From 01b99ffc0d77812d27210ddc6ecfba4f928a17c1 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Fri, 3 Nov 2006 13:35:36 +0000 Subject: [PATCH] Making changes to remove the need for the auth.policy to contain the mechanism information element. This change breaks the build since it is not complete. --- CASA-auth-token/non-java/client/authpolicy.c | 5 ++- .../client/mechanisms/krb5/linux/get.c | 35 ++++++++++++++++++- .../client/mechanisms/krb5/windows/get.c | 31 ++++++++++++++-- .../non-java/client/mechanisms/pwd/get.c | 6 +++- 4 files changed, 72 insertions(+), 5 deletions(-) diff --git a/CASA-auth-token/non-java/client/authpolicy.c b/CASA-auth-token/non-java/client/authpolicy.c index a9b1fd26..9abeab7e 100644 --- a/CASA-auth-token/non-java/client/authpolicy.c +++ b/CASA-auth-token/non-java/client/authpolicy.c @@ -344,6 +344,7 @@ AuthPolicyCharDataHandler( break; case AWAITING_MECHANISM_DATA: + case AWAITING_MECHANISM_ELEMENT_END: // Get access to the AuthContext at the tail of the list pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, @@ -368,6 +369,7 @@ AuthPolicyCharDataHandler( break; case AWAITING_MECHANISM_INFO_DATA: + case AWAITING_MECHANISM_INFO_ELEMENT_END: // Get access to the AuthContext at the tail of the list pAuthContext = CONTAINING_RECORD(pAuthPolicyParse->pAuthPolicy->authContextListHead.Blink, @@ -392,6 +394,7 @@ AuthPolicyCharDataHandler( break; case AWAITING_UNKNOWN_DATA: + case AWAITING_UNKNOWN_ELEMENT_END: // Just advance the state pAuthPolicyParse->state = AWAITING_UNKNOWN_ELEMENT_END; @@ -593,7 +596,7 @@ CreateAuthPolicy( * The authentication policy document can contain multiple auth_source * elements. These auth_source elements can be for different authentication * sources or for the same authentication source but specifying a different - * authentication mechanism. + * authentication mechanism. The mechanism_info element is optional. * * The following is a sample authentication policy document: * diff --git a/CASA-auth-token/non-java/client/mechanisms/krb5/linux/get.c b/CASA-auth-token/non-java/client/mechanisms/krb5/linux/get.c index 1e0b47de..a7a6f8c3 100644 --- a/CASA-auth-token/non-java/client/mechanisms/krb5/linux/get.c +++ b/CASA-auth-token/non-java/client/mechanisms/krb5/linux/get.c @@ -120,6 +120,8 @@ AuthTokenIf_GetAuthToken( IN const void *pIfInstance, IN const char *pContext, IN const char *pMechInfo, + IN const char *pHostName, + IN void *pCredStoreScope, INOUT char *pTokenBuf, INOUT int *pTokenBufLen) // @@ -144,6 +146,15 @@ AuthTokenIf_GetAuthToken( // may be the service principal name to which the user will be // authenticating. // +// pHostName - +// Pointer to null terminated string containing the name of the +// host where the ATS resides. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged when running in +// the context of System under Windows. +// // pTokenBuf - // Pointer to buffer that will receive the authentication // token. The length of this buffer is specified by the @@ -180,7 +191,7 @@ AuthTokenIf_GetAuthToken( // Validate input parameters if (pIfInstance == NULL || pContext == NULL - || pMechInfo == NULL + || pHostName == NULL || pTokenBufLen == NULL || (pTokenBuf == NULL && *pTokenBufLen != 0)) { @@ -192,6 +203,23 @@ AuthTokenIf_GetAuthToken( goto exit; } + // Check if we need to construct the service name + if (pKrbServiceName == NULL + || strlen(pKrbServiceName) == 0) + { + // The service name will default to host/hostname + pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/) + if (pKrbServiceName) + { + sprintf("host/%s", pHostName); + } + else + { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0); + goto exit; + } + } + // Import the service principal name into something that // GSS-API can understand based on its form. gssBuffer.value = (void*) pKrbServiceName; @@ -313,6 +341,11 @@ AuthTokenIf_GetAuthToken( exit: + // Free buffer holding the Krb Service Name if necessary + if (pKrbServiceName + && pKrbServiceName != pMechInfo) + free(pKrbServiceName); + DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus); return retStatus; diff --git a/CASA-auth-token/non-java/client/mechanisms/krb5/windows/get.c b/CASA-auth-token/non-java/client/mechanisms/krb5/windows/get.c index 1eecfed1..f40c437e 100644 --- a/CASA-auth-token/non-java/client/mechanisms/krb5/windows/get.c +++ b/CASA-auth-token/non-java/client/mechanisms/krb5/windows/get.c @@ -40,7 +40,8 @@ AuthTokenIf_GetAuthToken( IN const void *pIfInstance, IN const char *pContext, IN const char *pMechInfo, - IN void *pCredStoreScope, + IN const char *pHostName, + IN void *pCredStoreScope, INOUT char *pTokenBuf, INOUT int *pTokenBufLen) // @@ -61,6 +62,10 @@ AuthTokenIf_GetAuthToken( // may be the service principal name to which the user will be // authenticating. // +// pHostName - +// Pointer to null terminated string containing the name of the +// host where the ATS resides. +// // pCredStoreScope - // Pointer to CASA structure for scoping credential store access // to specific users. This can only be leveraged when running in @@ -102,7 +107,7 @@ AuthTokenIf_GetAuthToken( // Validate input parameters if (pIfInstance == NULL || pContext == NULL - || pMechInfo == NULL + || pHostName || pTokenBufLen == NULL || (pTokenBuf == NULL && *pTokenBufLen != 0)) { @@ -114,6 +119,23 @@ AuthTokenIf_GetAuthToken( goto exit; } + // Check if we need to construct the service name + if (pKrbServiceName == NULL + || strlen(pKrbServiceName) == 0) + { + // The service name will default to host/hostname + pKrbServiceName = malloc(5 /*"host/"*/ + strlen(pHostName) + 1 /*'/0'*/) + if (pKrbServiceName) + { + sprintf("host/%s", pHostName); + } + else + { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Memory allocation failure\n", 0); + goto exit; + } + } + // Acquire a credential handle for the current user secStatus = AcquireCredentialsHandle(NULL, // no principal name "Kerberos", // package name @@ -234,6 +256,11 @@ AuthTokenIf_GetAuthToken( exit: + // Free buffer holding the Krb Service Name if necessary + if (pKrbServiceName + && pKrbServiceName != pMechInfo) + free(pKrbServiceName); + DbgTrace(1, "-AuthTokenIf_GetAuthToken- End, retStatus = %08X\n", retStatus); return retStatus; diff --git a/CASA-auth-token/non-java/client/mechanisms/pwd/get.c b/CASA-auth-token/non-java/client/mechanisms/pwd/get.c index 72efbaef..126480ee 100644 --- a/CASA-auth-token/non-java/client/mechanisms/pwd/get.c +++ b/CASA-auth-token/non-java/client/mechanisms/pwd/get.c @@ -211,6 +211,10 @@ AuthTokenIf_GetAuthToken( // may be the service principal name to which the user will be // authenticating. // +// pHostName - +// Pointer to null terminated string containing the name of the +// host where the ATS resides. +// // pCredStoreScope - // Pointer to CASA structure for scoping credential store access // to specific users. This can only be leveraged when running in @@ -250,7 +254,7 @@ AuthTokenIf_GetAuthToken( // Validate input parameters if (pIfInstance == NULL || pContext == NULL - || pMechInfo == NULL + || pHostName == NULL || pTokenBufLen == NULL || (pTokenBuf == NULL && *pTokenBufLen != 0)) {