diff --git a/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj b/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj index 5fcee0ac..06be6ad6 100644 --- a/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj +++ b/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj @@ -28,7 +28,7 @@ "Entry" { "MsmKey" = "8:_313DE095D13281AF91A64E3F3D472413" - "OwnerKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B" + "OwnerKey" = "8:_6459BA05FDB94898947EC93CCF50456E" "MsmSig" = "8:_UNDEFINED" } "Entry" @@ -45,6 +45,18 @@ } "Entry" { + "MsmKey" = "8:_555A94D11FC040D98681BDDB87C6003D" + "OwnerKey" = "8:_UNDEFINED" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { + "MsmKey" = "8:_6459BA05FDB94898947EC93CCF50456E" + "OwnerKey" = "8:_UNDEFINED" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { "MsmKey" = "8:_677B016062384F4C8A73EC952CBCFD76" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -63,18 +75,12 @@ } "Entry" { - "MsmKey" = "8:_A2DC4131C0394DE9A11C5C9454847F1E" + "MsmKey" = "8:_BE89D37A570A4A269D181A19CF27A569" "OwnerKey" = "8:_8292EFFD84EF46C6BD2F1F3E20808684" "MsmSig" = "8:_UNDEFINED" } "Entry" { - "MsmKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B" - "OwnerKey" = "8:_UNDEFINED" - "MsmSig" = "8:_UNDEFINED" - } - "Entry" - { "MsmKey" = "8:_EDA39B5CAD864AF0821AAFC9783DFF12" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -208,6 +214,26 @@ "IsDependency" = "11:FALSE" "IsolateTo" = "8:" } + "{A582A373-4685-4296-BEFE-614B80A702C3}:_555A94D11FC040D98681BDDB87C6003D" + { + "SourcePath" = "8:..\\..\\include\\windows\\casa_c_authtoken_ex.h" + "TargetName" = "8:casa_c_authtoken_ex.h" + "Tag" = "8:" + "Folder" = "8:_9568FCF514C14B54BAB7D1D5D183D3C5" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:FALSE" + "IsolateTo" = "8:" + } "{A582A373-4685-4296-BEFE-614B80A702C3}:_677B016062384F4C8A73EC952CBCFD76" { "SourcePath" = "8:..\\windows\\authtoken.lib" @@ -404,7 +430,7 @@ } "MergeModule" { - "{35A69C6E-5BA4-440D-803D-762B59A45393}:_A2DC4131C0394DE9A11C5C9454847F1E" + "{35A69C6E-5BA4-440D-803D-762B59A45393}:_BE89D37A570A4A269D181A19CF27A569" { "UseDynamicProperties" = "11:FALSE" "IsDependency" = "11:TRUE" @@ -432,7 +458,35 @@ { "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_3986DA1502244FFBB04A66472E74633B" { - "SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Debug\\pwmech.dll" + "SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Release\\pwmech.dll" + "TargetName" = "8:" + "Tag" = "8:" + "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:FALSE" + "IsolateTo" = "8:" + "ProjectOutputGroupRegister" = "3:1" + "OutputConfiguration" = "8:" + "OutputGroupCanonicalName" = "8:Built" + "OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}" + "ShowKeyOutput" = "11:FALSE" + "ExcludeFilters" + { + } + } + "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_6459BA05FDB94898947EC93CCF50456E" + { + "SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Release\\krb5mech.dll" "TargetName" = "8:" "Tag" = "8:" "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" @@ -460,7 +514,7 @@ } "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_8292EFFD84EF46C6BD2F1F3E20808684" { - "SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Debug\\Novell.Casa.Client.Auth.dll" + "SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Release\\Novell.Casa.Client.Auth.dll" "TargetName" = "8:" "Tag" = "8:" "Folder" = "8:_8E0BBDD021EA45308BD98380F28EB7F6" @@ -486,34 +540,6 @@ { } } - "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_EBD9DA1C34EA4666B638163C28BCA74B" - { - "SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Debug\\krb5mech.dll" - "TargetName" = "8:" - "Tag" = "8:" - "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" - "Condition" = "8:" - "Transitive" = "11:FALSE" - "Vital" = "11:TRUE" - "ReadOnly" = "11:FALSE" - "Hidden" = "11:FALSE" - "System" = "11:FALSE" - "Permanent" = "11:FALSE" - "SharedLegacy" = "11:FALSE" - "PackageAs" = "3:1" - "Register" = "3:1" - "Exclude" = "11:FALSE" - "IsDependency" = "11:FALSE" - "IsolateTo" = "8:" - "ProjectOutputGroupRegister" = "3:1" - "OutputConfiguration" = "8:" - "OutputGroupCanonicalName" = "8:Built" - "OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}" - "ShowKeyOutput" = "11:FALSE" - "ExcludeFilters" - { - } - } } "Registry" { diff --git a/CASA-auth-token/non-java/client/cache.c b/CASA-auth-token/non-java/client/cache.c index 3b462d64..d6bee9a2 100644 --- a/CASA-auth-token/non-java/client/cache.c +++ b/CASA-auth-token/non-java/client/cache.c @@ -44,7 +44,8 @@ CreateAuthTokenCacheEntry( IN const char *pGroupOrHostName, IN CasaStatus status, IN char *pToken, - IN int entryLifetime // seconds (0 == Lives forever) + IN int entryLifetime, // seconds (0 == Lives forever) + IN void *pCredStoreScope ) // // Arguments: @@ -65,7 +66,6 @@ CreateAuthTokenCacheEntry( AuthCacheEntry *pEntry = NULL; char *pKey; - DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0); if (status == CASA_STATUS_SUCCESS) @@ -129,7 +129,7 @@ CreateAuthTokenCacheEntry( (uint8_t *) pEntry, (uint32_t*) &entrySize, NULL, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); free(pKey); @@ -160,7 +160,8 @@ CreateSessionTokenCacheEntry( IN const char *pCacheKey, IN CasaStatus status, IN char *pToken, - IN int entryLifetime // seconds (0 == Lives forever) + IN int entryLifetime, // seconds (0 == Lives forever) + IN void *pCredStoreScope ) // // Arguments: @@ -180,7 +181,6 @@ CreateSessionTokenCacheEntry( int32_t tokenSize, entrySize; AuthCacheEntry *pEntry = NULL; - DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); if (status == CASA_STATUS_SUCCESS) @@ -234,7 +234,7 @@ CreateSessionTokenCacheEntry( (uint8_t *) pEntry, (uint32_t*) &entrySize, NULL, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); } else { @@ -347,7 +347,8 @@ CacheEntryLifetimeExpired( //++======================================================================= AuthCacheEntry* FindSessionTokenEntryInCache( - IN const char *pCacheKey + IN const char *pCacheKey, + IN void *pCredStoreScope ) // // Arguments: @@ -383,7 +384,7 @@ FindSessionTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) @@ -405,7 +406,7 @@ FindSessionTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (CASA_SUCCESS(retStatus)) { if (pEntry->doesNotExpire == false @@ -437,7 +438,8 @@ FindSessionTokenEntryInCache( AuthCacheEntry* FindAuthTokenEntryInCache( IN const char *pCacheKey, - IN const char *pGroupOrHostName + IN const char *pGroupOrHostName, + IN void *pCredStoreScope ) // // Arguments: @@ -483,7 +485,7 @@ FindAuthTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) @@ -505,7 +507,7 @@ FindAuthTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (CASA_SUCCESS(retStatus)) { if (pEntry->doesNotExpire == false diff --git a/CASA-auth-token/non-java/client/engine.c b/CASA-auth-token/non-java/client/engine.c index 1bcabc6a..756edefc 100644 --- a/CASA-auth-token/non-java/client/engine.c +++ b/CASA-auth-token/non-java/client/engine.c @@ -58,7 +58,8 @@ CasaStatus ObtainSessionToken( IN RpcSession *pRpcSession, IN AuthPolicy *pAuthPolicy, - INOUT char **ppSessionToken) + INOUT char **ppSessionToken, + IN void *pCredStoreScope) // // Arguments: // @@ -93,7 +94,8 @@ ObtainSessionToken( pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); // Try to find a cache entry for the auth context - pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); + pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext, + pCredStoreScope); if (pCacheEntry != NULL) { // Cache entry found, check if it is of use to us. @@ -127,7 +129,8 @@ ObtainSessionToken( // Only try to create cache entry for the auth context if there is not // one already. - pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); + pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext, + pCredStoreScope); if (pCacheEntry == NULL) { char *pReqMsg = NULL; @@ -169,7 +172,8 @@ ObtainSessionToken( pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, retStatus, pAuthenticateResp->pToken, - pAuthenticateResp->tokenLifetime); + pAuthenticateResp->tokenLifetime, + pCredStoreScope); pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer @@ -203,7 +207,8 @@ ObtainSessionToken( pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, retStatus, NULL, - DEFAULT_RETRY_LIFETIME); + DEFAULT_RETRY_LIFETIME, + pCredStoreScope); } @@ -260,7 +265,8 @@ ObtainAuthTokenFromServer( IN const char *pServiceName, IN const char *pHostName, INOUT char **ppAuthToken, - INOUT int *pTokenLifetime) + INOUT int *pTokenLifetime, + IN void *pCredStoreScope) // // Arguments: // @@ -318,7 +324,10 @@ ObtainAuthTokenFromServer( if (CASA_SUCCESS(retStatus)) { // Now try to obtain a session token - retStatus = ObtainSessionToken(pRpcSession, pAuthPolicy, &pSessionToken); + retStatus = ObtainSessionToken(pRpcSession, + pAuthPolicy, + &pSessionToken, + pCredStoreScope); if (CASA_SUCCESS(retStatus)) { // Request auth token for the service @@ -430,6 +439,219 @@ ObtainAuthTokenFromServer( } +//++======================================================================= +CasaStatus +ObtainAuthTokenInt( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope) +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. + +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + AuthCacheEntry *pCacheEntry; + char *pNormalizedHostName; + char *pToken; + HANDLE hUserMutex = NULL; + + DbgTrace(1, "-ObtainAuthTokenInt- Start\n", 0); + + // Verify the input parameters + if (pServiceName == NULL + || pHostName == NULL + || pAuthTokenBufLen == NULL + || (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL)) + { + DbgTrace(0, "-ObtainAuthTokenInt- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + + DbgTrace(1, "-ObtainAuthTokenInt- ServiceName = %s\n", pServiceName); + DbgTrace(1, "-ObtainAuthTokenInt- HostName = %s\n", pHostName); + DbgTrace(1, "-ObtainAuthTokenInt- BufferLength = %d\n", *pAuthTokenBufLen); + + // Obtain our synchronization mutex + AcquireModuleMutex; + + // Create user synchronization mutex + retStatus = CreateUserMutex(&hUserMutex); + if (retStatus != CASA_STATUS_SUCCESS) + { + DbgTrace(0, "-ObtainAuthTokenInt- Error creating mutex for the user\n", 0); + goto exit; + } + + // Make sure we are fully initialized + if (g_bInitialized == false) + { + retStatus = InitializeLibrary(); + + if (retStatus == CASA_STATUS_SUCCESS) + { + g_bInitialized = true; + } + else + { + goto exit; + } + } + + // Release our synchronization mutex + ReleaseModuleMutex; + + // Normalize the host name + pNormalizedHostName = NormalizeHostName(pHostName); + if (pNormalizedHostName) + { + // Start user process synchronization + AcquireUserMutex(hUserMutex); + + // Try to find a cache entry for the service + pCacheEntry = FindAuthTokenEntryInCache(pServiceName, + pNormalizedHostName, + pCredStoreScope); + if (pCacheEntry == NULL) + { + // Initialize to retry in case of failure + int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; + + // Cache entry created, now try to obtain auth token from the CASA Server + retStatus = ObtainAuthTokenFromServer(pServiceName, + pNormalizedHostName, + &pToken, + &cacheEntryLifetime, + pCredStoreScope); + + // Add the entry to the cache if successful or if the reason that we failed + // was because the server was un-available. + if (CASA_SUCCESS(retStatus) + || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) + { + pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, + pNormalizedHostName, + retStatus, + pToken, + cacheEntryLifetime, + pCredStoreScope); + if (pCacheEntry) + { + // Release the cache entry if the resulting status is not successful + if (!CASA_SUCCESS(retStatus)) + { + FreeAuthCacheEntry(pCacheEntry); + } + } + } + } + else + { + // Cache entry found, update the return status with the information saved in it + // and release it if its status is not successful. + if (!CASA_SUCCESS(retStatus = pCacheEntry->status)) + { + FreeAuthCacheEntry(pCacheEntry); + } + } + + // Try to return auth token if we have one to return + if (CASA_SUCCESS(retStatus)) + { + int tokenLen = (int) strlen(pCacheEntry->token) + 1; + + // We have an authentication token, try to return it to the caller + // after verifying that the supplied buffer is big enough. + if (*pAuthTokenBufLen >= tokenLen) + { + // Return the auth token to the caller + DbgTrace(2, "-ObtainAuthTokenInt- Copying the token into the callers buffer\n", 0); + strcpy(pAuthTokenBuf, pCacheEntry->token); + } + else + { + DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_BUFFER_OVERFLOW); + } + + // Return the token length to the caller + *pAuthTokenBufLen = tokenLen; + + FreeAuthCacheEntry(pCacheEntry); + } + + // Stop user process synchronization + ReleaseUserMutex(hUserMutex); + + // Free the space allocated for the normalized host name + free(pNormalizedHostName); + } + else + { + DbgTrace(0, "-ObtainAuthTokenInt- Host name normalization failed\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } + +exit: + + if (hUserMutex != NULL) + { + DestroyUserMutex(hUserMutex); + } + DbgTrace(1, "-ObtainAuthTokenInt- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= CasaStatus SSCS_CALL ObtainAuthToken( @@ -475,157 +697,17 @@ ObtainAuthToken( // L2 //=======================================================================-- { - CasaStatus retStatus = CASA_STATUS_SUCCESS; - AuthCacheEntry *pCacheEntry; - char *pNormalizedHostName; - char *pToken; - HANDLE hUserMutex = NULL; + CasaStatus retStatus; DbgTrace(1, "-ObtainAuthToken- Start\n", 0); - // Verify the input parameters - if (pServiceName == NULL - || pHostName == NULL - || pAuthTokenBufLen == NULL - || (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL)) - { - DbgTrace(0, "-ObtainAuthToken- Invalid parameter\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INVALID_PARAMETER); - goto exit; - } + // Call our internal worker + retStatus = ObtainAuthTokenInt(pServiceName, + pHostName, + pAuthTokenBuf, + pAuthTokenBufLen, + NULL); - DbgTrace(1, "-ObtainAuthToken- ServiceName = %s\n", pServiceName); - DbgTrace(1, "-ObtainAuthToken- HostName = %s\n", pHostName); - DbgTrace(1, "-ObtainAuthToken- BufferLength = %d\n", *pAuthTokenBufLen); - - // Obtain our synchronization mutex - AcquireModuleMutex; - - // Create user synchronization mutex - retStatus = CreateUserMutex(&hUserMutex); - if (retStatus != CASA_STATUS_SUCCESS) - { - DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0); - goto exit; - } - - // Make sure we are fully initialized - if (g_bInitialized == false) - { - retStatus = InitializeLibrary(); - - if (retStatus == CASA_STATUS_SUCCESS) - { - g_bInitialized = true; - } - else - { - goto exit; - } - } - - // Release our synchronization mutex - ReleaseModuleMutex; - - // Normalize the host name - pNormalizedHostName = NormalizeHostName(pHostName); - if (pNormalizedHostName) - { - // Start user process synchronization - AcquireUserMutex(hUserMutex); - - // Try to find a cache entry for the service - pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName); - if (pCacheEntry == NULL) - { - // Initialize to retry in case of failure - int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; - - // Cache entry created, now try to obtain auth token from the CASA Server - retStatus = ObtainAuthTokenFromServer(pServiceName, - pNormalizedHostName, - &pToken, - &cacheEntryLifetime); - - // Add the entry to the cache if successful or if the reason that we failed - // was because the server was un-available. - if (CASA_SUCCESS(retStatus) - || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) - { - pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, - pNormalizedHostName, - retStatus, - pToken, - cacheEntryLifetime); - if (pCacheEntry) - { - // Release the cache entry if the resulting status is not successful - if (!CASA_SUCCESS(retStatus)) - { - FreeAuthCacheEntry(pCacheEntry); - } - } - } - } - else - { - // Cache entry found, update the return status with the information saved in it - // and release it if its status is not successful. - if (!CASA_SUCCESS(retStatus = pCacheEntry->status)) - { - FreeAuthCacheEntry(pCacheEntry); - } - } - - // Try to return auth token if we have one to return - if (CASA_SUCCESS(retStatus)) - { - int tokenLen = (int) strlen(pCacheEntry->token) + 1; - - // We have an authentication token, try to return it to the caller - // after verifying that the supplied buffer is big enough. - if (*pAuthTokenBufLen >= tokenLen) - { - // Return the auth token to the caller - DbgTrace(2, "-ObtainAuthToken- Copying the token into the callers buffer\n", 0); - strcpy(pAuthTokenBuf, pCacheEntry->token); - } - else - { - DbgTrace(0, "-ObtainAuthToken- The supplied buffer is not large enough", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_BUFFER_OVERFLOW); - } - - // Return the token length to the caller - *pAuthTokenBufLen = tokenLen; - - FreeAuthCacheEntry(pCacheEntry); - } - - // Stop user process synchronization - ReleaseUserMutex(hUserMutex); - - // Free the space allocated for the normalized host name - free(pNormalizedHostName); - } - else - { - DbgTrace(0, "-ObtainAuthToken- Host name normalization failed\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); - } - -exit: - - if (hUserMutex != NULL) - { - DestroyUserMutex(hUserMutex); - } DbgTrace(1, "-ObtainAuthToken- End, retStatus = %08X\n", retStatus); return retStatus; diff --git a/CASA-auth-token/non-java/client/internal.h b/CASA-auth-token/non-java/client/internal.h index de1f011a..d7980f8e 100644 --- a/CASA-auth-token/non-java/client/internal.h +++ b/CASA-auth-token/non-java/client/internal.h @@ -132,6 +132,15 @@ extern char pathCharString[]; // Functions exported by engine.c // +extern +CasaStatus +ObtainAuthTokenInt( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope); + // // Functions exported by authmech.c // @@ -235,7 +244,8 @@ CreateSessionTokenCacheEntry( IN const char *pCacheKey, IN CasaStatus status, IN char *pToken, - IN int entryLifetime); + IN int entryLifetime, + IN void *pCredStoreScope); extern AuthCacheEntry* @@ -244,7 +254,8 @@ CreateAuthTokenCacheEntry( IN const char *pHostName, IN CasaStatus status, IN char *pToken, - IN int entryLifetime); + IN int entryLifetime, + IN void *pCredStoreScope); extern void @@ -254,13 +265,15 @@ FreeAuthCacheEntry( extern AuthCacheEntry* FindSessionTokenEntryInCache( - IN const char *pCacheKey); + IN const char *pCacheKey, + IN void *pCredStoreScope); extern AuthCacheEntry* FindAuthTokenEntryInCache( IN const char *pCacheKey, - IN const char *pGroupOrHostName); + IN const char *pGroupOrHostName, + IN void *pCredStoreScope); extern CasaStatus diff --git a/CASA-auth-token/non-java/client/windows/client.vcproj b/CASA-auth-token/non-java/client/windows/client.vcproj index c829db13..da049912 100644 --- a/CASA-auth-token/non-java/client/windows/client.vcproj +++ b/CASA-auth-token/non-java/client/windows/client.vcproj @@ -21,7 +21,7 @@ Name="VCCLCompilerTool" AdditionalOptions="/D "XML_STATIC"" Optimization="0" - AdditionalIncludeDirectories=".;..\;..\..\include;"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib"" + AdditionalIncludeDirectories=".;..\;..\..\include;"C:\Dev\casa\CASA-auth-token\non-java\include\windows";"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib"" PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" MinimalRebuild="TRUE" BasicRuntimeChecks="3" @@ -81,7 +81,7 @@ copy $(SolutionDir)client\windows\authtoken.lib \"Program Files"\novel + + diff --git a/CASA-auth-token/non-java/client/windows/dllsup.c b/CASA-auth-token/non-java/client/windows/dllsup.c index 35473e87..a0726f5d 100644 --- a/CASA-auth-token/non-java/client/windows/dllsup.c +++ b/CASA-auth-token/non-java/client/windows/dllsup.c @@ -27,6 +27,7 @@ #include "internal.h" #include #include +#include "casa_c_authtoken_ex.h" //===[ External data ]===================================================== extern @@ -49,6 +50,75 @@ HANDLE g_hModule; HANDLE g_hModuleMutex; +//++======================================================================= +CasaStatus SSCS_CALL +ObtainAuthTokenEx( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope) +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. +// +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus; + + DbgTrace(1, "-ObtainAuthTokenEx- Start\n", 0); + + // Call our internal worker + retStatus = ObtainAuthTokenInt(pServiceName, + pHostName, + pAuthTokenBuf, + pAuthTokenBufLen, + pCredStoreScope); + + DbgTrace(1, "-ObtainAuthTokenEx- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= BOOL APIENTRY DllMain( HANDLE hModule, diff --git a/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h b/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h new file mode 100644 index 00000000..76960715 --- /dev/null +++ b/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h @@ -0,0 +1,109 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + +#ifndef _CASA_C_AUTHTOKEN_EX_H_ +#define _CASA_C_AUTHTOKEN_EX_H_ + +#if defined(__cplusplus) || defined(c_plusplus) +extern "C" +{ +#endif + +//===[ Include files ]===================================================== + +#include +#include + +//===[ Type definitions ]================================================== + +#ifndef SSCS_CALL +#if defined(WIN32) +#define SSCS_CALL __stdcall +#else +#define SSCS_CALL +#endif +#endif + +//===[ Function prototypes ]=============================================== + +//===[ Global variables ]================================================== + + +//++======================================================================= +CasaStatus SSCS_CALL +ObtainAuthTokenEx( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope); +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. +// +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +//=======================================================================-- + + +#if defined(__cplusplus) || defined(c_plusplus) +} +#endif // #if defined(__cplusplus) || defined(c_plusplus) + +#endif // #ifndef _CASA_C_AUTHTOKEN_EX_H_ +