geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add support for Dynamic Local User(DLU) on windows

Browse Source
This commit is contained in:
Jim Norman
2006-10-10 17:56:57 +00:00
parent 18e290e209
commit 0e03e5e475
23 changed files with 896 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
CASA/CASA.changes
View File

@@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Oct 10 11:56:10 MDT 2006 - jnorman@novell.com
- Add support for Dynamic Local User(DLU) on windows
-------------------------------------------------------------------
Fri Oct 6 16:12:10 MDT 2006 - schoi@novell.com

8
CASA/include/micasa.h
View File

@@ -536,6 +536,14 @@ miCASASetMasterPasscode
SSCS_EXT_T *ext
);
SSCS_EXTERN_LIBCALL(int32_t)
miCASAMergeCache
(
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrcCache
);
//**************************************************************

8
CASA/include/sscs_cache.h
View File

@@ -28,6 +28,7 @@ extern "C"
{
#endif
//#include <wchar.h>
#include <sscs_sdk.h>
#include <sscs_utf8.h>
@@ -554,6 +555,13 @@ int sscs_IsSecretPersistent
void *reserved
);
int sscs_MergeCache
(
void *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrc
);
#if defined(__cplusplus) || defined(c_plusplus)

24
CASA/include/sscs_ipc.h
View File

@@ -125,7 +125,8 @@ int ipc_ReadSecret
SSCS_SECRET_ID_T *secretID,
SSCS_SECRET_T *secretData,
SSCS_PASSWORD_T *epPassword,
unsigned int *bytesRequired
unsigned int *bytesRequired,
SSCS_EXT_T *ext
);
int ipc_WriteSecret
@@ -144,7 +145,8 @@ int ipc_RemoveSecret
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SSCS_PASSWORD_T *epPassword
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
);
int ipc_GetSecretStoreInfo
@@ -187,7 +189,8 @@ int ipc_ReadKey
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
uint32_t *bytesRequired,
SSCS_EXT_T *ext
);
int ipc_WriteKey
@@ -211,7 +214,8 @@ int ipc_RemoveKey
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
SSCS_PASSWORD_T *epPassword
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
);
int ipc_ReadBinaryKey
@@ -224,7 +228,8 @@ int ipc_ReadBinaryKey
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
uint32_t *bytesRequired,
SSCS_EXT_T *ext
);
int ipc_WriteBinaryKey
@@ -257,6 +262,15 @@ int ipc_IsSecretPersistent
SSCS_EXT_T *ext
);
int ipc_MergeCache
(
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
int32_t bDestorySrc
);
#endif
#endif

3
CASA/include/sscs_unx_cache_defines.h
View File

@@ -147,6 +147,9 @@
#define REQ_REMOVE_KEY_MSGID 0x0017
#define RESP_REMOVE_KEY_MSGID 0x1017
#define REQ_MERGE_CACHE_MSGID 0x0018
#define RESP_MERGE_CACHE_MSGID 0x1018
#define EXT_TYPE_WINDOWS_LUID 0x00000001;
#define WINDOWS_LUID_LEN 0x00000008;

1
CASA/micasacache/link.w32
View File

@@ -34,6 +34,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

1
CASA/micasacache/link_mdd.w32
View File

@@ -36,6 +36,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:sscs_CacheGetKeychainInfo">> $(LINKDEF);\
echo "/EXPORT:sscs_LockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_UnlockCache">> $(LINKDEF);\
echo "/EXPORT:sscs_MergeCache">> $(LINKDEF);\
echo "/EXPORT:sscs_CacheRemoveSecret">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPasscode">> $(LINKDEF);\
echo "/EXPORT:sscs_SetMasterPassword">> $(LINKDEF);\

1
CASA/micasacache/micasacache.def
View File

@@ -10,6 +10,7 @@ EXPORTS
sscs_CacheGetSecretStoreInfo
sscs_CacheGetKeychainInfo
sscs_LockCache
sscs_MergeCache
sscs_UnlockCache
sscs_CacheRemoveSecret
sscs_SetMasterPasscode

33
CASA/micasacache/sscs_unx_cache.c
View File

@@ -317,7 +317,7 @@ int32_t sscs_CacheReadSecret
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired);
retVal = ipc_ReadSecret(ssHandleCopy,keychainID,secretID,secretData,epPassword,bytesRequired, reserved);
return retVal;
}
@@ -397,18 +397,18 @@ int sscs_CacheWriteSecret
*/
int32_t sscs_CacheRemoveSecret
(
void *ssHandle,
uint32_t ssFlags,
void *ssHandle,
uint32_t ssFlags,
SSCS_KEYCHAIN_ID_T *keyChainID,
SSCS_SECRET_ID_T *secredID,
SSCS_PASSWORD_T *epPassword,
void *reserved
void *reserved
)
{
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword);
retVal = ipc_RemoveSecret(ssHandleCopy,keyChainID,secredID,epPassword,reserved);
return retVal;
}
@@ -668,7 +668,7 @@ int32_t sscs_CacheRemoveKey
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword);
retVal = ipc_RemoveKey(ssHandleCopy,keyChainID,secredID,key,keyLen,epPassword,reserved);
return retVal;
}
@@ -721,7 +721,7 @@ int32_t sscs_CacheReadKey
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
retVal = ipc_ReadKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
return retVal;
}
@@ -744,7 +744,7 @@ int32_t sscs_CacheReadBinaryKey
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired);
retVal = ipc_ReadBinaryKey(ssHandleCopy,keychainID,secretID,key,keyLen,val,valLen,epPassword,bytesRequired, reserved);
return retVal;
}
@@ -766,6 +766,23 @@ int sscs_IsSecretPersistent
return retVal;
}
int sscs_MergeCache
(
void *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrc
)
{
int32_t retVal = 0;
SSCS_SECRETSTORE_HANDLE_T *ssHandleCopy = (SSCS_SECRETSTORE_HANDLE_T *)ssHandle;
retVal = ipc_MergeCache(ssHandleCopy,srcExt,targetExt,bDestroySrc);
return retVal;
}
//#endif
#if defined(__cplusplus) || defined(c_plusplus)

427
CASA/micasacache/sscs_unx_ipc_client.c
View File

@@ -979,7 +979,8 @@ int32_t ipc_ReadSecret
SSCS_SECRET_ID_T *secretID,
SSCS_SECRET_T *secretData,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
uint32_t *bytesRequired,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
@@ -992,6 +993,9 @@ int32_t ipc_ReadSecret
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -1029,7 +1033,24 @@ int32_t ipc_ReadSecret
secretIDLen + // SecretID
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_READ_SECRET_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@@ -1049,6 +1070,36 @@ int32_t ipc_ReadSecret
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@@ -1335,7 +1386,8 @@ int32_t ipc_RemoveSecret
SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_KEYCHAIN_ID_T *keychainID,
SSCS_SECRET_ID_T *secretID,
SSCS_PASSWORD_T *epPassword
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
@@ -1351,6 +1403,9 @@ int32_t ipc_RemoveSecret
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
@@ -1384,6 +1439,23 @@ int32_t ipc_RemoveSecret
msgLen += epPassword->pwordLen;
}
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf;
msgid = REQ_CACHE_REMOVE_SECRET_MSGID;
@@ -1411,8 +1483,39 @@ int32_t ipc_RemoveSecret
{
int pwordlen = 0;
memcpy(pReq, &pwordlen, MSG_STRING_LEN);
pReq += MSG_STRING_LEN;
}
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@@ -1853,7 +1956,8 @@ int32_t ipc_RemoveKey
SSCS_SECRET_ID_T *secretID,
SS_UTF8_T *key,
uint32_t keyLen,
SSCS_PASSWORD_T *epPassword
SSCS_PASSWORD_T *epPassword,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
@@ -1868,6 +1972,9 @@ int32_t ipc_RemoveKey
SSCS_PASSWORD_T myPassword = {0,0,""};
uint32_t extID = 0;
uint32_t luidLen = 0;
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL;
@@ -1911,6 +2018,31 @@ int32_t ipc_RemoveKey
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
// The login capture on Windows determines the LUID of the user
// and sends it as an Extension, marshall it across the pipe
// see the WriteSecret verb for handling it.
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
// as setup in the capture module
//ext.extID = WINDOWS_LOGON_ID;
//ext.version = 0x00010000; // 1.0.0
//ext.ext = (void *)lpLogonId;
// _LUID { DWORD LowPart; LONG HighPart; // 8 byte
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf;
msgid = REQ_REMOVE_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@@ -1936,6 +2068,35 @@ int32_t ipc_RemoveKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@@ -1976,7 +2137,8 @@ int32_t ipc_ReadKey
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
uint32_t *bytesRequired,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
@@ -1989,6 +2151,10 @@ int32_t ipc_ReadKey
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -2019,6 +2185,7 @@ int32_t ipc_ReadKey
// epPassword is optional. So, the code should not break.
if( NULL == epPassword )
epPassword = &myPassword;
msgLen = MSGID_LEN + MSG_LEN +
MSG_STRING_LEN + // KeychainID length
keychainIDLen + // Keychain ID
@@ -2028,6 +2195,24 @@ int32_t ipc_ReadKey
keyLen + //key
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf;
msgid = REQ_READ_KEY_MSGID;
@@ -2054,6 +2239,36 @@ int32_t ipc_ReadKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@@ -2144,7 +2359,8 @@ int32_t ipc_ReadBinaryKey
uint8_t *val,
uint32_t *valLen,
SSCS_PASSWORD_T *epPassword,
uint32_t *bytesRequired
uint32_t *bytesRequired,
SSCS_EXT_T *ext
)
{
int retVal = 0; //to be used in the function internally
@@ -2157,6 +2373,9 @@ int32_t ipc_ReadBinaryKey
uint32_t secretIDLen = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
SSCS_PASSWORD_T myPassword = {0,0,""};
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
@@ -2195,7 +2414,25 @@ int32_t ipc_ReadBinaryKey
keyLen + //key
MSG_STRING_LEN + // epPassword len
epPassword->pwordLen;
// is there an ext, account for it
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN;
}
else
msgLen += MSG_DWORD_LEN;
}
else
{
// the cache daemon expects a ext, add it here
msgLen += MSG_DWORD_LEN;
}
pReq = gpReqBuf;
msgid = REQ_READ_BINARY_KEY_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
@@ -2221,6 +2458,35 @@ int32_t ipc_ReadBinaryKey
memcpy(pReq, epPassword->pword, epPassword->pwordLen);
pReq += epPassword->pwordLen;
// marshall the extension if there is one
if (ext)
{
if (ext->extID == WINDOWS_LOGIN_ID)
{
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, ext->ext, 8);
pReq += 8;
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
}
else
{
uint32_t extID = 0;
memcpy(pReq,&extID,MSG_DWORD_LEN);
}
retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen);
if(retVal < 0)
{
@@ -2965,3 +3231,150 @@ int ipc_IsSecretPersistent
return retCode;
}
int32_t ipc_MergeCache(SSCS_SECRETSTORE_HANDLE_T *ssHandle,
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
int32_t bDestroySrc)
{
int retVal = 0; //to be used in the function internally
int32_t retCode = NSSCS_SUCCESS; //to be returned to caller
int32_t sockReturn = 0; //obtained from the server
Byte gpReqBuf[MIN_REQUEST_BUF_LEN];
Byte gpReplyBuf[MIN_REPLY_BUF_LEN];
Byte *pReq = NULL, *pReply = NULL;
Byte *tmpBuf = NULL;
uint16_t msgid = 0;
uint32_t msgLen = 0;
uint32_t extID = 0;
uint32_t luidLen = 0;
memset(gpReqBuf,0,sizeof(gpReqBuf));
memset(gpReplyBuf,0,sizeof(gpReplyBuf));
do
{
// Prepare Request buffer
msgLen = MSGID_LEN + MSG_LEN;
// compute the size of the extensions we marshall
if (srcExt && targetExt)
{
if ((srcExt->extID == WINDOWS_LOGIN_ID) && (targetExt->extID == WINDOWS_LOGIN_ID))
{
// 4 byte ext type, 4 byte len and 8 bytes of LUID
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // src
msgLen += MSG_DWORD_LEN + MSG_DWORD_LEN + WINDOWS_LUID_LEN; // target
msgLen += sizeof(int32_t); // destroy flag
}
else
{
retCode = NSSCS_E_NOT_SUPPORTED;
break;
}
}
else
{
retCode = NSSCS_E_NOT_SUPPORTED;
break;
}
// if no errors, marshal the data.
if (!retCode)
{
if( msgLen > MIN_REQUEST_BUF_LEN )
{
tmpBuf = (Byte*)malloc(msgLen);
if( NULL == tmpBuf )
{
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memset(tmpBuf,0,msgLen);
pReq = tmpBuf;
}
else
{
pReq = gpReqBuf;
}
msgid = REQ_MERGE_CACHE_MSGID;
memcpy(pReq, &msgid, MSGID_LEN);
pReq += MSGID_LEN;
memcpy(pReq, &msgLen, MSG_LEN);
pReq += MSG_LEN;
// copy the srcExt
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, srcExt->ext, 8);
pReq += 8;
// copy the targetExt
extID = EXT_TYPE_WINDOWS_LUID;
memcpy(pReq, &extID, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
luidLen = WINDOWS_LUID_LEN;
memcpy(pReq, &luidLen, MSG_DWORD_LEN);
pReq += MSG_DWORD_LEN;
memcpy(pReq, targetExt->ext, 8);
pReq += 8;
// copy destroy flag
memcpy(pReq, &bDestroySrc, sizeof(int32_t));
if(tmpBuf != NULL)
{
retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen);
}
else
{
retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen);
}
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
// Read reply
pReply = gpReplyBuf;
retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL);
if(retVal < 0)
{
//log debug info here
retCode = NSSCS_E_SYSTEM_FAILURE;
break;
}
memcpy(&msgid,pReply, MSGID_LEN);
pReply += MSGID_LEN;
memcpy(&msgLen,pReply, MSG_LEN);
pReply += MSG_LEN;
memcpy(&sockReturn, pReply, MSG_DWORD_LEN);
retCode = mapReturnCode(sockReturn);
}
}while(0);
if( tmpBuf != NULL )
{
free(tmpBuf);
tmpBuf = NULL;
}
return retCode;
}

7
CASA/micasad/cache/SecretStore.cs vendored
View File

@@ -904,7 +904,7 @@ namespace sscs.cache
{
if (lss != null)
{
MemoryStream ms = lss.GetSecretsAsXMLStream();
MemoryStream ms = LocalStorage.GetSecretsAsXMLStream(this);
byte[] baSecrets = ms.ToArray();
// encrypt if an encryptionstring was passed
@@ -939,10 +939,7 @@ namespace sscs.cache
XmlDocument doc = new XmlDocument();
String sXMLData = Encoding.ASCII.GetString(decryptedXmlSecrets);
doc.LoadXml(sXMLData);
if (lss != null)
{
lss.AddXMLSecretsToStore(doc);
}
LocalStorage.AddXMLSecretsToStore(this, doc);
}
internal void CreatePolicyDirectory()

1
CASA/micasad/common/RequestParser.cs
View File

@@ -84,6 +84,7 @@ namespace sscs.common
msgIdMap.Add(21,"sscs.verbs.WriteBinaryKey");
msgIdMap.Add(22,"sscs.verbs.ReadBinaryKey");
msgIdMap.Add(23,"sscs.verbs.RemoveKey");
msgIdMap.Add(24,"sscs.verbs.MergeCache");
}

14
CASA/micasad/common/WinUserIdentifier.cs
View File

@@ -72,7 +72,9 @@ namespace sscs.common
}
public void PrintIdentifier()
{
// Console.WriteLine("WinUserIdentifier : uid is {0}",uid);
CSSSLogger.DbgLog(" High: " + this.uidHigh);
CSSSLogger.DbgLog(" LOW: " + this.uidLow);
CSSSLogger.DbgLog(" SID: " + this.m_sSID);
}
public int GetUID()
@@ -80,5 +82,15 @@ namespace sscs.common
return -1;
}
internal int GetUIDLow()
{
return this.uidLow;
}
internal int GetUIDHigh()
{
return this.uidHigh;
}
}
}

153
CASA/micasad/lss/LocalStorage.cs
View File

@@ -35,6 +35,7 @@ using sscs.crypto;
using sscs.common;
using sscs.constants;
using Novell.CASA.MiCasa.Common;
using Novell.CASA.CASAPolicy;
namespace sscs.lss
{
@@ -239,7 +240,7 @@ namespace sscs.lss
}
// add these to the store
AddXMLSecretsToStore(doc);
AddXMLSecretsToStore(userStore, doc);
}
catch(Exception e)
{
@@ -252,7 +253,7 @@ namespace sscs.lss
return true;
}
internal void AddXMLSecretsToStore(XmlDocument doc)
internal static void AddXMLSecretsToStore(SecretStore userStore, XmlDocument doc)
{
string xpath = "";
xpath = "//" + XmlConsts.miCASANode;
@@ -271,11 +272,38 @@ namespace sscs.lss
{
keyChain = new KeyChain(keyChainId);
userStore.AddKeyChain(keyChain);
}
else
{
keyChain = userStore.GetKeyChain(keyChainId);
// set the created time if possible
XmlNode timeNode = node.SelectSingleNode("descendant::" + XmlConsts.timeNode);
if (timeNode != null)
{
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
if (timeAttribCol != null)
{
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
if (createdTimeNode != null)
{
//Console.WriteLine("KeyChain create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
}
else
{
//Console.WriteLine("Create time not found");
}
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
if (modifiedTimeNode != null)
{
//Console.WriteLine("KeyChain mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
}
}
}
}
xpath = "descendant::" + XmlConsts.secretNode;
XmlNodeList secretNodeList = node.SelectNodes(xpath);
foreach(XmlNode secretNode in secretNodeList)
@@ -284,6 +312,39 @@ namespace sscs.lss
string secretId = (attrColl[XmlConsts.idAttr]).Value + "\0";
xpath = "descendant::" + XmlConsts.valueNode;
Secret secret = new Secret(secretId);
// get time stamps for this secret
XmlNode timeNode = secretNode.SelectSingleNode("descendant::" + XmlConsts.timeNode);
if (timeNode != null)
{
//Console.WriteLine("Secret: " + secretId);
XmlAttributeCollection timeAttribCol = timeNode.Attributes;
if (timeAttribCol != null)
{
XmlNode createdTimeNode = timeAttribCol.GetNamedItem(XmlConsts.createdTimeNode);
if (createdTimeNode != null)
{
//Console.WriteLine("Secret create time:" + new DateTime(long.Parse(createdTimeNode.Value)));
}
else
{
//Console.WriteLine("Create time not found");
}
XmlNode modifiedTimeNode = timeAttribCol.GetNamedItem(XmlConsts.modifiedTimeNode);
if (modifiedTimeNode != null)
{
//Console.WriteLine("Secret mod time:" + new DateTime(long.Parse(modifiedTimeNode.Value)));
}
else
{
//Console.WriteLine("mod time not found");
}
}
}
if( keyChain.CheckIfSecretExists(secretId) == false)
{
keyChain.AddSecret(secret);
@@ -309,9 +370,8 @@ namespace sscs.lss
xpath = "descendant::" + XmlConsts.keyValueNode;
XmlNode keyValNode = keyNode.SelectSingleNode(xpath);
string keyValue = keyValNode.InnerText;
secret.SetKeyValue(key,keyValue);
secret.SetKeyValue(key,keyValue);
// add linked keys
xpath = "descendant::" + XmlConsts.linkedKeyNode;
XmlNodeList linkNodeList = keyNode.SelectNodes(xpath);
@@ -362,10 +422,26 @@ namespace sscs.lss
internal void PersistStore()
{
string sPeristSecrets = null;
// is policy set to persist secrets
UIPol uiPolicy = (UIPol)ICASAPol.GetPolicy(CASAPolType.UI_POL, userStore.GetUserHomeDirectory());
if (uiPolicy != null)
{
sPeristSecrets = uiPolicy.GetConfigSetting(ConstStrings.CONFIG_PERSIST_SECRETS);
}
if ((sPeristSecrets != null) && (sPeristSecrets.Equals("0")))
{
// delete .miCASA file and .IV file
File.Delete(userStore.GetPersistenceFilePath());
return;
}
//userStore.DumpSecretstore();
try
{
MemoryStream ms1 = GetSecretsAsXMLStream();
MemoryStream ms1 = GetSecretsAsXMLStream(this.userStore);
//byte[] key = CASACrypto.GetKeySetFromFile(CASACrypto.GetMasterPasscode(userStore.GetDesktopPasswd(),userStore.GetPasscodeByDesktopFilePath()),userStore.GetKeyFilePath());
byte[] key = CASACrypto.GetKeySetFromFile(m_baGeneratedKey, userStore.GetKeyFilePath());
@@ -412,7 +488,7 @@ namespace sscs.lss
}
}
internal MemoryStream GetSecretsAsXMLStream()
internal static MemoryStream GetSecretsAsXMLStream(SecretStore userStore)
{
try
{
@@ -438,12 +514,13 @@ namespace sscs.lss
sTmpId = new string(tmpId);
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
/* If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.ToString());
writer.WriteEndElement();
*/
// If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,kc.CreatedTime.Ticks.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,kc.ModifiedTime.Ticks.ToString());
writer.WriteEndElement();
PersistencePol policy = null;
IDictionaryEnumerator secIter = (IDictionaryEnumerator)(kc.GetAllSecrets());
while(secIter.MoveNext())
@@ -451,18 +528,37 @@ namespace sscs.lss
Secret secret = (Secret)secIter.Value;
writer.WriteStartElement(XmlConsts.secretNode);
string secretId = secret.GetKey();
tmpId = new char[secretId.Length-1];
for(int i = 0; i < secretId.Length-1; i++ )
{
tmpId[i] = secretId[i];
}
sTmpId = new string(tmpId);
// TODO: Does Policy allow persisting this secret.
if (policy == null)
{
policy = (PersistencePol)ICASAPol.GetPolicy(CASAPolType.PERSISTENCE_POL, userStore.GetUserHomeDirectory());
}
bool bSaveValues = true;
if (policy != null)
{
if (policy.GetSecretPolicy(sTmpId, "Persistent", "True").Equals("False"))
{
//continue;
bSaveValues = false;
}
}
writer.WriteAttributeString(XmlConsts.idAttr,sTmpId);
/* If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.ToString());
writer.WriteEndElement();
*/
// If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,secret.CreatedTime.Ticks.ToString());
writer.WriteAttributeString("LazyTime",secret.CreatedTime.ToShortDateString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,secret.ModifiedTime.Ticks.ToString());
writer.WriteEndElement();
writer.WriteStartElement(XmlConsts.valueNode);
// byte[] byteArr = secret.GetValue();
@@ -475,14 +571,19 @@ namespace sscs.lss
writer.WriteStartElement(XmlConsts.keyNode);
writer.WriteAttributeString(XmlConsts.idAttr, sKey);
writer.WriteStartElement(XmlConsts.keyValueNode);
writer.WriteString(value);
if (bSaveValues)
writer.WriteString(value);
else
writer.WriteString("");
writer.WriteEndElement();
/* If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).ToString());
writer.WriteEndElement();
*/
// If we need to store time
writer.WriteStartElement(XmlConsts.timeNode);
writer.WriteAttributeString(XmlConsts.createdTimeNode,(secret.GetKeyValueCreatedTime(sKey)).Ticks.ToString());
writer.WriteAttributeString(XmlConsts.modifiedTimeNode,(secret.GetKeyValueModifiedTime(sKey)).Ticks.ToString());
writer.WriteEndElement();
// write all LinkKeys
Hashtable htLinkedKeys = secret.GetLinkedKeys(sKey);
if (htLinkedKeys != null)

41
CASA/micasad/verbs/ReadBinaryKey.cs
View File

@@ -56,6 +56,13 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/*
* This method sets the class member with the byte array received.
*/
@@ -77,6 +84,7 @@ namespace sscs.verbs
Secret secret = null;
CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding,
* it is handled by AppHandler
@@ -108,12 +116,41 @@ namespace sscs.verbs
byte[] keyArr = new byte[keyLen];
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try
{
KeyChain keyChain = null;
// Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{
if( ssStore.CheckIfKeyChainExists(keyChainId) )

48
CASA/micasad/verbs/ReadKey.cs
View File

@@ -56,6 +56,13 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/*
* This method sets the class member with the byte array received.
*/
@@ -77,6 +84,7 @@ namespace sscs.verbs
Secret secret = null;
CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding,
* it is handled by AppHandler
@@ -108,12 +116,44 @@ namespace sscs.verbs
byte[] keyArr = new byte[keyLen];
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try
{
KeyChain keyChain = null;
// Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
KeyChain keyChain = null;
ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{
if( ssStore.CheckIfKeyChainExists(keyChainId) )

39
CASA/micasad/verbs/ReadSecret.cs
View File

@@ -51,6 +51,13 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/*
* This method sets the class member with the byte array received.
@@ -73,6 +80,7 @@ namespace sscs.verbs
Secret secret = null;
CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding,
* it is handled by AppHandler
@@ -99,11 +107,40 @@ namespace sscs.verbs
secretId = Encoding.UTF8.GetString(secretIdArr);
// Message Format decipher - End
try
{
// get extension ID
int extLocation = 18 + ((int)keyChainIdLen) + ((int)secretIdLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
SecretStore ssStore;
if (extId == 1)
{
#if W32
WinUserIdentifier test = (WinUserIdentifier)userId;
// NOTE: ONLY ALLOW THE SWITCH IF THE CALLER IS "SYSTEM"
if ((test.GetUIDLow() == 999) && (test.GetUIDHigh() == 0))
{
// WINDOWS LUID
// System Services, like DLU create fake UIDs, store credentials and then want to read that data.
luidLow = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 18 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
}
#endif
}
try
{
KeyChain keyChain = null;
// Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{

45
CASA/micasad/verbs/RemoveKey.cs
View File

@@ -52,6 +52,13 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/*
* This method sets the class member with the byte array received.
*/
@@ -78,6 +85,8 @@ namespace sscs.verbs
* it is handled by AppHandler
*/
UserIdentifier tempUserId = userId;
// Message Format decipher - Start
msgId = BitConverter.ToUInt16(inBuf,0);
inMsgLen = BitConverter.ToUInt32(inBuf,2);
@@ -105,11 +114,45 @@ namespace sscs.verbs
Array.Copy(inBuf,(18+(int)keyChainIdLen+(int)secretIdLen),keyArr,0,keyLen);
key = Encoding.UTF8.GetString(keyArr);
try
{
// get extension ID
int extLocation = 22 + ((int)keyChainIdLen) + ((int)secretIdLen) + ((int)keyLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
if (extId == 1)
{
#if W32
// WINDOWS LUID
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
// we might be able to change this if/when we abstract the session.
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
luidLow = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 22 + ((int)keyChainIdLen)+((int)secretIdLen) +((int)keyLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
try
{
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
}
catch (Exception)
{
}
#endif
}
try
{
KeyChain keyChain = null;
// Secret secret = null;
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{
if( ssStore.CheckIfKeyChainExists(keyChainId) )

48
CASA/micasad/verbs/RemoveSecret.cs
View File

@@ -50,6 +50,14 @@ namespace sscs.verbs
private byte[] inBuf;
private byte[] outBuf;
// extension operations
private uint extId = 0;
#if W32
private int luidLow = 0;
private int luidHigh = 0;
#endif
/*
* This method sets the class member with the byte array received.
*/
@@ -69,6 +77,9 @@ namespace sscs.verbs
{
CSSSLogger.ExecutionTrace(this);
UserIdentifier tempUserId = userId;
/* If an exception occurs in message format decoding,
* it is handled by AppHandler
*/
@@ -92,11 +103,44 @@ namespace sscs.verbs
byte[] secretIdArr = new byte[secretIdLen];
Array.Copy(inBuf,(10+keyChainIdLen+4),secretIdArr,0,secretIdLen);
secretId = Encoding.UTF8.GetString(secretIdArr);
// Message Format decipher - End
try
{
// get extension ID
int extLocation = 14 + ((int)keyChainIdLen) + ((int)secretIdLen);
extId = BitConverter.ToUInt32(inBuf, extLocation);
}
catch (Exception)
{
//CSSSLogger.ExpLog(e.ToString());
}
if (extId == 1)
{
#if W32
// WINDOWS LUID
// This is how the Login Capture module on windows, running as System, sets the Desktop Credential.
// we might be able to change this if/when we abstract the session.
// [4 byte extID][4 byte length][4 byte luidLow][4 byte luidHigh]
luidLow = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 8);
luidHigh = BitConverter.ToInt32(inBuf, 14 + ((int)keyChainIdLen)+((int)secretIdLen) + 12);
tempUserId = new WinUserIdentifier(luidLow, luidHigh);
SecretStore ss = SessionManager.CreateUserSession(tempUserId);
try
{
ss.AddKeyChain(new KeyChain("SSCS_SESSION_KEY_CHAIN_ID\0"));
}
catch (Exception)
{
}
#endif
}
// Message Format decipher - End
try
{
SecretStore ssStore = SessionManager.GetUserSecretStore(userId);
SecretStore ssStore = SessionManager.GetUserSecretStore(tempUserId);
if (!ssStore.IsStoreLocked())
{

1
CASA/micasadk/link.w32
View File

@@ -35,6 +35,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

1
CASA/micasadk/link_mdd.w32
View File

@@ -40,6 +40,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAMergeCache" >> $(LINKDEF);\
echo "/EXPORT:miCASAReadSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveSecret" >> $(LINKDEF);\
echo "/EXPORT:miCASAWriteSecret" >> $(LINKDEF);\

1
CASA/micasadk/micasa.def
View File

@@ -10,6 +10,7 @@ EXPORTS
miCASARemoveCredential
miCASAOpenSecretStoreCache
miCASACloseSecretStoreCache
miCASAMergeCache
miCASAReadSecret
miCASARemoveSecret
miCASAWriteSecret

53
CASA/micasadk/sscs_ndk.c
View File

@@ -1107,7 +1107,7 @@ miCASAReadSecret
}
if(rc = sscs_CacheReadSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf,
epPassword, &bytesRequired, readData))
epPassword, &bytesRequired, ext))
{
goto errorLevel1;
}
@@ -1285,7 +1285,7 @@ miCASARemoveSecret
}
rc = sscs_CacheRemoveSecret(storeContext->ssHandle, ssFlags, keyChainID,
&secretID, epPassword, NULL);
&secretID, epPassword, ext);
/* ############################### CODE EXITS HERE ############################# */
@@ -3207,7 +3207,7 @@ miCASAGetCredential
// read credset for this app
secID.type = SSCS_CREDENTIAL_TYPE_F;
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
if(rcode == NSSCS_SUCCESS)
{
@@ -3231,7 +3231,7 @@ miCASAGetCredential
secID.type = SSCS_CREDENTIAL_TYPE_F;
secID.len = appSecretID->len;
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL);
rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, ext);
if(rcode == NSSCS_SUCCESS)
{
// read the username and password
@@ -3605,7 +3605,7 @@ miCASADeleteCredential
secID.len = appSecretID->len;
sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len);
rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL);
rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, ext);
// close the secretstore
miCASACloseSecretStoreCache(context, ssFlags, NULL);
@@ -3750,3 +3750,46 @@ miCASAIsSecretPersistent
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASAIsSecretPersistent
/*
* NAME - miCASAMergeCache
*
* DESCRIPTION
* This call merges the src cache with the destination cache
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASAMergeCache
(
SSCS_EXT_T *srcExt,
SSCS_EXT_T *targetExt,
uint32_t bDestroySrcCache
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
void *context = NULL;
int32_t rcode = 0;
SSCS_SECRETSTORE_T store = {0};
SSCS_CONTEXT_T *storeContext;
/* ############################## CODE STARTS HERE ############################ */
// open secretStore
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
store.version = 1;
context = miCASAOpenSecretStoreCache(&store, 0, NULL);
storeContext = (SSCS_CONTEXT_T *)context;
if(context == NULL)
{
return NSSCS_E_SYSTEM_FAILURE;
}
rcode = sscs_MergeCache(storeContext->ssHandle, srcExt, targetExt, bDestroySrcCache);
miCASACloseSecretStoreCache(context, 0, NULL);
return rcode;
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASAIsSecretPersistent