geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bug 303657. Fix for session management of Vista. Admin users have 2 LUIDs. Make these the same userId

Browse Source
This commit is contained in:
Jim Norman 2007-09-18 17:10:58 +00:00
parent 0b2c146e4d
commit 041aecf2c8
2 changed files with 182 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
CASA/micasad/common/SessionManager.cs
View File

@ -87,9 +87,101 @@ namespace sscs.common
return ss;
}
catch(UserNotInSessionException)
{
// Would create either windows/unix user
// depending on the platform.
{
#if W32
// if running on vista, let's make additional checks for users with elevation privileges
// on Vista use the elevated token if there is one.
System.OperatingSystem os = System.Environment.OSVersion;
if (os.Version.Major > 5)
{
WinUserIdentifier vistaAdminUser = (WinUserIdentifier)userId;
// if this user an admin eqivalent, it has an elevated token
if (vistaAdminUser.HasElevatedToken())
{
CSSSLogger.DbgLog("VISTA: Request received from user with Elevated Token");
// CASA's Credential Manager creates a WinUser with just the normal token id
// ZEN creates a WinUser with the elevated token id
// Here we determine if we can merge any of these.
WinUserIdentifier credUser = null;
WinUserIdentifier zenUser = null;
SecretStore credUserSS = null;
SecretStore zenUserSS = null;
// look for match UserIdentifier with just the normal id
try
{
credUser = new WinUserIdentifier(vistaAdminUser.GetUIDLow(), vistaAdminUser.GetUIDHigh(), vistaAdminUser.GetSID());
credUserSS = GetUserSecretStore(credUser);
}
catch (Exception) { }
// ZEN creates a winUser with just the elevated ID
try
{
zenUser = new WinUserIdentifier(vistaAdminUser.GetElevatedUIDLow(), vistaAdminUser.GetElevatedUIDHigh(), vistaAdminUser.GetSID());
zenUserSS = GetUserSecretStore(zenUser);
}
catch (Exception) { }
// if both exist merge them into the credUser, fix up userIdentify and return resulting store
if ((credUserSS != null) && (zenUserSS != null))
{
CSSSLogger.DbgLog("VISTA: Merging zenUser store with credUser store");
byte[] baSecrets = sscs.lss.LocalStorage.GetSecretsAsXMLStream(zenUserSS, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID).ToArray();
if (baSecrets != null)
{
credUserSS.MergeXMLSecrets(baSecrets);
}
// add elevated ids to cred user object
WinUserIdentifier temp = (WinUserIdentifier)credUserSS.GetUserIdentifier();
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
// nuke the zen user session
SessionManager.RemoveUserSession(zenUser, true);
return credUserSS;
}
// only the credUser exists, add the elevated UIDs, return creduser store
else if (credUserSS != null)
{
// fix up credUser with elevated IDs
CSSSLogger.DbgLog("VISTA: Fixing credUser up with elevated IDs");
WinUserIdentifier temp = (WinUserIdentifier)credUserSS.GetUserIdentifier();
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
return credUserSS;
}
// only the zenUser exists, fix the UIDs, return zenuser store
else if (zenUserSS != null)
{
// fix up zenUser with correct IDs
// NOTE:we might need to remove old UserID from session table, and add this one
CSSSLogger.DbgLog("VISTA: Fixing zenUser up with correct IDs");
WinUserIdentifier temp = (WinUserIdentifier)zenUserSS.GetUserIdentifier();
// move uids
temp.SetUIDLow(vistaAdminUser.GetUIDLow());
temp.SetUIDHigh(vistaAdminUser.GetUIDHigh());
// set non elevated
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
return zenUserSS;
}
}
}
#endif
// Would create either windows/unix user
// depending on the platform.
User user;
if (userHome != null)
{
@ -236,14 +328,13 @@ namespace sscs.common
while(etor.MoveNext())
{
i++;
/*
CSSSLogger.DbgLog("Listing Active User Sessions");
Console.WriteLine(etor.Key);
Console.WriteLine((((SecretStore)(etor.Value)).secretStoreName + ":" + ((SecretStore)(etor.Value)).refCount);
*/
i++;
//Console.WriteLine(etor.Key);
//Console.WriteLine((((SecretStore)(etor.Value)).secretStoreName + ":" + ((SecretStore)(etor.Value)).refCount);
}
CSSSLogger.DbgLog("List Active Sessions3");
CSSSLogger.DbgLog("List Active Sessions3");
CSSSLogger.DbgLog("Current Session Count: " + sessionTable.Count);
mutex.ReleaseMutex();
CSSSLogger.DbgLog("List Active Sessions4");
}

116
CASA/micasad/common/WinUserIdentifier.cs
View File

@ -26,37 +26,37 @@ namespace sscs.common
{
internal class WinUserIdentifier : UserIdentifier
{
private int uidLow;
private int uidHigh;
private int elevatedUidLow = 0;
private int elevatedUidHigh = 0;
private int m_uidLow;
private int m_uidHigh;
private int m_elevatedUidLow = 0;
private int m_elevatedUidHigh = 0;
private string m_sSID = "";
internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID, int elevatedUidLow, int elevatedUidHigh)
{
this.uidLow = uidLowPart;
this.uidHigh = uidHighPart;
this.m_uidLow = uidLowPart;
this.m_uidHigh = uidHighPart;
this.m_sSID = sSID;
if (elevatedUidLow != null)
this.elevatedUidLow = elevatedUidLow;
if (elevatedUidLow != 0)
this.m_elevatedUidLow = elevatedUidLow;
if (elevatedUidHigh != null)
this.elevatedUidHigh = elevatedUidHigh;
if (elevatedUidHigh != 0)
this.m_elevatedUidHigh = elevatedUidHigh;
}
internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID)
{
this.uidLow = uidLowPart;
this.uidHigh = uidHighPart;
this.m_uidLow = uidLowPart;
this.m_uidHigh = uidHighPart;
this.m_sSID = sSID;
}
internal WinUserIdentifier(int uidLowPart, int uidHighPart)
{
this.uidLow = uidLowPart;
this.uidHigh = uidHighPart;
this.m_uidLow = uidLowPart;
this.m_uidHigh = uidHighPart;
}
@ -67,31 +67,39 @@ namespace sscs.common
public override bool Equals(Object obj)
{
WinUserIdentifier u = (WinUserIdentifier)obj;
if (((u.uidLow == uidLow) && (u.uidHigh == uidHigh)) ||
((u.uidLow == elevatedUidLow) && (u.uidHigh == elevatedUidHigh)) ||
((u.elevatedUidLow == uidLow) && (u.elevatedUidHigh == uidHigh)))
{
// we have a match, set the SID if we can
if ((this.m_sSID.Length < 1) && (u.GetSID().Length>0))
{
CSSSLogger.DbgLog("******** WinUserIdentifier: Updating the SID *********");
this.m_sSID = u.GetSID();
}
return true;
}
else
return false;
WinUserIdentifier temp = (WinUserIdentifier)obj;
if ((temp.m_uidLow == m_uidLow) &&
(temp.m_uidHigh == m_uidHigh) &&
(temp.m_elevatedUidLow == m_elevatedUidLow) &&
(temp.m_elevatedUidHigh == m_elevatedUidHigh))
{
// we have a match, set the SID if we can
if ((this.m_sSID.Length < 1) && (temp.GetSID().Length > 0))
{
CSSSLogger.DbgLog("******** WinUserIdentifier: Updating the SID *********");
this.m_sSID = temp.GetSID();
}
return true;
}
else
{
return false;
}
}
public override int GetHashCode()
{
return uidLow.GetHashCode();
return m_uidLow.GetHashCode();
}
public void PrintIdentifier()
{
CSSSLogger.DbgLog(" High: " + this.uidHigh);
CSSSLogger.DbgLog(" LOW: " + this.uidLow);
CSSSLogger.DbgLog(" High: " + this.m_uidHigh);
CSSSLogger.DbgLog(" LOW: " + this.m_uidLow);
CSSSLogger.DbgLog(" eHigh: " + this.m_elevatedUidHigh);
CSSSLogger.DbgLog(" eLOW: " + this.m_elevatedUidLow);
CSSSLogger.DbgLog(" SID: " + this.m_sSID);
}
@ -102,13 +110,51 @@ namespace sscs.common
internal int GetUIDLow()
{
return this.uidLow;
return this.m_uidLow;
}
internal int GetUIDHigh()
{
return this.uidHigh;
return this.m_uidHigh;
}
internal int GetElevatedUIDLow()
{
return this.m_elevatedUidLow;
}
internal int GetElevatedUIDHigh()
{
return this.m_elevatedUidHigh;
}
// setters
internal void SetUIDLow(int uidLow)
{
this.m_uidLow = uidLow;
}
internal void SetUIDHigh(int uidHigh)
{
this.m_uidHigh = uidHigh;
}
internal void SetElevatedUIDLow(int elevatedUidLow)
{
this.m_elevatedUidLow = elevatedUidLow;
}
internal void SetElevatedUIDHigh(int elevatedUidHigh)
{
this.m_elevatedUidHigh = elevatedUidHigh;
}
internal bool HasElevatedToken()
{
if (m_elevatedUidHigh + m_elevatedUidLow > 0)
return true;
else
return false;
}
}
}