From 3f093e092dcd47c4987cb7b5d74707d099364d32 Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Tue, 17 Oct 2006 17:55:09 +0000 Subject: [PATCH] Added the capability to scope credential store access. This is only allowed by miCASA if the current user is running in the context of system. This is useful to system type applications doing work on behalf of other users. --- .../authtokenclient_msm.vdproj | 104 +++-- CASA-auth-token/non-java/client/cache.c | 26 +- CASA-auth-token/non-java/client/engine.c | 390 +++++++++++------- CASA-auth-token/non-java/client/internal.h | 21 +- .../non-java/client/windows/client.vcproj | 7 +- .../non-java/client/windows/dllsup.c | 70 ++++ .../include/windows/casa_c_authtoken_ex.h | 109 +++++ 7 files changed, 516 insertions(+), 211 deletions(-) create mode 100644 CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h diff --git a/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj b/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj index 5fcee0ac..06be6ad6 100644 --- a/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj +++ b/CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj @@ -28,7 +28,7 @@ "Entry" { "MsmKey" = "8:_313DE095D13281AF91A64E3F3D472413" - "OwnerKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B" + "OwnerKey" = "8:_6459BA05FDB94898947EC93CCF50456E" "MsmSig" = "8:_UNDEFINED" } "Entry" @@ -45,6 +45,18 @@ } "Entry" { + "MsmKey" = "8:_555A94D11FC040D98681BDDB87C6003D" + "OwnerKey" = "8:_UNDEFINED" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { + "MsmKey" = "8:_6459BA05FDB94898947EC93CCF50456E" + "OwnerKey" = "8:_UNDEFINED" + "MsmSig" = "8:_UNDEFINED" + } + "Entry" + { "MsmKey" = "8:_677B016062384F4C8A73EC952CBCFD76" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -63,18 +75,12 @@ } "Entry" { - "MsmKey" = "8:_A2DC4131C0394DE9A11C5C9454847F1E" + "MsmKey" = "8:_BE89D37A570A4A269D181A19CF27A569" "OwnerKey" = "8:_8292EFFD84EF46C6BD2F1F3E20808684" "MsmSig" = "8:_UNDEFINED" } "Entry" { - "MsmKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B" - "OwnerKey" = "8:_UNDEFINED" - "MsmSig" = "8:_UNDEFINED" - } - "Entry" - { "MsmKey" = "8:_EDA39B5CAD864AF0821AAFC9783DFF12" "OwnerKey" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED" @@ -208,6 +214,26 @@ "IsDependency" = "11:FALSE" "IsolateTo" = "8:" } + "{A582A373-4685-4296-BEFE-614B80A702C3}:_555A94D11FC040D98681BDDB87C6003D" + { + "SourcePath" = "8:..\\..\\include\\windows\\casa_c_authtoken_ex.h" + "TargetName" = "8:casa_c_authtoken_ex.h" + "Tag" = "8:" + "Folder" = "8:_9568FCF514C14B54BAB7D1D5D183D3C5" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:FALSE" + "IsolateTo" = "8:" + } "{A582A373-4685-4296-BEFE-614B80A702C3}:_677B016062384F4C8A73EC952CBCFD76" { "SourcePath" = "8:..\\windows\\authtoken.lib" @@ -404,7 +430,7 @@ } "MergeModule" { - "{35A69C6E-5BA4-440D-803D-762B59A45393}:_A2DC4131C0394DE9A11C5C9454847F1E" + "{35A69C6E-5BA4-440D-803D-762B59A45393}:_BE89D37A570A4A269D181A19CF27A569" { "UseDynamicProperties" = "11:FALSE" "IsDependency" = "11:TRUE" @@ -432,7 +458,35 @@ { "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_3986DA1502244FFBB04A66472E74633B" { - "SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Debug\\pwmech.dll" + "SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Release\\pwmech.dll" + "TargetName" = "8:" + "Tag" = "8:" + "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" + "Condition" = "8:" + "Transitive" = "11:FALSE" + "Vital" = "11:TRUE" + "ReadOnly" = "11:FALSE" + "Hidden" = "11:FALSE" + "System" = "11:FALSE" + "Permanent" = "11:FALSE" + "SharedLegacy" = "11:FALSE" + "PackageAs" = "3:1" + "Register" = "3:1" + "Exclude" = "11:FALSE" + "IsDependency" = "11:FALSE" + "IsolateTo" = "8:" + "ProjectOutputGroupRegister" = "3:1" + "OutputConfiguration" = "8:" + "OutputGroupCanonicalName" = "8:Built" + "OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}" + "ShowKeyOutput" = "11:FALSE" + "ExcludeFilters" + { + } + } + "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_6459BA05FDB94898947EC93CCF50456E" + { + "SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Release\\krb5mech.dll" "TargetName" = "8:" "Tag" = "8:" "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" @@ -460,7 +514,7 @@ } "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_8292EFFD84EF46C6BD2F1F3E20808684" { - "SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Debug\\Novell.Casa.Client.Auth.dll" + "SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Release\\Novell.Casa.Client.Auth.dll" "TargetName" = "8:" "Tag" = "8:" "Folder" = "8:_8E0BBDD021EA45308BD98380F28EB7F6" @@ -486,34 +540,6 @@ { } } - "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_EBD9DA1C34EA4666B638163C28BCA74B" - { - "SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Debug\\krb5mech.dll" - "TargetName" = "8:" - "Tag" = "8:" - "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" - "Condition" = "8:" - "Transitive" = "11:FALSE" - "Vital" = "11:TRUE" - "ReadOnly" = "11:FALSE" - "Hidden" = "11:FALSE" - "System" = "11:FALSE" - "Permanent" = "11:FALSE" - "SharedLegacy" = "11:FALSE" - "PackageAs" = "3:1" - "Register" = "3:1" - "Exclude" = "11:FALSE" - "IsDependency" = "11:FALSE" - "IsolateTo" = "8:" - "ProjectOutputGroupRegister" = "3:1" - "OutputConfiguration" = "8:" - "OutputGroupCanonicalName" = "8:Built" - "OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}" - "ShowKeyOutput" = "11:FALSE" - "ExcludeFilters" - { - } - } } "Registry" { diff --git a/CASA-auth-token/non-java/client/cache.c b/CASA-auth-token/non-java/client/cache.c index 3b462d64..d6bee9a2 100644 --- a/CASA-auth-token/non-java/client/cache.c +++ b/CASA-auth-token/non-java/client/cache.c @@ -44,7 +44,8 @@ CreateAuthTokenCacheEntry( IN const char *pGroupOrHostName, IN CasaStatus status, IN char *pToken, - IN int entryLifetime // seconds (0 == Lives forever) + IN int entryLifetime, // seconds (0 == Lives forever) + IN void *pCredStoreScope ) // // Arguments: @@ -65,7 +66,6 @@ CreateAuthTokenCacheEntry( AuthCacheEntry *pEntry = NULL; char *pKey; - DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0); if (status == CASA_STATUS_SUCCESS) @@ -129,7 +129,7 @@ CreateAuthTokenCacheEntry( (uint8_t *) pEntry, (uint32_t*) &entrySize, NULL, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); free(pKey); @@ -160,7 +160,8 @@ CreateSessionTokenCacheEntry( IN const char *pCacheKey, IN CasaStatus status, IN char *pToken, - IN int entryLifetime // seconds (0 == Lives forever) + IN int entryLifetime, // seconds (0 == Lives forever) + IN void *pCredStoreScope ) // // Arguments: @@ -180,7 +181,6 @@ CreateSessionTokenCacheEntry( int32_t tokenSize, entrySize; AuthCacheEntry *pEntry = NULL; - DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); if (status == CASA_STATUS_SUCCESS) @@ -234,7 +234,7 @@ CreateSessionTokenCacheEntry( (uint8_t *) pEntry, (uint32_t*) &entrySize, NULL, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); } else { @@ -347,7 +347,8 @@ CacheEntryLifetimeExpired( //++======================================================================= AuthCacheEntry* FindSessionTokenEntryInCache( - IN const char *pCacheKey + IN const char *pCacheKey, + IN void *pCredStoreScope ) // // Arguments: @@ -383,7 +384,7 @@ FindSessionTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) @@ -405,7 +406,7 @@ FindSessionTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (CASA_SUCCESS(retStatus)) { if (pEntry->doesNotExpire == false @@ -437,7 +438,8 @@ FindSessionTokenEntryInCache( AuthCacheEntry* FindAuthTokenEntryInCache( IN const char *pCacheKey, - IN const char *pGroupOrHostName + IN const char *pGroupOrHostName, + IN void *pCredStoreScope ) // // Arguments: @@ -483,7 +485,7 @@ FindAuthTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) @@ -505,7 +507,7 @@ FindAuthTokenEntryInCache( (uint32_t*) &valueLength, (SSCS_PASSWORD_T*) NULL, (uint32_t*) &bytesRequired, - (SSCS_EXT_T*) NULL); + (SSCS_EXT_T*) pCredStoreScope); if (CASA_SUCCESS(retStatus)) { if (pEntry->doesNotExpire == false diff --git a/CASA-auth-token/non-java/client/engine.c b/CASA-auth-token/non-java/client/engine.c index 1bcabc6a..756edefc 100644 --- a/CASA-auth-token/non-java/client/engine.c +++ b/CASA-auth-token/non-java/client/engine.c @@ -58,7 +58,8 @@ CasaStatus ObtainSessionToken( IN RpcSession *pRpcSession, IN AuthPolicy *pAuthPolicy, - INOUT char **ppSessionToken) + INOUT char **ppSessionToken, + IN void *pCredStoreScope) // // Arguments: // @@ -93,7 +94,8 @@ ObtainSessionToken( pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); // Try to find a cache entry for the auth context - pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); + pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext, + pCredStoreScope); if (pCacheEntry != NULL) { // Cache entry found, check if it is of use to us. @@ -127,7 +129,8 @@ ObtainSessionToken( // Only try to create cache entry for the auth context if there is not // one already. - pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); + pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext, + pCredStoreScope); if (pCacheEntry == NULL) { char *pReqMsg = NULL; @@ -169,7 +172,8 @@ ObtainSessionToken( pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, retStatus, pAuthenticateResp->pToken, - pAuthenticateResp->tokenLifetime); + pAuthenticateResp->tokenLifetime, + pCredStoreScope); pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer @@ -203,7 +207,8 @@ ObtainSessionToken( pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, retStatus, NULL, - DEFAULT_RETRY_LIFETIME); + DEFAULT_RETRY_LIFETIME, + pCredStoreScope); } @@ -260,7 +265,8 @@ ObtainAuthTokenFromServer( IN const char *pServiceName, IN const char *pHostName, INOUT char **ppAuthToken, - INOUT int *pTokenLifetime) + INOUT int *pTokenLifetime, + IN void *pCredStoreScope) // // Arguments: // @@ -318,7 +324,10 @@ ObtainAuthTokenFromServer( if (CASA_SUCCESS(retStatus)) { // Now try to obtain a session token - retStatus = ObtainSessionToken(pRpcSession, pAuthPolicy, &pSessionToken); + retStatus = ObtainSessionToken(pRpcSession, + pAuthPolicy, + &pSessionToken, + pCredStoreScope); if (CASA_SUCCESS(retStatus)) { // Request auth token for the service @@ -430,6 +439,219 @@ ObtainAuthTokenFromServer( } +//++======================================================================= +CasaStatus +ObtainAuthTokenInt( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope) +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. + +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus = CASA_STATUS_SUCCESS; + AuthCacheEntry *pCacheEntry; + char *pNormalizedHostName; + char *pToken; + HANDLE hUserMutex = NULL; + + DbgTrace(1, "-ObtainAuthTokenInt- Start\n", 0); + + // Verify the input parameters + if (pServiceName == NULL + || pHostName == NULL + || pAuthTokenBufLen == NULL + || (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL)) + { + DbgTrace(0, "-ObtainAuthTokenInt- Invalid parameter\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INVALID_PARAMETER); + goto exit; + } + + DbgTrace(1, "-ObtainAuthTokenInt- ServiceName = %s\n", pServiceName); + DbgTrace(1, "-ObtainAuthTokenInt- HostName = %s\n", pHostName); + DbgTrace(1, "-ObtainAuthTokenInt- BufferLength = %d\n", *pAuthTokenBufLen); + + // Obtain our synchronization mutex + AcquireModuleMutex; + + // Create user synchronization mutex + retStatus = CreateUserMutex(&hUserMutex); + if (retStatus != CASA_STATUS_SUCCESS) + { + DbgTrace(0, "-ObtainAuthTokenInt- Error creating mutex for the user\n", 0); + goto exit; + } + + // Make sure we are fully initialized + if (g_bInitialized == false) + { + retStatus = InitializeLibrary(); + + if (retStatus == CASA_STATUS_SUCCESS) + { + g_bInitialized = true; + } + else + { + goto exit; + } + } + + // Release our synchronization mutex + ReleaseModuleMutex; + + // Normalize the host name + pNormalizedHostName = NormalizeHostName(pHostName); + if (pNormalizedHostName) + { + // Start user process synchronization + AcquireUserMutex(hUserMutex); + + // Try to find a cache entry for the service + pCacheEntry = FindAuthTokenEntryInCache(pServiceName, + pNormalizedHostName, + pCredStoreScope); + if (pCacheEntry == NULL) + { + // Initialize to retry in case of failure + int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; + + // Cache entry created, now try to obtain auth token from the CASA Server + retStatus = ObtainAuthTokenFromServer(pServiceName, + pNormalizedHostName, + &pToken, + &cacheEntryLifetime, + pCredStoreScope); + + // Add the entry to the cache if successful or if the reason that we failed + // was because the server was un-available. + if (CASA_SUCCESS(retStatus) + || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) + { + pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, + pNormalizedHostName, + retStatus, + pToken, + cacheEntryLifetime, + pCredStoreScope); + if (pCacheEntry) + { + // Release the cache entry if the resulting status is not successful + if (!CASA_SUCCESS(retStatus)) + { + FreeAuthCacheEntry(pCacheEntry); + } + } + } + } + else + { + // Cache entry found, update the return status with the information saved in it + // and release it if its status is not successful. + if (!CASA_SUCCESS(retStatus = pCacheEntry->status)) + { + FreeAuthCacheEntry(pCacheEntry); + } + } + + // Try to return auth token if we have one to return + if (CASA_SUCCESS(retStatus)) + { + int tokenLen = (int) strlen(pCacheEntry->token) + 1; + + // We have an authentication token, try to return it to the caller + // after verifying that the supplied buffer is big enough. + if (*pAuthTokenBufLen >= tokenLen) + { + // Return the auth token to the caller + DbgTrace(2, "-ObtainAuthTokenInt- Copying the token into the callers buffer\n", 0); + strcpy(pAuthTokenBuf, pCacheEntry->token); + } + else + { + DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_BUFFER_OVERFLOW); + } + + // Return the token length to the caller + *pAuthTokenBufLen = tokenLen; + + FreeAuthCacheEntry(pCacheEntry); + } + + // Stop user process synchronization + ReleaseUserMutex(hUserMutex); + + // Free the space allocated for the normalized host name + free(pNormalizedHostName); + } + else + { + DbgTrace(0, "-ObtainAuthTokenInt- Host name normalization failed\n", 0); + retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_UNSUCCESSFUL); + } + +exit: + + if (hUserMutex != NULL) + { + DestroyUserMutex(hUserMutex); + } + DbgTrace(1, "-ObtainAuthTokenInt- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= CasaStatus SSCS_CALL ObtainAuthToken( @@ -475,157 +697,17 @@ ObtainAuthToken( // L2 //=======================================================================-- { - CasaStatus retStatus = CASA_STATUS_SUCCESS; - AuthCacheEntry *pCacheEntry; - char *pNormalizedHostName; - char *pToken; - HANDLE hUserMutex = NULL; + CasaStatus retStatus; DbgTrace(1, "-ObtainAuthToken- Start\n", 0); - // Verify the input parameters - if (pServiceName == NULL - || pHostName == NULL - || pAuthTokenBufLen == NULL - || (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL)) - { - DbgTrace(0, "-ObtainAuthToken- Invalid parameter\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INVALID_PARAMETER); - goto exit; - } + // Call our internal worker + retStatus = ObtainAuthTokenInt(pServiceName, + pHostName, + pAuthTokenBuf, + pAuthTokenBufLen, + NULL); - DbgTrace(1, "-ObtainAuthToken- ServiceName = %s\n", pServiceName); - DbgTrace(1, "-ObtainAuthToken- HostName = %s\n", pHostName); - DbgTrace(1, "-ObtainAuthToken- BufferLength = %d\n", *pAuthTokenBufLen); - - // Obtain our synchronization mutex - AcquireModuleMutex; - - // Create user synchronization mutex - retStatus = CreateUserMutex(&hUserMutex); - if (retStatus != CASA_STATUS_SUCCESS) - { - DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0); - goto exit; - } - - // Make sure we are fully initialized - if (g_bInitialized == false) - { - retStatus = InitializeLibrary(); - - if (retStatus == CASA_STATUS_SUCCESS) - { - g_bInitialized = true; - } - else - { - goto exit; - } - } - - // Release our synchronization mutex - ReleaseModuleMutex; - - // Normalize the host name - pNormalizedHostName = NormalizeHostName(pHostName); - if (pNormalizedHostName) - { - // Start user process synchronization - AcquireUserMutex(hUserMutex); - - // Try to find a cache entry for the service - pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName); - if (pCacheEntry == NULL) - { - // Initialize to retry in case of failure - int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; - - // Cache entry created, now try to obtain auth token from the CASA Server - retStatus = ObtainAuthTokenFromServer(pServiceName, - pNormalizedHostName, - &pToken, - &cacheEntryLifetime); - - // Add the entry to the cache if successful or if the reason that we failed - // was because the server was un-available. - if (CASA_SUCCESS(retStatus) - || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) - { - pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, - pNormalizedHostName, - retStatus, - pToken, - cacheEntryLifetime); - if (pCacheEntry) - { - // Release the cache entry if the resulting status is not successful - if (!CASA_SUCCESS(retStatus)) - { - FreeAuthCacheEntry(pCacheEntry); - } - } - } - } - else - { - // Cache entry found, update the return status with the information saved in it - // and release it if its status is not successful. - if (!CASA_SUCCESS(retStatus = pCacheEntry->status)) - { - FreeAuthCacheEntry(pCacheEntry); - } - } - - // Try to return auth token if we have one to return - if (CASA_SUCCESS(retStatus)) - { - int tokenLen = (int) strlen(pCacheEntry->token) + 1; - - // We have an authentication token, try to return it to the caller - // after verifying that the supplied buffer is big enough. - if (*pAuthTokenBufLen >= tokenLen) - { - // Return the auth token to the caller - DbgTrace(2, "-ObtainAuthToken- Copying the token into the callers buffer\n", 0); - strcpy(pAuthTokenBuf, pCacheEntry->token); - } - else - { - DbgTrace(0, "-ObtainAuthToken- The supplied buffer is not large enough", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_BUFFER_OVERFLOW); - } - - // Return the token length to the caller - *pAuthTokenBufLen = tokenLen; - - FreeAuthCacheEntry(pCacheEntry); - } - - // Stop user process synchronization - ReleaseUserMutex(hUserMutex); - - // Free the space allocated for the normalized host name - free(pNormalizedHostName); - } - else - { - DbgTrace(0, "-ObtainAuthToken- Host name normalization failed\n", 0); - retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_UNSUCCESSFUL); - } - -exit: - - if (hUserMutex != NULL) - { - DestroyUserMutex(hUserMutex); - } DbgTrace(1, "-ObtainAuthToken- End, retStatus = %08X\n", retStatus); return retStatus; diff --git a/CASA-auth-token/non-java/client/internal.h b/CASA-auth-token/non-java/client/internal.h index de1f011a..d7980f8e 100644 --- a/CASA-auth-token/non-java/client/internal.h +++ b/CASA-auth-token/non-java/client/internal.h @@ -132,6 +132,15 @@ extern char pathCharString[]; // Functions exported by engine.c // +extern +CasaStatus +ObtainAuthTokenInt( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope); + // // Functions exported by authmech.c // @@ -235,7 +244,8 @@ CreateSessionTokenCacheEntry( IN const char *pCacheKey, IN CasaStatus status, IN char *pToken, - IN int entryLifetime); + IN int entryLifetime, + IN void *pCredStoreScope); extern AuthCacheEntry* @@ -244,7 +254,8 @@ CreateAuthTokenCacheEntry( IN const char *pHostName, IN CasaStatus status, IN char *pToken, - IN int entryLifetime); + IN int entryLifetime, + IN void *pCredStoreScope); extern void @@ -254,13 +265,15 @@ FreeAuthCacheEntry( extern AuthCacheEntry* FindSessionTokenEntryInCache( - IN const char *pCacheKey); + IN const char *pCacheKey, + IN void *pCredStoreScope); extern AuthCacheEntry* FindAuthTokenEntryInCache( IN const char *pCacheKey, - IN const char *pGroupOrHostName); + IN const char *pGroupOrHostName, + IN void *pCredStoreScope); extern CasaStatus diff --git a/CASA-auth-token/non-java/client/windows/client.vcproj b/CASA-auth-token/non-java/client/windows/client.vcproj index c829db13..da049912 100644 --- a/CASA-auth-token/non-java/client/windows/client.vcproj +++ b/CASA-auth-token/non-java/client/windows/client.vcproj @@ -21,7 +21,7 @@ Name="VCCLCompilerTool" AdditionalOptions="/D "XML_STATIC"" Optimization="0" - AdditionalIncludeDirectories=".;..\;..\..\include;"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib"" + AdditionalIncludeDirectories=".;..\;..\..\include;"C:\Dev\casa\CASA-auth-token\non-java\include\windows";"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib"" PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" MinimalRebuild="TRUE" BasicRuntimeChecks="3" @@ -81,7 +81,7 @@ copy $(SolutionDir)client\windows\authtoken.lib \"Program Files"\novel + + diff --git a/CASA-auth-token/non-java/client/windows/dllsup.c b/CASA-auth-token/non-java/client/windows/dllsup.c index 35473e87..a0726f5d 100644 --- a/CASA-auth-token/non-java/client/windows/dllsup.c +++ b/CASA-auth-token/non-java/client/windows/dllsup.c @@ -27,6 +27,7 @@ #include "internal.h" #include #include +#include "casa_c_authtoken_ex.h" //===[ External data ]===================================================== extern @@ -49,6 +50,75 @@ HANDLE g_hModule; HANDLE g_hModuleMutex; +//++======================================================================= +CasaStatus SSCS_CALL +ObtainAuthTokenEx( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope) +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. +// +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +// +// L2 +//=======================================================================-- +{ + CasaStatus retStatus; + + DbgTrace(1, "-ObtainAuthTokenEx- Start\n", 0); + + // Call our internal worker + retStatus = ObtainAuthTokenInt(pServiceName, + pHostName, + pAuthTokenBuf, + pAuthTokenBufLen, + pCredStoreScope); + + DbgTrace(1, "-ObtainAuthTokenEx- End, retStatus = %08X\n", retStatus); + + return retStatus; +} + + //++======================================================================= BOOL APIENTRY DllMain( HANDLE hModule, diff --git a/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h b/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h new file mode 100644 index 00000000..76960715 --- /dev/null +++ b/CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h @@ -0,0 +1,109 @@ +/*********************************************************************** + * + * Copyright (C) 2006 Novell, Inc. All Rights Reserved. + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; version 2.1 + * of the License. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Library Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, Novell, Inc. + * + * To contact Novell about this file by physical or electronic mail, + * you may find current contact information at www.novell.com. + * + * Author: Juan Carlos Luciani + * + ***********************************************************************/ + +#ifndef _CASA_C_AUTHTOKEN_EX_H_ +#define _CASA_C_AUTHTOKEN_EX_H_ + +#if defined(__cplusplus) || defined(c_plusplus) +extern "C" +{ +#endif + +//===[ Include files ]===================================================== + +#include +#include + +//===[ Type definitions ]================================================== + +#ifndef SSCS_CALL +#if defined(WIN32) +#define SSCS_CALL __stdcall +#else +#define SSCS_CALL +#endif +#endif + +//===[ Function prototypes ]=============================================== + +//===[ Global variables ]================================================== + + +//++======================================================================= +CasaStatus SSCS_CALL +ObtainAuthTokenEx( + IN const char *pServiceName, + IN const char *pHostName, + INOUT char *pAuthTokenBuf, + INOUT int *pAuthTokenBufLen, + IN void *pCredStoreScope); +// +// Arguments: +// pServiceName - +// Pointer to NULL terminated string that contains the +// name of the service to which the client is trying to +// authenticate. +// +// pHostName - +// Pointer to NULL terminated string that contains the +// name of the host where resides the service to which the +// client is trying to authenticate. Note that the name +// can either be a DNS name or a dotted IP address. +// +// pAuthTokenBuf - +// Pointer to buffer that will receive the authentication +// token. The length of this buffer is specified by the +// pAuthTokenBufLen parameter. Note that the the authentication +// token will be in the form of a NULL terminated string. +// +// pAuthTokenBufLen - +// Pointer to integer that contains the length of the +// buffer pointed at by pAuthTokenBuf. Upon return of the +// function, the integer will contain the actual length +// of the authentication token if the function successfully +// completes or the buffer length required if the function +// fails because the buffer pointed at by pAuthTokenBuf is +// not large enough. +// +// pCredStoreScope - +// Pointer to CASA structure for scoping credential store access +// to specific users. This can only be leveraged by applications +// running in the context of System. +// +// Returns: +// Casa Status +// +// Description: +// Get authentication token to authenticate user to specified +// service at host. The user is scoped using the info associated +// with the magic cookie. +//=======================================================================-- + + +#if defined(__cplusplus) || defined(c_plusplus) +} +#endif // #if defined(__cplusplus) || defined(c_plusplus) + +#endif // #ifndef _CASA_C_AUTHTOKEN_EX_H_ +