From 0eda6a08302c3a3b258cc05b509044925171337c Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Wed, 21 Mar 2007 17:54:38 +0000 Subject: [PATCH] Added the ability to specify to the PwdMechanism through the auth.policy that it should only utilize credentials that match the specified realm. --- .../client/library/mechanisms/pwd/get.c | 43 ++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/CASA-auth-token/client/library/mechanisms/pwd/get.c b/CASA-auth-token/client/library/mechanisms/pwd/get.c index 391ba9cb..5a9b4ab5 100644 --- a/CASA-auth-token/client/library/mechanisms/pwd/get.c +++ b/CASA-auth-token/client/library/mechanisms/pwd/get.c @@ -40,6 +40,7 @@ CasaStatus GetUserCredentials( IN const char *pRealm, IN void *pCredStoreScope, + IN bool realm_credentials_only, INOUT char **ppUsername, INOUT char **ppPassword) // @@ -52,6 +53,9 @@ GetUserCredentials( // to specific users. This can only be leveraged when running in // the context of System under Windows. // +// realm_credentials_only - +// Only utilize credentials associated with the specified realm. +// // ppUsername - // Pointer to variable that will receive buffer with the username. // @@ -105,7 +109,8 @@ GetUserCredentials( &credtype, &credential, (SSCS_EXT_T*) pCredStoreScope); - if (rcode != NSSCS_SUCCESS) + if (rcode != NSSCS_SUCCESS + && realm_credentials_only == false) { // There were no credentials for the realm, now try to obtain the // desktop credentials. @@ -275,6 +280,7 @@ AuthTokenIf_GetAuthToken( char *pUsername = NULL; char *pPassword = NULL; char *pToken; + bool realm_credentials_only = false; DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0); @@ -293,9 +299,44 @@ AuthTokenIf_GetAuthToken( goto exit; } + // Process any mechanism information that may have been provided + if (pMechInfo) + { + // Mechanism information has been provided. Mechanism information + // consists of semicolon delimited settings. The settings are formated + // using the format settingName=settingvalue. No white space is allowed + // as part of the mechanism information. + char *pNextSettingToken; + char *pSettingValueToken = strtok_s(pMechInfo, ";", &pNextSettingToken); + while (pSettingValueToken != NULL) + { + char *pNextToken; + char *pSettingName = strtok_s(pSettingValueToken, "=", &pNextToken); + char *pSettingValue = strtok_s(NULL, "=", &pNextToken); + if (pSettingValue) + { + // Process the setting + if (strcmpi(pSettingName, "REALM_CREDENTIALS_ONLY") == 0) + { + if (strcmpi(pSettingValue, "true") == 0) + { + realm_credentials_only = true; + } + } + } + else + { + printf("Bad setting\n"); + } + + pSettingValueToken = strtok_s(NULL, ";", &pNextSettingToken); + } + } + // Get the user credentials retStatus = GetUserCredentials(pContext, pCredStoreScope, + realm_credentials_only, &pUsername, &pPassword); if (CASA_SUCCESS(retStatus))