Added the ability to specify to the PwdMechanism through the auth.policy that it should only utilize credentials that match the specified realm.

2007-03-21 17:54:38 +00:00 · 2007-03-21 17:54:38 +00:00 · 0eda6a0830
commit 0eda6a0830
parent 67485b5388
1 changed files with 42 additions and 1 deletions
--- a/CASA-auth-token/client/library/mechanisms/pwd/get.c
+++ b/CASA-auth-token/client/library/mechanisms/pwd/get.c
@ -40,6 +40,7 @@ CasaStatus
 GetUserCredentials(
   IN       const char *pRealm,
   IN       void *pCredStoreScope,
+   IN       bool realm_credentials_only,
   INOUT    char **ppUsername,
   INOUT    char **ppPassword)
 //
@ -52,6 +53,9 @@ GetUserCredentials(
 //       to specific users. This can only be leveraged when running in
 //       the context of System under Windows.
 //   
+//    realm_credentials_only -
+//       Only utilize credentials associated with the specified realm.
+//               
 //    ppUsername -
 //       Pointer to variable that will receive buffer with the username.
 //               
@ -105,7 +109,8 @@ GetUserCredentials(
                                     &credtype,
                                     &credential,
                                     (SSCS_EXT_T*) pCredStoreScope);
-         if (rcode != NSSCS_SUCCESS)
+         if (rcode != NSSCS_SUCCESS
+             && realm_credentials_only == false)
         {
            // There were no credentials for the realm, now try to obtain the
            // desktop credentials.
@ -275,6 +280,7 @@ AuthTokenIf_GetAuthToken(
   char        *pUsername = NULL;
   char        *pPassword = NULL;
   char        *pToken;
+   bool        realm_credentials_only = false;

   DbgTrace(1, "-AuthTokenIf_GetAuthToken- Start\n", 0);

@ -293,9 +299,44 @@ AuthTokenIf_GetAuthToken(
      goto exit;
   }

+   // Process any mechanism information that may have been provided
+   if (pMechInfo)
+   {
+      // Mechanism information has been provided. Mechanism information
+      // consists of semicolon delimited settings. The settings are formated
+      // using the format settingName=settingvalue. No white space is allowed
+      // as part of the mechanism information.
+      char *pNextSettingToken;
+      char *pSettingValueToken = strtok_s(pMechInfo, ";", &pNextSettingToken);
+      while (pSettingValueToken != NULL)
+      {
+         char *pNextToken;
+         char *pSettingName = strtok_s(pSettingValueToken, "=", &pNextToken);
+         char *pSettingValue = strtok_s(NULL, "=", &pNextToken);
+         if (pSettingValue)
+         {
+            // Process the setting
+            if (strcmpi(pSettingName, "REALM_CREDENTIALS_ONLY") == 0)
+            {
+               if (strcmpi(pSettingValue, "true") == 0)
+               {
+                  realm_credentials_only = true;
+               }
+            }
+         }
+         else
+         {
+            printf("Bad setting\n");
+         }
+
+         pSettingValueToken = strtok_s(NULL, ";", &pNextSettingToken);
+      }
+   }
+
   // Get the user credentials
   retStatus = GetUserCredentials(pContext,
                                  pCredStoreScope,
+                                  realm_credentials_only,
                                  &pUsername,
                                  &pPassword);
   if (CASA_SUCCESS(retStatus))