geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added the ability to specify to the PwdMechanism through the auth.policy that it should only utilize credentials that match the specified realm.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2007-03-21 17:54:38 +00:00
parent 67485b5388
commit 0eda6a0830
1 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CASA-auth-token/client/library/mechanisms/pwd/get.c
View File

@ -40,6 +40,7 @@ CasaStatus
GetUserCredentials( GetUserCredentials(
IN const char *pRealm, IN const char *pRealm,
IN void *pCredStoreScope, IN void *pCredStoreScope,
IN bool realm_credentials_only,
INOUT char **ppUsername, INOUT char **ppUsername,
INOUT char **ppPassword) INOUT char **ppPassword)
// //
@ -52,6 +53,9 @@ GetUserCredentials(
// to specific users. This can only be leveraged when running in // to specific users. This can only be leveraged when running in
// the context of System under Windows. // the context of System under Windows.
// //
// realm_credentials_only -
// Only utilize credentials associated with the specified realm.
//
// ppUsername - // ppUsername -
// Pointer to variable that will receive buffer with the username. // Pointer to variable that will receive buffer with the username.
// //
@ -105,7 +109,8 @@ GetUserCredentials(
&credtype, &credtype,
&credential, &credential,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (rcode != NSSCS_SUCCESS) if (rcode != NSSCS_SUCCESS
&& realm_credentials_only == false)
{ {
// There were no credentials for the realm, now try to obtain the // There were no credentials for the realm, now try to obtain the
// desktop credentials. // desktop credentials.
@ -275,6 +280,7 @@ AuthTokenIf_GetAuthToken(
char *pUsername = NULL; char *pUsername = NULL;
char *pPassword = NULL; char *pPassword = NULL;
char *pToken; char *pToken;
bool realm_credentials_only = false;
DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0); DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);
@ -293,9 +299,44 @@ AuthTokenIf_GetAuthToken(
goto exit; goto exit;
} }
// Process any mechanism information that may have been provided
if (pMechInfo)
{
// Mechanism information has been provided. Mechanism information
// consists of semicolon delimited settings. The settings are formated
// using the format settingName=settingvalue. No white space is allowed
// as part of the mechanism information.
char *pNextSettingToken;
char *pSettingValueToken = strtok_s(pMechInfo, ";", &pNextSettingToken);
while (pSettingValueToken != NULL)
{
char *pNextToken;
char *pSettingName = strtok_s(pSettingValueToken, "=", &pNextToken);
char *pSettingValue = strtok_s(NULL, "=", &pNextToken);
if (pSettingValue)
{
// Process the setting
if (strcmpi(pSettingName, "REALM_CREDENTIALS_ONLY") == 0)
{
if (strcmpi(pSettingValue, "true") == 0)
{
realm_credentials_only = true;
}
}
}
else
{
printf("Bad setting\n");
}
pSettingValueToken = strtok_s(NULL, ";", &pNextSettingToken);
}
}
// Get the user credentials // Get the user credentials
retStatus = GetUserCredentials(pContext, retStatus = GetUserCredentials(pContext,
pCredStoreScope, pCredStoreScope,
realm_credentials_only,
&pUsername, &pUsername,
&pPassword); &pPassword);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))