\casa\lib\authtoke + + @@ -183,7 +186,7 @@ copy $(OutDir)\authtoken.lib \"Program Files"\novell\casa\lib\authtoke RelativePath=".\internal.h"> + RelativePath="..\include\list_entry.h"> @@ -192,7 +195,7 @@ copy $(OutDir)\authtoken.lib \"Program Files"\novell\casa\lib\authtoke RelativePath=".\win32\platform.h"> + RelativePath="..\include\proto.h"> + * + ***********************************************************************/ + + +#ifndef _CONFIG_IF_H_ +#define _CONFIG_IF_H_ + + +//===[ Include files ]===================================================== + +//===[ Type definitions ]================================================== + +//===[ Function prototypes ]=============================================== + +//===[ Global variables ]================================================== + +/************************************************************************** +*************************************************************************** +** ** +** Configuration Object Interface Definitions ** +** ** +*************************************************************************** +**************************************************************************/ + + +//++======================================================================= +typedef +int +(SSCS_CALL *PFNConfiglIf_AddReference)( + IN const void *pIfInstance); +// +// Arguments: +// pIfInstance - +// Pointer to interface object. +// +// Returns: +// Interface reference count. +// +// Description: +// Increases interface reference count. +//=======================================================================-- + + +//++======================================================================= +typedef +void +(SSCS_CALL *PFNConfiglIf_ReleaseReference)( + IN const void *pIfInstance); +// +// Arguments: +// pIfInstance - +// Pointer to interface object. +// +// Returns: +// Nothing. +// +// Description: +// Decreases interface reference count. The interface is deallocated if +// the reference count becomes zero. +//=======================================================================-- + + +//++======================================================================= +typedef +char* +(SSCS_CALL *PFNConfiglIf_GetEntryValue)( + IN const void *pIfInstance, + IN const char *pKeyName); +// +// Arguments: +// pIfInstance - +// Pointer to interface object. +// +// pKeyName - +// Pointer to NULL terminated string that contains the +// name of the key whose value is being requested. +// +// Returns: +// Pointer to NULL terminated string with value being requested or NULL. +// +// Description: +// Gets value associated with a key for the configuration object. +//=======================================================================-- + + +// +// Config Interface Object +// +typedef struct _ConfigIf +{ + PFNConfiglIf_AddReference addReference; + PFNConfiglIf_ReleaseReference releaseReference; + PFNConfiglIf_GetEntryValue getEntryValue; + +} ConfigIf, *PConfigIf; + + +#endif // #ifndef _CONFIG_IF_H_ + diff --git a/auth_token/client/engine.c b/auth_token/client/engine.c index 63b8d26c..8ec47d6f 100644 --- a/auth_token/client/engine.c +++ b/auth_token/client/engine.c @@ -52,7 +52,6 @@ static CasaStatus ObtainSessionToken( IN RpcSession *pRpcSession, - IN char *pHostName, IN AuthPolicy *pAuthPolicy, INOUT char **ppSessionToken) // @@ -64,14 +63,14 @@ ObtainSessionToken( // // Notes: // -// L0 +// L2 //=======================================================================-- { - CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); - LIST_ENTRY *pListEntry; - AuthCacheEntry *pCacheEntry = NULL; + CasaStatus retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + LIST_ENTRY *pListEntry; + AuthCacheEntry *pCacheEntry = NULL; DbgTrace(1, "-ObtainSessionToken- Start\n", 0); @@ -89,20 +88,23 @@ ObtainSessionToken( pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); // Try to find a cache entry for the auth context - pCacheEntry = FindEntryInAuthCache(pAuthContext->pContext, pHostName); + pCacheEntry = FindEntryInAuthCache(pAuthContext->pContext, NULL); if (pCacheEntry != NULL) { - // Cache entry found, update the return status with the information - // saved in it and stop looking. - retStatus = pCacheEntry->status; - break; + // Cache entry found, check if it is of use to us. + if (CASA_SUCCESS(pCacheEntry->status)) + { + // This entry can be used, stop looking. + retStatus = pCacheEntry->status; + break; + } } // Advance to the next entry pListEntry = pListEntry->Flink; } - // If we did not find a cache entry that we can use, then Try to create one. + // If we did not find a cache entry that we can use, then try to create one. pListEntry = pAuthPolicy->authContextListHead.Flink; while (!CASA_SUCCESS(retStatus) && pListEntry != &pAuthPolicy->authContextListHead) @@ -113,98 +115,105 @@ ObtainSessionToken( // Get pointer to AuthContext structure pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); - // Get authentication mechanism token - retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken); - if (!CASA_SUCCESS(retStatus)) + // Only try to create cache entry for the auth context if there is not + // one already. + pCacheEntry = FindEntryInAuthCache(pAuthContext->pContext, NULL); + if (pCacheEntry == NULL) { - // We were not able to obtain an authentication mechanism token - // for the context. - // - // Advance to the next entry - pListEntry = pListEntry->Flink; - continue; - } - - // Create a cache entry for the auth context - pCacheEntry = CreateAuthCacheEntry(pAuthContext->pContext, pHostName); - if (pCacheEntry) - { - char *pReqMsg = NULL; - char *pRespMsg = NULL; - int respLen; - int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure - - // Request auth token for the service - pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken); - if (pReqMsg) + // Get authentication mechanism token + retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken); + if (!CASA_SUCCESS(retStatus)) { - // Issue rpc - retStatus = Rpc(pRpcSession, - pAuthContext->pMechanism, - secureRpcSetting, - pReqMsg, - &pRespMsg, - &respLen); - if (CASA_SUCCESS(retStatus)) - { - AuthenticateResp *pAuthenticateResp; + // We were not able to obtain an authentication mechanism token + // for the context. + // + // Advance to the next entry + pListEntry = pListEntry->Flink; + continue; + } - // Create Authenticate response object - retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp); + // Create a cache entry for the auth context + pCacheEntry = CreateAuthCacheEntry(pAuthContext->pContext, NULL); + if (pCacheEntry) + { + char *pReqMsg = NULL; + char *pRespMsg = NULL; + int respLen; + int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure + + // Request auth token for the service + pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken); + if (pReqMsg) + { + // Issue rpc + retStatus = Rpc(pRpcSession, + pAuthContext->pMechanism, + secureRpcSetting, + pReqMsg, + &pRespMsg, + &respLen); if (CASA_SUCCESS(retStatus)) { - // Return the auth token to the caller - pCacheEntry->pToken = pAuthenticateResp->pToken; - pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer - cacheEntryLifetime = pAuthenticateResp->tokenLifetime; + AuthenticateResp *pAuthenticateResp; - // Free the Authenticate response object - RelAuthenticateResp(pAuthenticateResp); + // Create Authenticate response object + retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp); + if (CASA_SUCCESS(retStatus)) + { + // Return the auth token to the caller + pCacheEntry->pToken = pAuthenticateResp->pToken; + pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer + cacheEntryLifetime = pAuthenticateResp->tokenLifetime; + + // Free the Authenticate response object + RelAuthenticateResp(pAuthenticateResp); + } } + else + { + DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus); + } + + // Free resources that may be hanging around + if (pRespMsg) + free(pRespMsg); + + free(pReqMsg); } else { - DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus); + DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + + // Add the entry to the cache if successful or if the reason that we failed + // was because the server was unavailable. + if (CASA_SUCCESS(retStatus) + || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) + { + pCacheEntry->status = retStatus; + AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime); + } + else + { + // Free the entry + FreeAuthCacheEntry(pCacheEntry); } } else { - DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); + DbgTrace(0, "-ObtainSessionToken- Cache entry creation failure\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); } - // Add the entry to the cache if successful or if the reason that we failed - // was because the server was unavailable. - if (CASA_SUCCESS(retStatus) - || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) - { - pCacheEntry->status = retStatus; - AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime); - } - else - { - // Free the entry - FreeAuthCacheEntry(pCacheEntry); - } - } - else - { - DbgTrace(0, "-ObtainSessionToken- Cache entry creation failure\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - - // Stop trying after freeing up the buffer associated with - // the authentication mechanism token. + // Free up the buffer associated with the authentication mechanism token free(pAuthMechToken); - break; } - // Free up the buffer associated with the authentication mechanism token - free(pAuthMechToken); - // Advance to the next entry pListEntry = pListEntry->Flink; } @@ -251,7 +260,7 @@ ObtainAuthTokenFromServer( // // Notes: // -// L0 +// L2 //=======================================================================-- { CasaStatus retStatus = CASA_STATUS_SUCCESS; @@ -298,7 +307,7 @@ ObtainAuthTokenFromServer( if (CASA_SUCCESS(retStatus)) { // Now try to obtain a session token - retStatus = ObtainSessionToken(pRpcSession, pHostName, pAuthPolicy, &pSessionToken); + retStatus = ObtainSessionToken(pRpcSession, pAuthPolicy, &pSessionToken); if (CASA_SUCCESS(retStatus)) { // Request auth token for the service @@ -328,6 +337,10 @@ ObtainAuthTokenFromServer( pGetAuthTokenResp->pToken = NULL; // To keep us from freeing the buffer *pTokenLifetime = pGetAuthTokenResp->tokenLifetime; } + else + { + DbgTrace(0, "-ObtainAuthTokenFromServer- Failed to create GetAuthTokenResp object, error = %08X\n", retStatus); + } } else { @@ -344,9 +357,17 @@ ObtainAuthTokenFromServer( } else { - DbgTrace(1, "-ObtainAuthTokenFromServer- Failed to obtain session token, error = %08X\n", retStatus); + DbgTrace(0, "-ObtainAuthTokenFromServer- Failed to obtain session token, error = %08X\n", retStatus); } } + else + { + DbgTrace(0, "-ObtainAuthTokenFromServer- Failed to create AuthPolicy object, error = %08X\n", retStatus); + } + } + else + { + DbgTrace(0, "-ObtainAuthTokenFromServer- Failed to create GetAuthPolicyResp object, error = %08X\n", retStatus); } } else @@ -406,14 +427,35 @@ ObtainAuthToken( INOUT int *pAuthTokenBufLen) // // Arguments: +// pServiceAtHostName - +// Pointer to NULL terminated string that contains the +// service@host name to which the client is trying to +// authenticate. Note that the host portion of the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. // -// Returns: +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. // -// Abstract: -// -// Notes: -// -// L0 +// L2 //=======================================================================-- { CasaStatus retStatus = CASA_STATUS_SUCCESS; @@ -461,7 +503,7 @@ ObtainAuthToken( if (pNormalizedHostName) { // Start user process synchronization - LockUserMutex(); + AcquireUserMutex(); // Try to find a cache entry for the service pCacheEntry = FindEntryInAuthCache(pServiceName, pNormalizedHostName); @@ -512,36 +554,27 @@ ObtainAuthToken( { int tokenLen = (int) strlen(pCacheEntry->pToken) + 1; - // We have an authentication token, try to return it to the caller. - if (pAuthTokenBuf) + // We have an authentication token, try to return it to the caller + // after verifying that the supplied buffer is big enough. + if (*pAuthTokenBufLen >= tokenLen) { - // Verify that the supplied buffer is big enough - if (*pAuthTokenBufLen >= tokenLen) - { - // Return the auth token to the caller - strcpy(pAuthTokenBuf, pCacheEntry->pToken); - } - else - { - DbgTrace(0, "-ObtainAuthToken- The supplied buffer is not large enough", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_BUFFER_OVERFLOW); - } - - // Notify the caller about the token length - *pAuthTokenBufLen = tokenLen; + // Return the auth token to the caller + strcpy(pAuthTokenBuf, pCacheEntry->pToken); } else { - // The caller just wants the length of buffer that is required to - // obtain the token. - *pAuthTokenBufLen = tokenLen; + DbgTrace(0, "-ObtainAuthToken- The supplied buffer is not large enough", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_BUFFER_OVERFLOW); } + + // Return the token length to the caller + *pAuthTokenBufLen = tokenLen; } // Stop user process synchronization - FreeUserMutex(); + ReleaseUserMutex(); // Free the space allocated for the normalized host name free(pNormalizedHostName); @@ -583,7 +616,7 @@ InitializeLibrary(void) // // Notes: // -// L0 +// L2 //=======================================================================-- { int retStatus = -1; @@ -622,3 +655,8 @@ InitializeLibrary(void) return retStatus; } + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/getpolicymsg.c b/auth_token/client/getpolicymsg.c index 51a0821d..9f46d4bf 100644 --- a/auth_token/client/getpolicymsg.c +++ b/auth_token/client/getpolicymsg.c @@ -40,43 +40,13 @@ #define AWAITING_DESCRIPTION_ELEMENT_START 0x5 #define AWAITING_DESCRIPTION_ELEMENT_END 0x6 #define AWAITING_DESCRIPTION_DATA 0x7 -#define AWAITING_SESSION_TOKEN_ELEMENT_START 0x8 -#define AWAITING_SESSION_TOKEN_ELEMENT_END 0x9 -#define AWAITING_SESSION_TOKEN_DATA 0xA -#define AWAITING_LIFETIME_DATA 0xB -#define AWAITING_LIFETIME_ELEMENT_START 0xC -#define AWAITING_LIFETIME_ELEMENT_END 0xD -#define AWAITING_AUTH_TOKEN_ELEMENT_START 0xE -#define AWAITING_AUTH_TOKEN_ELEMENT_END 0xF -#define AWAITING_AUTH_TOKEN_DATA 0x10 -#define AWAITING_AUTH_POLICY_ELEMENT_START 0x11 -#define AWAITING_AUTH_POLICY_ELEMENT_END 0x12 -#define AWAITING_AUTH_POLICY_DATA 0x13 -#define AWAITING_AUTH_SOURCE_ELEMENT_START 0x14 -#define AWAITING_AUTH_SOURCE_ELEMENT_END 0x15 -#define AWAITING_AUTH_SOURCE_CHILD_START 0x16 -#define AWAITING_REALM_DATA 0x17 -#define AWAITING_REALM_ELEMENT_END 0x18 -#define AWAITING_MECHANISM_DATA 0x19 -#define AWAITING_MECHANISM_ELEMENT_END 0x1A -#define AWAITING_MECHANISM_INFO_DATA 0x1B -#define AWAITING_MECHANISM_INFO_ELEMENT_END 0x1C -#define AWAITING_UNKNOWN_DATA 0x1D -#define AWAITING_UNKNOWN_ELEMENT_END 0x1E -#define DONE_PARSING 0x1F - -// -// Authentication Policy Parse Structure -// -typedef struct _AuthPolicyParse -{ - XML_Parser p; - int state; - AuthPolicy *pAuthPolicy; - CasaStatus status; - -} AuthPolicyParse, *PAuthPolicyParse; - +#define AWAITING_AUTH_TOKEN_ELEMENT_START 0x8 +#define AWAITING_AUTH_TOKEN_ELEMENT_END 0x9 +#define AWAITING_AUTH_TOKEN_DATA 0xA +#define AWAITING_AUTH_POLICY_ELEMENT_START 0xB +#define AWAITING_AUTH_POLICY_ELEMENT_END 0xC +#define AWAITING_AUTH_POLICY_DATA 0xD +#define DONE_PARSING 0xE // // Get Authentication Policy Response Parse Structure @@ -85,6 +55,7 @@ typedef struct _GetAuthPolicyRespParse { XML_Parser p; int state; + int elementDataProcessed; GetAuthPolicyResp *pGetAuthPolicyResp; CasaStatus status; @@ -95,604 +66,6 @@ typedef struct _GetAuthPolicyRespParse //===[ Global variables ]================================================== -//++======================================================================= -static -void XMLCALL -AuthPolicyStartElementHandler( - IN AuthPolicyParse *pAuthPolicyParse, - IN const XML_Char *name, - IN const XML_Char **atts) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - DbgTrace(2, "-AuthPolicyStartElementHandler- Start\n", 0); - - // Proceed based on the state - switch (pAuthPolicyParse->state) - { - case AWAITING_ROOT_ELEMENT_START: - - // In this state, we are only expecting the Authentication - // Policy Element. - if (strcmp(name, AUTH_POLICY_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_ELEMENT_START; - } - else - { - DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_AUTH_SOURCE_ELEMENT_START: - case AWAITING_ROOT_ELEMENT_END: - - // In this state, we are only expecting the Authentication - // Source Element. - if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) - { - AuthContext *pAuthContext; - - // Create an authentication context structure - pAuthContext = (AuthContext*) malloc(sizeof(AuthContext)); - if (pAuthContext) - { - // Initialize the allocated AuthContext structure and associate it - // with the AuthPolicy structure. - memset(pAuthContext, 0, sizeof(*pAuthContext)); - InsertTailList(&pAuthPolicyParse->pAuthPolicy->authContextListHead, &pAuthContext->listEntry); - } - else - { - DbgTrace(0, "-AuthPolicyStartElementHandler- Buffer allocation error\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; - } - else - { - DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected start element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_AUTH_SOURCE_CHILD_START: - - // Proceed based on the name of the element - if (strcmp(name, REALM_ELEMENT_NAME) == 0) - { - // Advance to the next state. - pAuthPolicyParse->state = AWAITING_REALM_DATA; - } - else if (strcmp(name, MECHANISM_ELEMENT_NAME) == 0) - { - // Advance to the next state. - pAuthPolicyParse->state = AWAITING_MECHANISM_DATA; - } - else if (strcmp(name, MECHANISM_INFO_ELEMENT_NAME) == 0) - { - // Advance to the next state. - pAuthPolicyParse->state = AWAITING_MECHANISM_INFO_DATA; - } - else if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) - { - // We are starting a new auth source entry, create an authentication - // context structure to hold its information. - AuthContext *pAuthContext; - - // Create an authentication context structure - pAuthContext = (AuthContext*) malloc(sizeof(AuthContext)); - if (pAuthContext) - { - // Initialize the allocated AuthContext structure and associate it - // with the AuthPolicy structure. - memset(pAuthContext, 0, sizeof(*pAuthContext)); - InsertTailList(&pAuthPolicyParse->pAuthPolicy->authContextListHead, &pAuthContext->listEntry); - } - else - { - DbgTrace(0, "-AuthPolicyStartElementHandler- Buffer allocation error\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - } - else - { - // Advance to the next state. - pAuthPolicyParse->state = AWAITING_UNKNOWN_DATA; - } - break; - - default: - DbgTrace(0, "-AuthPolicyStartElementHandler- Un-expected state = %d\n", pAuthPolicyParse->state); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - break; - } - - DbgTrace(2, "-AuthPolicyStartElementHandler- End\n", 0); -} - - -//++======================================================================= -static -void XMLCALL -AuthPolicyCharDataHandler( - IN AuthPolicyParse *pAuthPolicyParse, - IN const XML_Char *s, - IN int len) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - AuthContext *pAuthContext; - - DbgTrace(2, "-AuthPolicyCharDataHandler- Start\n", 0); - - // Just exit if being called to process LF and CR characters - if (len == 1 - && ((*s == '\n') || (*s == '\r'))) - { - goto exit; - } - - // Proceed based on the state - switch (pAuthPolicyParse->state) - { - case AWAITING_REALM_DATA: - - // Get access to the AuthContext at the tail of the list - pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, - AuthContext, - listEntry); - - // Keep a copy of the realm data (null terminated) - pAuthContext->pContext = (char*) malloc(len + 1); - if (pAuthContext->pContext) - { - memset(pAuthContext->pContext, 0, len + 1); - memcpy(pAuthContext->pContext, s, len); - - // Advanced to the next state - pAuthPolicyParse->state = AWAITING_REALM_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthPolicyCharDataHandler- Buffer allocation failure\n", 0); - pAuthPolicyParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_MECHANISM_DATA: - - // Get access to the AuthContext at the tail of the list - pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, - AuthContext, - listEntry); - - // Keep a copy of the mechanism data (null terminated) - pAuthContext->pMechanism = (char*) malloc(len + 1); - if (pAuthContext->pMechanism) - { - memset(pAuthContext->pMechanism, 0, len + 1); - memcpy(pAuthContext->pMechanism, s, len); - - // Advanced to the next state - pAuthPolicyParse->state = AWAITING_MECHANISM_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthPolicyCharDataHandler- Buffer allocation failure\n", 0); - pAuthPolicyParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_MECHANISM_INFO_DATA: - - // Get access to the AuthContext at the tail of the list - pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, - AuthContext, - listEntry); - - // Keep a copy of the mechanism info data (null terminated) - pAuthContext->pMechInfo = (char*) malloc(len + 1); - if (pAuthContext->pMechInfo) - { - memset(pAuthContext->pMechInfo, 0, len + 1); - memcpy(pAuthContext->pMechInfo, s, len); - - // Advanced to the next state - pAuthPolicyParse->state = AWAITING_MECHANISM_INFO_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthPolicyCharDataHandler- Buffer allocation failure\n", 0); - pAuthPolicyParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_UNKNOWN_DATA: - - // Just advance the state - pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END; - break; - - default: - DbgTrace(0, "-AuthPolicyCharDataHandler- Un-expected state = %d\n", pAuthPolicyParse->state); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - break; - } - -exit: - - DbgTrace(2, "-AuthPolicyCharDataHandler- End\n", 0); -} - - -//++======================================================================= -static -void XMLCALL -AuthPolicyEndElementHandler( - IN AuthPolicyParse *pAuthPolicyParse, - IN const XML_Char *name) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - AuthContext *pAuthContext; - - DbgTrace(2, "-AuthPolicyEndElementHandler- Start\n", 0); - - // Proceed based on the state - switch (pAuthPolicyParse->state) - { - case AWAITING_ROOT_ELEMENT_END: - - // In this state, we are only expecting the Authentication - // Policy Element. - if (strcmp(name, AUTH_POLICY_ELEMENT_NAME) == 0) - { - // Done. - pAuthPolicyParse->state = DONE_PARSING; - } - else - { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_AUTH_SOURCE_CHILD_START: - - // In this state, we are only expecting the Authentication - // Source Response Element. - if (strcmp(name, AUTH_SOURCE_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_ROOT_ELEMENT_END; - } - else - { - DbgTrace(0, "-AuthPolicyEndHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_REALM_ELEMENT_END: - - // In this state, we are only expecting the Realm Element. - if (strcmp(name, REALM_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; - } - else - { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_MECHANISM_ELEMENT_END: - - // In this state, we are only expecting the Mechanism Element. - if (strcmp(name, MECHANISM_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; - } - else - { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_MECHANISM_INFO_DATA: - - // Get access to the AuthContext at the tail of the list - pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, - AuthContext, - listEntry); - - // There was no mechanism info data. Set it to an empty string. - pAuthContext->pMechInfo = (char*) malloc(1); - if (pAuthContext->pMechInfo) - { - *pAuthContext->pMechInfo = '\0'; - } - else - { - DbgTrace(0, "-AuthPolicyEndElementHandler- Buffer allocation failure\n", 0); - pAuthPolicyParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - break; - } - // Fall through - - case AWAITING_MECHANISM_INFO_ELEMENT_END: - - // In this state, we are only expecting the Mechanism Info Element. - if (strcmp(name, MECHANISM_INFO_ELEMENT_NAME) == 0) - { - // Good, advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; - } - else - { - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected end element\n", 0); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - } - break; - - case AWAITING_UNKNOWN_ELEMENT_END: - - // Advance to the next state. - pAuthPolicyParse->state = AWAITING_AUTH_SOURCE_CHILD_START; - break; - - default: - DbgTrace(0, "-AuthPolicyEndElementHandler- Un-expected state = %d\n", pAuthPolicyParse->state); - XML_StopParser(pAuthPolicyParse->p, XML_FALSE); - break; - } - - DbgTrace(2, "-AuthPolicyEndElementHandler- End\n", 0); -} - - -//++======================================================================= -CasaStatus -CreateAuthPolicy( - IN char *pEncodedData, - IN int encodedDataLen, - INOUT AuthPolicy **ppAuthPolicy) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - CasaStatus retStatus; - AuthPolicy *pAuthPolicy = NULL; - AuthPolicyParse authPolicyParse = {0}; - char *pData = NULL; - int dataLen = 0; - - DbgTrace(1, "-CreateAuthPolicy- Start\n", 0); - - // Initialize output parameter - *ppAuthPolicy = NULL; - - // Decode the data - retStatus = DecodeData(pEncodedData, - encodedDataLen, - &pData, - &dataLen); - if (CASA_SUCCESS(retStatus)) - { - // Allocate space for the AuthPolicy structure - pAuthPolicy = (AuthPolicy*) malloc(sizeof(*pAuthPolicy)); - if (pAuthPolicy) - { - XML_Parser p; - - // Initialize the list head within the structure - InitializeListHead(&pAuthPolicy->authContextListHead); - - // Set the AuthPolicy object in the parse oject - authPolicyParse.pAuthPolicy = pAuthPolicy; - - // Create parser - p = XML_ParserCreate(NULL); - if (p) - { - // Keep track of the parser in our parse object - authPolicyParse.p = p; - - // Initialize the status within the parse object - authPolicyParse.status = CASA_STATUS_SUCCESS; - - // Set the start and end element handlers - XML_SetElementHandler(p, - AuthPolicyStartElementHandler, - AuthPolicyEndElementHandler); - - // Set the character data handler - XML_SetCharacterDataHandler(p, AuthPolicyCharDataHandler); - - // Set our user data - XML_SetUserData(p, &authPolicyParse); - - // Parse the document - if (XML_Parse(p, pData, dataLen, 1) == XML_STATUS_OK) - { - // Verify that the parse operation completed successfully - if (authPolicyParse.state == DONE_PARSING) - { - // The parse operation succeded - retStatus = CASA_STATUS_SUCCESS; - } - else - { - DbgTrace(0, "-CreateAuthPolicy- Parse operation did not complete\n", 0); - - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_PROTOCOL_ERROR); - } - } - else - { - DbgTrace(0, "-CreateAuthPolicy- Parse error %d\n", XML_GetErrorCode(p)); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_PROTOCOL_ERROR); - } - - // Free the parser - XML_ParserFree(p); - } - else - { - DbgTrace(0, "-CreateAuthPolicy- Parser creation error\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - - // Return the AuthPolicy object to the caller if necessary - if (CASA_SUCCESS(retStatus)) - { - *ppAuthPolicy = pAuthPolicy; - } - } - else - { - DbgTrace(0, "-CreateAuthPolicy- Buffer allocation error\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - } - else - { - DbgTrace(0, "-CreateAuthPolicy- Buffer allocation error\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - } - - // Release allocated resources if not successful - if (!CASA_SUCCESS(retStatus) - && pAuthPolicy) - RelAuthPolicy(pAuthPolicy); - - DbgTrace(1, "-CreateAuthPolicy- End, retStatus = %08X\n", retStatus); - - return retStatus; -} - - -//++======================================================================= -void -RelAuthPolicy( - IN AuthPolicy *pAuthPolicy) -// -// Arguments: -// -// Returns: -// -// Abstract: -// -// Notes: -// -// L0 -//=======================================================================-- -{ - LIST_ENTRY *pListEntry; - - DbgTrace(1, "-RelAuthPolicy- Start\n", 0); - - // Free all of the associated AuthContexts - pListEntry = pAuthPolicy->authContextListHead.Flink; - while (pListEntry != &pAuthPolicy->authContextListHead) - { - AuthContext *pAuthContext; - - // Get pointer to AuthContext structure - pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); - - // Free associated buffers - if (pAuthContext->pContext) - free(pAuthContext->pContext); - - if (pAuthContext->pMechanism) - free(pAuthContext->pMechanism); - - if (pAuthContext->pMechInfo) - free(pAuthContext->pMechInfo); - - // Remove the entry from the list - RemoveEntryList(&pAuthContext->listEntry); - - // Free the AuthContext - free(pAuthContext); - - // Advance to the next entry - pListEntry = pAuthPolicy->authContextListHead.Flink; - } - - // Free the AuthPolicy - free(pAuthPolicy); - - DbgTrace(1, "-RelAuthPolicy- End\n", 0); -} - //++======================================================================= char* @@ -708,7 +81,7 @@ BuildGetAuthPolicyMsg( // // Notes: // -// L0 +// L2 //=======================================================================-- { char *pMsg = NULL; @@ -807,7 +180,7 @@ GetAuthPolicyRespStartElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthPolicyRespStartElementHandler- Start\n", 0); @@ -886,6 +259,95 @@ GetAuthPolicyRespStartElementHandler( } +//++======================================================================= +static +CasaStatus +ConsumeElementData( + IN GetAuthPolicyRespParse *pGetAuthPolicyRespParse, + IN const XML_Char *s, + IN int len, + INOUT char **ppElementData, + INOUT int *pElementDataLen) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + + DbgTrace(3, "-ConsumeElementData- Start\n", 0); + + // Proceed based on whether or not we have already consumed data + // for this element. + if (*ppElementData == NULL) + { + // We have not yet consumed data for this element + pGetAuthPolicyRespParse->elementDataProcessed = len; + + // Allocate a buffer to hold this element data (null terminated). + *ppElementData = (char*) malloc(len + 1); + if (*ppElementData) + { + memset(*ppElementData, 0, len + 1); + memcpy(*ppElementData, s, len); + + // Return the length of the element data buffer + *pElementDataLen = pGetAuthPolicyRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + else + { + char *pNewBuf; + + // We have already received token data, append this data to it. + pNewBuf = (char*) malloc(pGetAuthPolicyRespParse->elementDataProcessed + len + 1); + if (pNewBuf) + { + memset(pNewBuf, + 0, + pGetAuthPolicyRespParse->elementDataProcessed + len + 1); + memcpy(pNewBuf, + *ppElementData, + pGetAuthPolicyRespParse->elementDataProcessed); + memcpy(pNewBuf + pGetAuthPolicyRespParse->elementDataProcessed, s, len); + pGetAuthPolicyRespParse->elementDataProcessed += len; + + // Swap the buffers + free(*ppElementData); + *ppElementData = pNewBuf; + + // Return the length of the element data buffer + *pElementDataLen = pGetAuthPolicyRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + + DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= static void XMLCALL @@ -902,7 +364,7 @@ GetAuthPolicyRespCharDataHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthPolicyRespCharDataHandler- Start\n", 0); @@ -918,8 +380,10 @@ GetAuthPolicyRespCharDataHandler( switch (pGetAuthPolicyRespParse->state) { case AWAITING_DESCRIPTION_DATA: + case AWAITING_DESCRIPTION_ELEMENT_END: // Ignore the status description data for now. + // tbd // Advanced to the next state pGetAuthPolicyRespParse->state = AWAITING_DESCRIPTION_ELEMENT_END; @@ -960,58 +424,19 @@ GetAuthPolicyRespCharDataHandler( case AWAITING_AUTH_POLICY_DATA: case AWAITING_AUTH_POLICY_ELEMENT_END: - // Check if we have already processed policy data - if (pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen == 0) + pGetAuthPolicyRespParse->status = ConsumeElementData(pGetAuthPolicyRespParse, + s, + len, + &pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, + &pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen); + if (CASA_SUCCESS(pGetAuthPolicyRespParse->status)) { - // Keep a copy of the policy (null terminated) - pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy = (char*) malloc(len + 1); - if (pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy) - { - memset(pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, 0, len + 1); - memcpy(pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, s, len); - pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen = len; - - // Advanced to the next state - pGetAuthPolicyRespParse->state = AWAITING_AUTH_POLICY_ELEMENT_END; - } - else - { - DbgTrace(0, "-GetAuthPolicyRespCharDataHandler- Buffer allocation failure\n", 0); - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); - } + // Advanced to the next state + pGetAuthPolicyRespParse->state = AWAITING_AUTH_POLICY_ELEMENT_END; } else { - char *pNewBuf; - - // We have already received token data, append this data to it. - pNewBuf = (char*) malloc(pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen + len + 1); - if (pNewBuf) - { - memset(pNewBuf, - 0, - pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen + len + 1); - memcpy(pNewBuf, - pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy, - pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen); - memcpy(pNewBuf + pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen, s, len); - pGetAuthPolicyRespParse->pGetAuthPolicyResp->policyLen += len; - - // Swap the buffers - free(pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy); - pGetAuthPolicyRespParse->pGetAuthPolicyResp->pPolicy = pNewBuf; - } - else - { - DbgTrace(0, "-GetAuthPolicyRespCharDataHandler- Buffer allocation failure\n", 0); - pGetAuthPolicyRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); - } + XML_StopParser(pGetAuthPolicyRespParse->p, XML_FALSE); } break; @@ -1042,7 +467,7 @@ GetAuthPolicyRespEndElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthPolicyRespEndElementHandler- Start\n", 0); @@ -1144,7 +569,7 @@ CreateGetAuthPolicyResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { CasaStatus retStatus = CASA_STATUS_SUCCESS; @@ -1164,7 +589,7 @@ CreateGetAuthPolicyResp( * * * When a get authentication policy request fails to be successfully processed, - * the server responds with an error and a error description string. The message + * the server responds with an error and an error description string. The message * format of an unsuccessful reply is as follows: * * @@ -1273,6 +698,7 @@ CreateGetAuthPolicyResp( CASA_FACILITY_AUTHTOKEN, CASA_STATUS_INSUFFICIENT_RESOURCES); } + DbgTrace(1, "-CreateGetAuthPolicyResp- End, retStatus = %08X\n", retStatus); return retStatus; @@ -1292,7 +718,7 @@ RelGetAuthPolicyResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(1, "-RelGetAuthPolicyResp- Start\n", 0); @@ -1307,3 +733,8 @@ RelGetAuthPolicyResp( DbgTrace(1, "-RelGetAuthPolicyResp- End\n", 0); } + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/gettokenmsg.c b/auth_token/client/gettokenmsg.c index 438feee5..18da53b6 100644 --- a/auth_token/client/gettokenmsg.c +++ b/auth_token/client/gettokenmsg.c @@ -55,7 +55,7 @@ typedef struct _GetAuthTokenRespParse { XML_Parser p; int state; - int tokenDataProcessed; + int elementDataProcessed; GetAuthTokenResp *pGetAuthTokenResp; CasaStatus status; @@ -81,7 +81,7 @@ BuildGetAuthTokenMsg( // // Notes: // -// L0 +// L2 //=======================================================================-- { char *pMsg = NULL; @@ -115,14 +115,14 @@ BuildGetAuthTokenMsg( + 2 // crlf - + 2 // + strlen(pHostName) + 2 // crlf - + 2 // + strlen(pSessionToken) @@ -196,7 +196,7 @@ GetAuthTokenRespStartElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthTokenRespStartElementHandler- Start\n", 0); @@ -290,6 +290,95 @@ GetAuthTokenRespStartElementHandler( } +//++======================================================================= +static +CasaStatus +ConsumeElementData( + IN GetAuthTokenRespParse *pGetAuthTokenRespParse, + IN const XML_Char *s, + IN int len, + INOUT char **ppElementData, + INOUT int *pElementDataLen) +// +// Arguments: +// +// Returns: +// +// Abstract: +// +// Notes: +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + + DbgTrace(3, "-ConsumeElementData- Start\n", 0); + + // Proceed based on whether or not we have already consumed data + // for this element. + if (*ppElementData == NULL) + { + // We have not yet consumed data for this element + pGetAuthTokenRespParse->elementDataProcessed = len; + + // Allocate a buffer to hold this element data (null terminated). + *ppElementData = (char*) malloc(len + 1); + if (*ppElementData) + { + memset(*ppElementData, 0, len + 1); + memcpy(*ppElementData, s, len); + + // Return the length of the element data buffer + *pElementDataLen = pGetAuthTokenRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + else + { + char *pNewBuf; + + // We have already received token data, append this data to it. + pNewBuf = (char*) malloc(pGetAuthTokenRespParse->elementDataProcessed + len + 1); + if (pNewBuf) + { + memset(pNewBuf, + 0, + pGetAuthTokenRespParse->elementDataProcessed + len + 1); + memcpy(pNewBuf, + *ppElementData, + pGetAuthTokenRespParse->elementDataProcessed); + memcpy(pNewBuf + pGetAuthTokenRespParse->elementDataProcessed, s, len); + pGetAuthTokenRespParse->elementDataProcessed += len; + + // Swap the buffers + free(*ppElementData); + *ppElementData = pNewBuf; + + // Return the length of the element data buffer + *pElementDataLen = pGetAuthTokenRespParse->elementDataProcessed + 1; + } + else + { + DbgTrace(0, "-ConsumeElementData- Buffer allocation failure\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); + } + } + + DbgTrace(3, "-ConsumeElementData- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= static void XMLCALL @@ -306,7 +395,7 @@ GetAuthTokenRespCharDataHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthTokenRespCharDataHandler- Start\n", 0); @@ -322,8 +411,10 @@ GetAuthTokenRespCharDataHandler( switch (pGetAuthTokenRespParse->state) { case AWAITING_DESCRIPTION_DATA: + case AWAITING_DESCRIPTION_ELEMENT_END: // Ignore the status description data for now. + // tbd // Advanced to the next state pGetAuthTokenRespParse->state = AWAITING_DESCRIPTION_ELEMENT_END; @@ -373,58 +464,20 @@ GetAuthTokenRespCharDataHandler( case AWAITING_AUTH_TOKEN_DATA: case AWAITING_AUTH_TOKEN_ELEMENT_END: - // Check if we have already processed token data - if (pGetAuthTokenRespParse->tokenDataProcessed == 0) + // Consume the data + pGetAuthTokenRespParse->status = ConsumeElementData(pGetAuthTokenRespParse, + s, + len, + &pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, + &pGetAuthTokenRespParse->pGetAuthTokenResp->tokenLen); + if (CASA_SUCCESS(pGetAuthTokenRespParse->status)) { - // Keep a copy of the authentication token (null terminated) - pGetAuthTokenRespParse->pGetAuthTokenResp->pToken = (char*) malloc(len + 1); - if (pGetAuthTokenRespParse->pGetAuthTokenResp->pToken) - { - memset(pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, 0, len + 1); - memcpy(pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, s, len); - pGetAuthTokenRespParse->tokenDataProcessed = len; - - // Advanced to the next state - pGetAuthTokenRespParse->state = AWAITING_AUTH_TOKEN_ELEMENT_END; - } - else - { - DbgTrace(0, "-GetAuthTokenRespCharDataHandler- Buffer allocation failure\n", 0); - pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); - } + // Advanced to the next state + pGetAuthTokenRespParse->state = AWAITING_AUTH_TOKEN_ELEMENT_END; } else { - char *pNewBuf; - - // We have already received token data, append this data to it. - pNewBuf = (char*) malloc(pGetAuthTokenRespParse->tokenDataProcessed + len + 1); - if (pNewBuf) - { - memset(pNewBuf, - 0, - pGetAuthTokenRespParse->tokenDataProcessed + len + 1); - memcpy(pNewBuf, - pGetAuthTokenRespParse->pGetAuthTokenResp->pToken, - pGetAuthTokenRespParse->tokenDataProcessed); - memcpy(pNewBuf + pGetAuthTokenRespParse->tokenDataProcessed, s, len); - pGetAuthTokenRespParse->tokenDataProcessed += len; - - // Swap the buffers - free(pGetAuthTokenRespParse->pGetAuthTokenResp->pToken); - pGetAuthTokenRespParse->pGetAuthTokenResp->pToken = pNewBuf; - } - else - { - DbgTrace(0, "-GetAuthTokenRespCharDataHandler- Buffer allocation failure\n", 0); - pGetAuthTokenRespParse->status = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); - XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); - } + XML_StopParser(pGetAuthTokenRespParse->p, XML_FALSE); } break; @@ -455,7 +508,7 @@ GetAuthTokenRespEndElementHandler( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(2, "-GetAuthTokenRespEndElementHandler- Start\n", 0); @@ -572,7 +625,7 @@ CreateGetAuthTokenResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { CasaStatus retStatus = CASA_STATUS_SUCCESS; @@ -592,7 +645,7 @@ CreateGetAuthTokenResp( * * * When a get authentication token request fails to be successfully processed, - * the server responds with an error and a error description string. The message + * the server responds with an error and an error description string. The message * format of an unsuccessful reply is as follows: * * @@ -720,7 +773,7 @@ RelGetAuthTokenResp( // // Notes: // -// L0 +// L2 //=======================================================================-- { DbgTrace(1, "-RelGetAuthTokenResp- Start\n", 0); @@ -734,3 +787,8 @@ RelGetAuthTokenResp( DbgTrace(1, "-RelGetAuthTokenResp- End\n", 0); } + +//++======================================================================= +//++======================================================================= +//++======================================================================= + diff --git a/auth_token/client/internal.h b/auth_token/client/internal.h index c01bd9f0..817e876a 100644 --- a/auth_token/client/internal.h +++ b/auth_token/client/internal.h @@ -31,8 +31,9 @@ #include #include #include -#include +#include #include "list_entry.h" +#include "config_if.h" #include "mech_if.h" #include "proto.h" @@ -45,8 +46,11 @@ typedef struct _AuthContext { LIST_ENTRY listEntry; char *pContext; + int contextLen; char *pMechanism; + int mechanismLen; char *pMechInfo; + int mechInfoLen; } AuthContext, *PAuthContext; @@ -75,6 +79,7 @@ typedef struct _GetAuthPolicyResp typedef struct _GetAuthTokenResp { char *pToken; + int tokenLen; int tokenLifetime; } GetAuthTokenResp, *PGetAuthTokenResp; @@ -85,6 +90,7 @@ typedef struct _GetAuthTokenResp typedef struct _AuthenticateResp { char *pToken; + int tokenLen; int tokenLifetime; } AuthenticateResp, *PAuthenticateResp; @@ -130,18 +136,6 @@ GetAuthMechToken( // Functions exported by getpolicymsg.c // -extern -CasaStatus -CreateAuthPolicy( - IN char *pEncodedData, - IN int encodedDataLen, - INOUT AuthPolicy **ppAuthPolicy); - -extern -void -RelAuthPolicy( - IN AuthPolicy *pAuthPolicy); - extern char* BuildGetAuthPolicyMsg( @@ -160,6 +154,22 @@ void RelGetAuthPolicyResp( IN GetAuthPolicyResp *pGetAuthPolicyResp); +// +// Functions exported by authpolicy.c +// + +extern +CasaStatus +CreateAuthPolicy( + IN char *pEncodedData, + IN int encodedDataLen, + INOUT AuthPolicy **ppAuthPolicy); + +extern +void +RelAuthPolicy( + IN AuthPolicy *pAuthPolicy); + // // Functions exported by authmsg.c // @@ -257,11 +267,11 @@ CreateUserMutex(void); extern void -LockUserMutex(void); +AcquireUserMutex(void); extern void -FreeUserMutex(void); +ReleaseUserMutex(void); extern LIB_HANDLE diff --git a/auth_token/client/mech_if.h b/auth_token/client/mech_if.h index 346cec6e..285d70a8 100644 --- a/auth_token/client/mech_if.h +++ b/auth_token/client/mech_if.h @@ -38,7 +38,7 @@ /************************************************************************** *************************************************************************** ** ** -** Definitions common to all interfaces ** +** Authentication Mechanism Token Interface Definitions ** ** ** *************************************************************************** **************************************************************************/ @@ -47,7 +47,7 @@ //++======================================================================= typedef int -(SSCS_CALL *PFN_AddReference)( +(SSCS_CALL *PFNAuthTokenIf_AddReference)( IN const void *pIfInstance); // // Arguments: @@ -65,7 +65,7 @@ int //++======================================================================= typedef void -(SSCS_CALL *PFN_ReleaseReference)( +(SSCS_CALL *PFNAuthTokenIf_ReleaseReference)( IN const void *pIfInstance); // // Arguments: @@ -81,65 +81,10 @@ void //=======================================================================-- - -/************************************************************************** -*************************************************************************** -** ** -** Configuration Object Interface Definitions ** -** ** -*************************************************************************** -**************************************************************************/ - - -//++======================================================================= -typedef -char* -(SSCS_CALL *PFN_GetEntryValue)( - IN const void *pIfInstance, - IN const char *pKeyName); -// -// Arguments: -// pIfInstance - -// Pointer to interface object. -// -// pKeyName - -// Pointer to NULL terminated string that contains the -// name of the key whose value is being requested. -// -// Returns: -// Pointer to NULL terminated string with value being requested or NULL. -// -// Description: -// Gets value associated with a key for the configuration object. -//=======================================================================-- - - -// -// Config Interface Object -// -typedef struct _ConfigIf -{ - PFN_AddReference addReference; - PFN_ReleaseReference releaseReference; - PFN_GetEntryValue getEntryValue; - -} ConfigIf, *PConfigIf; - - - -/************************************************************************** -*************************************************************************** -** ** -** Authentication Mechanism Token Interface Definitions ** -** ** -*************************************************************************** -**************************************************************************/ - - //++======================================================================= typedef CasaStatus -(SSCS_CALL *PFN_GetAuthToken)( +(SSCS_CALL *PFNAuthTokenIf_GetAuthToken)( IN const void *pIfInstance, IN const char *pContext, IN const char *pMechInfo, @@ -195,9 +140,9 @@ CasaStatus // typedef struct _AuthTokenIf { - PFN_AddReference addReference; - PFN_ReleaseReference releaseReference; - PFN_GetAuthToken getAuthToken; + PFNAuthTokenIf_AddReference addReference; + PFNAuthTokenIf_ReleaseReference releaseReference; + PFNAuthTokenIf_GetAuthToken getAuthToken; } AuthTokenIf, *PAuthTokenIf; diff --git a/auth_token/client/util.c b/auth_token/client/util.c index 4e887979..bf6a48b6 100644 --- a/auth_token/client/util.c +++ b/auth_token/client/util.c @@ -287,7 +287,7 @@ dtoul( // // Notes: // -// L0 +// L2 //=======================================================================-- { int n = 0;