Making changes to remove the need for the auth.policy to contain

the mechanism information element. This change breaks the build since it
is not complete.
This commit is contained in:
Juan Carlos Luciani 2006-11-03 13:35:36 +00:00
parent 47a2358a9e
commit 01b99ffc0d
4 changed files with 72 additions and 5 deletions

View File

@ -344,6 +344,7 @@ AuthPolicyCharDataHandler(
break;
case AWAITING_MECHANISM_DATA:
case AWAITING_MECHANISM_ELEMENT_END:
// Get access to the AuthContext at the tail of the list
pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink,
@ -368,6 +369,7 @@ AuthPolicyCharDataHandler(
break;
case AWAITING_MECHANISM_INFO_DATA:
case AWAITING_MECHANISM_INFO_ELEMENT_END:
// Get access to the AuthContext at the tail of the list
pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink,
@ -392,6 +394,7 @@ AuthPolicyCharDataHandler(
break;
case AWAITING_UNKNOWN_DATA:
case AWAITING_UNKNOWN_ELEMENT_END:
// Just advance the state
pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END;
@ -593,7 +596,7 @@ CreateAuthPolicy(
* The authentication policy document can contain multiple auth_source
* elements. These auth_source elements can be for different authentication
* sources or for the same authentication source but specifying a different
* authentication mechanism.
* authentication mechanism. The mechanism_info element is optional.
*
* The following is a sample authentication policy document:
*

View File

@ -120,6 +120,8 @@ AuthTokenIf_GetAuthToken(
IN const void *pIfInstance,
IN const char *pContext,
IN const char *pMechInfo,
IN const char *pHostName,
IN void *pCredStoreScope,
INOUT char *pTokenBuf,
INOUT int *pTokenBufLen)
//
@ -144,6 +146,15 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be
// authenticating.
//
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in
// the context of System under Windows.
//
// pTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
@ -180,7 +191,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters
if (pIfInstance == NULL
|| pContext == NULL
|| pMechInfo == NULL
|| pHostName == NULL
|| pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0))
{
@ -192,6 +203,23 @@ AuthTokenIf_GetAuthToken(
goto exit;
}
// Check if we need to construct the service name
if (pKrbServiceName == NULL
|| strlen(pKrbServiceName) == 0)
{
// The service name will default to host/hostname
pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/)
if (pKrbServiceName)
{
sprintf("host/%s", pHostName);
}
else
{
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
goto exit;
}
}
// Import the service principal name into something that
// GSS-API can understand based on its form.
gssBuffer.value = (void*) pKrbServiceName;
@ -313,6 +341,11 @@ AuthTokenIf_GetAuthToken(
exit:
// Free buffer holding the Krb Service Name if necessary
if (pKrbServiceName
&& pKrbServiceName != pMechInfo)
free(pKrbServiceName);
DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus);
return retStatus;

View File

@ -40,7 +40,8 @@ AuthTokenIf_GetAuthToken(
IN const void *pIfInstance,
IN const char *pContext,
IN const char *pMechInfo,
IN void *pCredStoreScope,
IN const char *pHostName,
IN void *pCredStoreScope,
INOUT char *pTokenBuf,
INOUT int *pTokenBufLen)
//
@ -61,6 +62,10 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be
// authenticating.
//
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in
@ -102,7 +107,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters
if (pIfInstance == NULL
|| pContext == NULL
|| pMechInfo == NULL
|| pHostName
|| pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0))
{
@ -114,6 +119,23 @@ AuthTokenIf_GetAuthToken(
goto exit;
}
// Check if we need to construct the service name
if (pKrbServiceName == NULL
|| strlen(pKrbServiceName) == 0)
{
// The service name will default to host/hostname
pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/)
if (pKrbServiceName)
{
sprintf("host/%s", pHostName);
}
else
{
DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0);
goto exit;
}
}
// Acquire a credential handle for the current user
secStatus = AcquireCredentialsHandle(NULL, // no principal name
"Kerberos", // package name
@ -234,6 +256,11 @@ AuthTokenIf_GetAuthToken(
exit:
// Free buffer holding the Krb Service Name if necessary
if (pKrbServiceName
&& pKrbServiceName != pMechInfo)
free(pKrbServiceName);
DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus);
return retStatus;

View File

@ -211,6 +211,10 @@ AuthTokenIf_GetAuthToken(
// may be the service principal name to which the user will be
// authenticating.
//
// pHostName -
// Pointer to null terminated string containing the name of the
// host where the ATS resides.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged when running in
@ -250,7 +254,7 @@ AuthTokenIf_GetAuthToken(
// Validate input parameters
if (pIfInstance == NULL
|| pContext == NULL
|| pMechInfo == NULL
|| pHostName == NULL
|| pTokenBufLen == NULL
|| (pTokenBuf == NULL && *pTokenBufLen != 0))
{