geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Bug 303657. Fix for session management of Vista. Admin users have 2 LUIDs. Make these the same userId

Browse Source
This commit is contained in:
Jim Norman 2007-09-18 17:10:58 +00:00
parent 0b2c146e4d
commit 041aecf2c8
2 changed files with 182 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
CASA/micasad/common/SessionManager.cs
View File

@ -87,9 +87,101 @@ namespace sscs.common
return ss; return ss;
} }
catch(UserNotInSessionException) catch(UserNotInSessionException)
{ {
// Would create either windows/unix user #if W32
// depending on the platform. // if running on vista, let's make additional checks for users with elevation privileges
// on Vista use the elevated token if there is one.
System.OperatingSystem os = System.Environment.OSVersion;
if (os.Version.Major > 5)
{
WinUserIdentifier vistaAdminUser = (WinUserIdentifier)userId;
// if this user an admin eqivalent, it has an elevated token
if (vistaAdminUser.HasElevatedToken())
{
CSSSLogger.DbgLog("VISTA: Request received from user with Elevated Token");
// CASA's Credential Manager creates a WinUser with just the normal token id
// ZEN creates a WinUser with the elevated token id
// Here we determine if we can merge any of these.
WinUserIdentifier credUser = null;
WinUserIdentifier zenUser = null;
SecretStore credUserSS = null;
SecretStore zenUserSS = null;
// look for match UserIdentifier with just the normal id
try
{
credUser = new WinUserIdentifier(vistaAdminUser.GetUIDLow(), vistaAdminUser.GetUIDHigh(), vistaAdminUser.GetSID());
credUserSS = GetUserSecretStore(credUser);
}
catch (Exception) { }
// ZEN creates a winUser with just the elevated ID
try
{
zenUser = new WinUserIdentifier(vistaAdminUser.GetElevatedUIDLow(), vistaAdminUser.GetElevatedUIDHigh(), vistaAdminUser.GetSID());
zenUserSS = GetUserSecretStore(zenUser);
}
catch (Exception) { }
// if both exist merge them into the credUser, fix up userIdentify and return resulting store
if ((credUserSS != null) && (zenUserSS != null))
{
CSSSLogger.DbgLog("VISTA: Merging zenUser store with credUser store");
byte[] baSecrets = sscs.lss.LocalStorage.GetSecretsAsXMLStream(zenUserSS, ConstStrings.SSCS_SESSION_KEY_CHAIN_ID).ToArray();
if (baSecrets != null)
{
credUserSS.MergeXMLSecrets(baSecrets);
}
// add elevated ids to cred user object
WinUserIdentifier temp = (WinUserIdentifier)credUserSS.GetUserIdentifier();
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
// nuke the zen user session
SessionManager.RemoveUserSession(zenUser, true);
return credUserSS;
}
// only the credUser exists, add the elevated UIDs, return creduser store
else if (credUserSS != null)
{
// fix up credUser with elevated IDs
CSSSLogger.DbgLog("VISTA: Fixing credUser up with elevated IDs");
WinUserIdentifier temp = (WinUserIdentifier)credUserSS.GetUserIdentifier();
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
return credUserSS;
}
// only the zenUser exists, fix the UIDs, return zenuser store
else if (zenUserSS != null)
{
// fix up zenUser with correct IDs
// NOTE:we might need to remove old UserID from session table, and add this one
CSSSLogger.DbgLog("VISTA: Fixing zenUser up with correct IDs");
WinUserIdentifier temp = (WinUserIdentifier)zenUserSS.GetUserIdentifier();
// move uids
temp.SetUIDLow(vistaAdminUser.GetUIDLow());
temp.SetUIDHigh(vistaAdminUser.GetUIDHigh());
// set non elevated
temp.SetElevatedUIDLow(vistaAdminUser.GetElevatedUIDLow());
temp.SetElevatedUIDHigh(vistaAdminUser.GetElevatedUIDHigh());
return zenUserSS;
}
}
}
#endif
// Would create either windows/unix user
// depending on the platform.
User user; User user;
if (userHome != null) if (userHome != null)
{ {
@ -236,14 +328,13 @@ namespace sscs.common
while(etor.MoveNext()) while(etor.MoveNext())
{ {
i++; i++;
/* //Console.WriteLine(etor.Key);
CSSSLogger.DbgLog("Listing Active User Sessions"); //Console.WriteLine((((SecretStore)(etor.Value)).secretStoreName + ":" + ((SecretStore)(etor.Value)).refCount);
Console.WriteLine(etor.Key);
Console.WriteLine((((SecretStore)(etor.Value)).secretStoreName + ":" + ((SecretStore)(etor.Value)).refCount);
*/
} }
CSSSLogger.DbgLog("List Active Sessions3"); CSSSLogger.DbgLog("List Active Sessions3");
CSSSLogger.DbgLog("Current Session Count: " + sessionTable.Count);
mutex.ReleaseMutex(); mutex.ReleaseMutex();
CSSSLogger.DbgLog("List Active Sessions4"); CSSSLogger.DbgLog("List Active Sessions4");
} }

116
CASA/micasad/common/WinUserIdentifier.cs
View File

@ -26,37 +26,37 @@ namespace sscs.common
{ {
internal class WinUserIdentifier : UserIdentifier internal class WinUserIdentifier : UserIdentifier
{ {
private int uidLow; private int m_uidLow;
private int uidHigh; private int m_uidHigh;
private int elevatedUidLow = 0; private int m_elevatedUidLow = 0;
private int elevatedUidHigh = 0; private int m_elevatedUidHigh = 0;
private string m_sSID = ""; private string m_sSID = "";
internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID, int elevatedUidLow, int elevatedUidHigh) internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID, int elevatedUidLow, int elevatedUidHigh)
{ {
this.uidLow = uidLowPart; this.m_uidLow = uidLowPart;
this.uidHigh = uidHighPart; this.m_uidHigh = uidHighPart;
this.m_sSID = sSID; this.m_sSID = sSID;
if (elevatedUidLow != null) if (elevatedUidLow != 0)
this.elevatedUidLow = elevatedUidLow; this.m_elevatedUidLow = elevatedUidLow;
if (elevatedUidHigh != null) if (elevatedUidHigh != 0)
this.elevatedUidHigh = elevatedUidHigh; this.m_elevatedUidHigh = elevatedUidHigh;
} }
internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID) internal WinUserIdentifier(int uidLowPart, int uidHighPart, string sSID)
{ {
this.uidLow = uidLowPart; this.m_uidLow = uidLowPart;
this.uidHigh = uidHighPart; this.m_uidHigh = uidHighPart;
this.m_sSID = sSID; this.m_sSID = sSID;
} }
internal WinUserIdentifier(int uidLowPart, int uidHighPart) internal WinUserIdentifier(int uidLowPart, int uidHighPart)
{ {
this.uidLow = uidLowPart; this.m_uidLow = uidLowPart;
this.uidHigh = uidHighPart; this.m_uidHigh = uidHighPart;
} }
@ -67,31 +67,39 @@ namespace sscs.common
public override bool Equals(Object obj) public override bool Equals(Object obj)
{ {
WinUserIdentifier u = (WinUserIdentifier)obj; WinUserIdentifier temp = (WinUserIdentifier)obj;
if (((u.uidLow == uidLow) && (u.uidHigh == uidHigh)) ||
((u.uidLow == elevatedUidLow) && (u.uidHigh == elevatedUidHigh)) || if ((temp.m_uidLow == m_uidLow) &&
((u.elevatedUidLow == uidLow) && (u.elevatedUidHigh == uidHigh))) (temp.m_uidHigh == m_uidHigh) &&
{ (temp.m_elevatedUidLow == m_elevatedUidLow) &&
// we have a match, set the SID if we can (temp.m_elevatedUidHigh == m_elevatedUidHigh))
if ((this.m_sSID.Length < 1) && (u.GetSID().Length>0)) {
{ // we have a match, set the SID if we can
CSSSLogger.DbgLog("******** WinUserIdentifier: Updating the SID *********"); if ((this.m_sSID.Length < 1) && (temp.GetSID().Length > 0))
this.m_sSID = u.GetSID(); {
} CSSSLogger.DbgLog("******** WinUserIdentifier: Updating the SID *********");
this.m_sSID = temp.GetSID();
return true; }
}
else return true;
return false; }
else
{
return false;
}
} }
public override int GetHashCode() public override int GetHashCode()
{ {
return uidLow.GetHashCode(); return m_uidLow.GetHashCode();
} }
public void PrintIdentifier() public void PrintIdentifier()
{ {
CSSSLogger.DbgLog(" High: " + this.uidHigh); CSSSLogger.DbgLog(" High: " + this.m_uidHigh);
CSSSLogger.DbgLog(" LOW: " + this.uidLow); CSSSLogger.DbgLog(" LOW: " + this.m_uidLow);
CSSSLogger.DbgLog(" eHigh: " + this.m_elevatedUidHigh);
CSSSLogger.DbgLog(" eLOW: " + this.m_elevatedUidLow);
CSSSLogger.DbgLog(" SID: " + this.m_sSID); CSSSLogger.DbgLog(" SID: " + this.m_sSID);
} }
@ -102,13 +110,51 @@ namespace sscs.common
internal int GetUIDLow() internal int GetUIDLow()
{ {
return this.uidLow; return this.m_uidLow;
} }
internal int GetUIDHigh() internal int GetUIDHigh()
{ {
return this.uidHigh; return this.m_uidHigh;
} }
internal int GetElevatedUIDLow()
{
return this.m_elevatedUidLow;
}
internal int GetElevatedUIDHigh()
{
return this.m_elevatedUidHigh;
}
// setters
internal void SetUIDLow(int uidLow)
{
this.m_uidLow = uidLow;
}
internal void SetUIDHigh(int uidHigh)
{
this.m_uidHigh = uidHigh;
}
internal void SetElevatedUIDLow(int elevatedUidLow)
{
this.m_elevatedUidLow = elevatedUidLow;
}
internal void SetElevatedUIDHigh(int elevatedUidHigh)
{
this.m_elevatedUidHigh = elevatedUidHigh;
}
internal bool HasElevatedToken()
{
if (m_elevatedUidHigh + m_elevatedUidLow > 0)
return true;
else
return false;
}
} }
} }