Added the ability to specify to the PwdMechanism through the auth.policy that it should only utilize credentials that match the specified realm.
This commit is contained in:
Juan Carlos Luciani
@@ -40,6 +40,7 @@ CasaStatus
|
|||||||
GetUserCredentials(
|
GetUserCredentials(
|
||||||
IN const char *pRealm,
|
IN const char *pRealm,
|
||||||
IN void *pCredStoreScope,
|
IN void *pCredStoreScope,
|
||||||
|
IN bool realm_credentials_only,
|
||||||
INOUT char **ppUsername,
|
INOUT char **ppUsername,
|
||||||
INOUT char **ppPassword)
|
INOUT char **ppPassword)
|
||||||
//
|
//
|
||||||
@@ -52,6 +53,9 @@ GetUserCredentials(
|
|||||||
// to specific users. This can only be leveraged when running in
|
// to specific users. This can only be leveraged when running in
|
||||||
// the context of System under Windows.
|
// the context of System under Windows.
|
||||||
//
|
//
|
||||||
|
// realm_credentials_only -
|
||||||
|
// Only utilize credentials associated with the specified realm.
|
||||||
|
//
|
||||||
// ppUsername -
|
// ppUsername -
|
||||||
// Pointer to variable that will receive buffer with the username.
|
// Pointer to variable that will receive buffer with the username.
|
||||||
//
|
//
|
||||||
@@ -105,7 +109,8 @@ GetUserCredentials(
|
|||||||
&credtype,
|
&credtype,
|
||||||
&credential,
|
&credential,
|
||||||
(SSCS_EXT_T*) pCredStoreScope);
|
(SSCS_EXT_T*) pCredStoreScope);
|
||||||
if (rcode != NSSCS_SUCCESS)
|
if (rcode != NSSCS_SUCCESS
|
||||||
|
&& realm_credentials_only == false)
|
||||||
{
|
{
|
||||||
// There were no credentials for the realm, now try to obtain the
|
// There were no credentials for the realm, now try to obtain the
|
||||||
// desktop credentials.
|
// desktop credentials.
|
||||||
@@ -275,6 +280,7 @@ AuthTokenIf_GetAuthToken(
|
|||||||
char *pUsername = NULL;
|
char *pUsername = NULL;
|
||||||
char *pPassword = NULL;
|
char *pPassword = NULL;
|
||||||
char *pToken;
|
char *pToken;
|
||||||
|
bool realm_credentials_only = false;
|
||||||
|
|
||||||
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);
|
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);
|
||||||
|
|
||||||
@@ -293,9 +299,44 @@ AuthTokenIf_GetAuthToken(
|
|||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Process any mechanism information that may have been provided
|
||||||
|
if (pMechInfo)
|
||||||
|
{
|
||||||
|
// Mechanism information has been provided. Mechanism information
|
||||||
|
// consists of semicolon delimited settings. The settings are formated
|
||||||
|
// using the format settingName=settingvalue. No white space is allowed
|
||||||
|
// as part of the mechanism information.
|
||||||
|
char *pNextSettingToken;
|
||||||
|
char *pSettingValueToken = strtok_s(pMechInfo, ";", &pNextSettingToken);
|
||||||
|
while (pSettingValueToken != NULL)
|
||||||
|
{
|
||||||
|
char *pNextToken;
|
||||||
|
char *pSettingName = strtok_s(pSettingValueToken, "=", &pNextToken);
|
||||||
|
char *pSettingValue = strtok_s(NULL, "=", &pNextToken);
|
||||||
|
if (pSettingValue)
|
||||||
|
{
|
||||||
|
// Process the setting
|
||||||
|
if (strcmpi(pSettingName, "REALM_CREDENTIALS_ONLY") == 0)
|
||||||
|
{
|
||||||
|
if (strcmpi(pSettingValue, "true") == 0)
|
||||||
|
{
|
||||||
|
realm_credentials_only = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
printf("Bad setting\n");
|
||||||
|
}
|
||||||
|
|
||||||
|
pSettingValueToken = strtok_s(NULL, ";", &pNextSettingToken);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Get the user credentials
|
// Get the user credentials
|
||||||
retStatus = GetUserCredentials(pContext,
|
retStatus = GetUserCredentials(pContext,
|
||||||
pCredStoreScope,
|
pCredStoreScope,
|
||||||
|
realm_credentials_only,
|
||||||
&pUsername,
|
&pUsername,
|
||||||
&pPassword);
|
&pPassword);
|
||||||
if (CASA_SUCCESS(retStatus))
|
if (CASA_SUCCESS(retStatus))
|
||||||
|
|||||||
Reference in New Issue
Block a user