geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added the capability to scope credential store access. This is only allowed by miCASA if the current user is running in the context of system. This is useful to system type applications doing work on behalf of other users.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2006-10-17 17:55:09 +00:00
parent bb242e5efa
commit 3f093e092d
7 changed files with 516 additions and 211 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
CASA-auth-token/non-java/client/authtokenclient_msm/authtokenclient_msm.vdproj
View File

@ -28,7 +28,7 @@
"Entry" "Entry"
{ {
"MsmKey" = "8:_313DE095D13281AF91A64E3F3D472413" "MsmKey" = "8:_313DE095D13281AF91A64E3F3D472413"
"OwnerKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B" "OwnerKey" = "8:_6459BA05FDB94898947EC93CCF50456E"
"MsmSig" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED"
} }
"Entry" "Entry"
@ -45,6 +45,18 @@
} }
"Entry" "Entry"
{ {
"MsmKey" = "8:_555A94D11FC040D98681BDDB87C6003D"
"OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_6459BA05FDB94898947EC93CCF50456E"
"OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_677B016062384F4C8A73EC952CBCFD76" "MsmKey" = "8:_677B016062384F4C8A73EC952CBCFD76"
"OwnerKey" = "8:_UNDEFINED" "OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED"
@ -63,18 +75,12 @@
} }
"Entry" "Entry"
{ {
"MsmKey" = "8:_A2DC4131C0394DE9A11C5C9454847F1E" "MsmKey" = "8:_BE89D37A570A4A269D181A19CF27A569"
"OwnerKey" = "8:_8292EFFD84EF46C6BD2F1F3E20808684" "OwnerKey" = "8:_8292EFFD84EF46C6BD2F1F3E20808684"
"MsmSig" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED"
} }
"Entry" "Entry"
{ {
"MsmKey" = "8:_EBD9DA1C34EA4666B638163C28BCA74B"
"OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED"
}
"Entry"
{
"MsmKey" = "8:_EDA39B5CAD864AF0821AAFC9783DFF12" "MsmKey" = "8:_EDA39B5CAD864AF0821AAFC9783DFF12"
"OwnerKey" = "8:_UNDEFINED" "OwnerKey" = "8:_UNDEFINED"
"MsmSig" = "8:_UNDEFINED" "MsmSig" = "8:_UNDEFINED"
@ -208,6 +214,26 @@
"IsDependency" = "11:FALSE" "IsDependency" = "11:FALSE"
"IsolateTo" = "8:" "IsolateTo" = "8:"
} }
"{A582A373-4685-4296-BEFE-614B80A702C3}:_555A94D11FC040D98681BDDB87C6003D"
{
"SourcePath" = "8:..\\..\\include\\windows\\casa_c_authtoken_ex.h"
"TargetName" = "8:casa_c_authtoken_ex.h"
"Tag" = "8:"
"Folder" = "8:_9568FCF514C14B54BAB7D1D5D183D3C5"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"
"ReadOnly" = "11:FALSE"
"Hidden" = "11:FALSE"
"System" = "11:FALSE"
"Permanent" = "11:FALSE"
"SharedLegacy" = "11:FALSE"
"PackageAs" = "3:1"
"Register" = "3:1"
"Exclude" = "11:FALSE"
"IsDependency" = "11:FALSE"
"IsolateTo" = "8:"
}
"{A582A373-4685-4296-BEFE-614B80A702C3}:_677B016062384F4C8A73EC952CBCFD76" "{A582A373-4685-4296-BEFE-614B80A702C3}:_677B016062384F4C8A73EC952CBCFD76"
{ {
"SourcePath" = "8:..\\windows\\authtoken.lib" "SourcePath" = "8:..\\windows\\authtoken.lib"
@ -404,7 +430,7 @@
} }
"MergeModule" "MergeModule"
{ {
"{35A69C6E-5BA4-440D-803D-762B59A45393}:_A2DC4131C0394DE9A11C5C9454847F1E" "{35A69C6E-5BA4-440D-803D-762B59A45393}:_BE89D37A570A4A269D181A19CF27A569"
{ {
"UseDynamicProperties" = "11:FALSE" "UseDynamicProperties" = "11:FALSE"
"IsDependency" = "11:TRUE" "IsDependency" = "11:TRUE"
@ -432,7 +458,35 @@
{ {
"{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_3986DA1502244FFBB04A66472E74633B" "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_3986DA1502244FFBB04A66472E74633B"
{ {
"SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Debug\\pwmech.dll" "SourcePath" = "8:..\\mechanisms\\pwd\\windows\\Release\\pwmech.dll"
"TargetName" = "8:"
"Tag" = "8:"
"Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"
"ReadOnly" = "11:FALSE"
"Hidden" = "11:FALSE"
"System" = "11:FALSE"
"Permanent" = "11:FALSE"
"SharedLegacy" = "11:FALSE"
"PackageAs" = "3:1"
"Register" = "3:1"
"Exclude" = "11:FALSE"
"IsDependency" = "11:FALSE"
"IsolateTo" = "8:"
"ProjectOutputGroupRegister" = "3:1"
"OutputConfiguration" = "8:"
"OutputGroupCanonicalName" = "8:Built"
"OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}"
"ShowKeyOutput" = "11:FALSE"
"ExcludeFilters"
{
}
}
"{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_6459BA05FDB94898947EC93CCF50456E"
{
"SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Release\\krb5mech.dll"
"TargetName" = "8:" "TargetName" = "8:"
"Tag" = "8:" "Tag" = "8:"
"Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD" "Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD"
@ -460,7 +514,7 @@
} }
"{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_8292EFFD84EF46C6BD2F1F3E20808684" "{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_8292EFFD84EF46C6BD2F1F3E20808684"
{ {
"SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Debug\\Novell.Casa.Client.Auth.dll" "SourcePath" = "8:..\\csharp\\Novell.Casa.Authtoken\\obj\\Release\\Novell.Casa.Client.Auth.dll"
"TargetName" = "8:" "TargetName" = "8:"
"Tag" = "8:" "Tag" = "8:"
"Folder" = "8:_8E0BBDD021EA45308BD98380F28EB7F6" "Folder" = "8:_8E0BBDD021EA45308BD98380F28EB7F6"
@ -486,34 +540,6 @@
{ {
} }
} }
"{8062640A-2EEE-46E9-AB67-688E9A886E9F}:_EBD9DA1C34EA4666B638163C28BCA74B"
{
"SourcePath" = "8:..\\mechanisms\\krb5\\windows\\Debug\\krb5mech.dll"
"TargetName" = "8:"
"Tag" = "8:"
"Folder" = "8:_F5F5F604B81645F8B6463F7A7D6A53AD"
"Condition" = "8:"
"Transitive" = "11:FALSE"
"Vital" = "11:TRUE"
"ReadOnly" = "11:FALSE"
"Hidden" = "11:FALSE"
"System" = "11:FALSE"
"Permanent" = "11:FALSE"
"SharedLegacy" = "11:FALSE"
"PackageAs" = "3:1"
"Register" = "3:1"
"Exclude" = "11:FALSE"
"IsDependency" = "11:FALSE"
"IsolateTo" = "8:"
"ProjectOutputGroupRegister" = "3:1"
"OutputConfiguration" = "8:"
"OutputGroupCanonicalName" = "8:Built"
"OutputProjectGuid" = "8:{5499F624-F371-4559-B4C2-A484BCE892FD}"
"ShowKeyOutput" = "11:FALSE"
"ExcludeFilters"
{
}
}
} }
"Registry" "Registry"
{ {

26
CASA-auth-token/non-java/client/cache.c
View File

@ -44,7 +44,8 @@ CreateAuthTokenCacheEntry(
IN const char *pGroupOrHostName, IN const char *pGroupOrHostName,
IN CasaStatus status, IN CasaStatus status,
IN char *pToken, IN char *pToken,
IN int entryLifetime // seconds (0 == Lives forever) IN int entryLifetime, // seconds (0 == Lives forever)
IN void *pCredStoreScope
) )
// //
// Arguments: // Arguments:
@ -65,7 +66,6 @@ CreateAuthTokenCacheEntry(
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
char *pKey; char *pKey;
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0); DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS) if (status == CASA_STATUS_SUCCESS)
@ -129,7 +129,7 @@ CreateAuthTokenCacheEntry(
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &entrySize, (uint32_t*) &entrySize,
NULL, NULL,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
free(pKey); free(pKey);
@ -160,7 +160,8 @@ CreateSessionTokenCacheEntry(
IN const char *pCacheKey, IN const char *pCacheKey,
IN CasaStatus status, IN CasaStatus status,
IN char *pToken, IN char *pToken,
IN int entryLifetime // seconds (0 == Lives forever) IN int entryLifetime, // seconds (0 == Lives forever)
IN void *pCredStoreScope
) )
// //
// Arguments: // Arguments:
@ -180,7 +181,6 @@ CreateSessionTokenCacheEntry(
int32_t tokenSize, entrySize; int32_t tokenSize, entrySize;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS) if (status == CASA_STATUS_SUCCESS)
@ -234,7 +234,7 @@ CreateSessionTokenCacheEntry(
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &entrySize, (uint32_t*) &entrySize,
NULL, NULL,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
} }
else else
{ {
@ -347,7 +347,8 @@ CacheEntryLifetimeExpired(
//++======================================================================= //++=======================================================================
AuthCacheEntry* AuthCacheEntry*
FindSessionTokenEntryInCache( FindSessionTokenEntryInCache(
IN const char *pCacheKey IN const char *pCacheKey,
IN void *pCredStoreScope
) )
// //
// Arguments: // Arguments:
@ -383,7 +384,7 @@ FindSessionTokenEntryInCache(
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
@ -405,7 +406,7 @@ FindSessionTokenEntryInCache(
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
if (pEntry->doesNotExpire == false if (pEntry->doesNotExpire == false
@ -437,7 +438,8 @@ FindSessionTokenEntryInCache(
AuthCacheEntry* AuthCacheEntry*
FindAuthTokenEntryInCache( FindAuthTokenEntryInCache(
IN const char *pCacheKey, IN const char *pCacheKey,
IN const char *pGroupOrHostName IN const char *pGroupOrHostName,
IN void *pCredStoreScope
) )
// //
// Arguments: // Arguments:
@ -483,7 +485,7 @@ FindAuthTokenEntryInCache(
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
@ -505,7 +507,7 @@ FindAuthTokenEntryInCache(
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) NULL); (SSCS_EXT_T*) pCredStoreScope);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
if (pEntry->doesNotExpire == false if (pEntry->doesNotExpire == false

390
CASA-auth-token/non-java/client/engine.c
View File

@ -58,7 +58,8 @@ CasaStatus
ObtainSessionToken( ObtainSessionToken(
IN RpcSession *pRpcSession, IN RpcSession *pRpcSession,
IN AuthPolicy *pAuthPolicy, IN AuthPolicy *pAuthPolicy,
INOUT char **ppSessionToken) INOUT char **ppSessionToken,
IN void *pCredStoreScope)
// //
// Arguments: // Arguments:
// //
@ -93,7 +94,8 @@ ObtainSessionToken(
pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry); pAuthContext = CONTAINING_RECORD(pListEntry, AuthContext, listEntry);
// Try to find a cache entry for the auth context // Try to find a cache entry for the auth context
pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext,
pCredStoreScope);
if (pCacheEntry != NULL) if (pCacheEntry != NULL)
{ {
// Cache entry found, check if it is of use to us. // Cache entry found, check if it is of use to us.
@ -127,7 +129,8 @@ ObtainSessionToken(
// Only try to create cache entry for the auth context if there is not // Only try to create cache entry for the auth context if there is not
// one already. // one already.
pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext,
pCredStoreScope);
if (pCacheEntry == NULL) if (pCacheEntry == NULL)
{ {
char *pReqMsg = NULL; char *pReqMsg = NULL;
@ -169,7 +172,8 @@ ObtainSessionToken(
pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext,
retStatus, retStatus,
pAuthenticateResp->pToken, pAuthenticateResp->pToken,
pAuthenticateResp->tokenLifetime); pAuthenticateResp->tokenLifetime,
pCredStoreScope);
pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer
@ -203,7 +207,8 @@ ObtainSessionToken(
pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext, pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext,
retStatus, retStatus,
NULL, NULL,
DEFAULT_RETRY_LIFETIME); DEFAULT_RETRY_LIFETIME,
pCredStoreScope);
} }
@ -260,7 +265,8 @@ ObtainAuthTokenFromServer(
IN const char *pServiceName, IN const char *pServiceName,
IN const char *pHostName, IN const char *pHostName,
INOUT char **ppAuthToken, INOUT char **ppAuthToken,
INOUT int *pTokenLifetime) INOUT int *pTokenLifetime,
IN void *pCredStoreScope)
// //
// Arguments: // Arguments:
// //
@ -318,7 +324,10 @@ ObtainAuthTokenFromServer(
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
// Now try to obtain a session token // Now try to obtain a session token
retStatus = ObtainSessionToken(pRpcSession, pAuthPolicy, &pSessionToken); retStatus = ObtainSessionToken(pRpcSession,
pAuthPolicy,
&pSessionToken,
pCredStoreScope);
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
// Request auth token for the service // Request auth token for the service
@ -430,6 +439,219 @@ ObtainAuthTokenFromServer(
} }
//++=======================================================================
CasaStatus
ObtainAuthTokenInt(
IN const char *pServiceName,
IN const char *pHostName,
INOUT char *pAuthTokenBuf,
INOUT int *pAuthTokenBufLen,
IN void *pCredStoreScope)
//
// Arguments:
// pServiceName -
// Pointer to NULL terminated string that contains the
// name of the service to which the client is trying to
// authenticate.
//
// pHostName -
// Pointer to NULL terminated string that contains the
// name of the host where resides the service to which the
// client is trying to authenticate. Note that the name
// can either be a DNS name or a dotted IP address.
//
// pAuthTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
// pAuthTokenBufLen parameter. Note that the the authentication
// token will be in the form of a NULL terminated string.
//
// pAuthTokenBufLen -
// Pointer to integer that contains the length of the
// buffer pointed at by pAuthTokenBuf. Upon return of the
// function, the integer will contain the actual length
// of the authentication token if the function successfully
// completes or the buffer length required if the function
// fails because the buffer pointed at by pAuthTokenBuf is
// not large enough.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged by applications
// running in the context of System.
// Returns:
// Casa Status
//
// Description:
// Get authentication token to authenticate user to specified
// service at host. The user is scoped using the info associated
// with the magic cookie.
//
// L2
//=======================================================================--
{
CasaStatus retStatus = CASA_STATUS_SUCCESS;
AuthCacheEntry *pCacheEntry;
char *pNormalizedHostName;
char *pToken;
HANDLE hUserMutex = NULL;
DbgTrace(1, "-ObtainAuthTokenInt- Start\n", 0);
// Verify the input parameters
if (pServiceName == NULL
|| pHostName == NULL
|| pAuthTokenBufLen == NULL
|| (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL))
{
DbgTrace(0, "-ObtainAuthTokenInt- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
DbgTrace(1, "-ObtainAuthTokenInt- ServiceName = %s\n", pServiceName);
DbgTrace(1, "-ObtainAuthTokenInt- HostName = %s\n", pHostName);
DbgTrace(1, "-ObtainAuthTokenInt- BufferLength = %d\n", *pAuthTokenBufLen);
// Obtain our synchronization mutex
AcquireModuleMutex;
// Create user synchronization mutex
retStatus = CreateUserMutex(&hUserMutex);
if (retStatus != CASA_STATUS_SUCCESS)
{
DbgTrace(0, "-ObtainAuthTokenInt- Error creating mutex for the user\n", 0);
goto exit;
}
// Make sure we are fully initialized
if (g_bInitialized == false)
{
retStatus = InitializeLibrary();
if (retStatus == CASA_STATUS_SUCCESS)
{
g_bInitialized = true;
}
else
{
goto exit;
}
}
// Release our synchronization mutex
ReleaseModuleMutex;
// Normalize the host name
pNormalizedHostName = NormalizeHostName(pHostName);
if (pNormalizedHostName)
{
// Start user process synchronization
AcquireUserMutex(hUserMutex);
// Try to find a cache entry for the service
pCacheEntry = FindAuthTokenEntryInCache(pServiceName,
pNormalizedHostName,
pCredStoreScope);
if (pCacheEntry == NULL)
{
// Initialize to retry in case of failure
int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
// Cache entry created, now try to obtain auth token from the CASA Server
retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName,
&pToken,
&cacheEntryLifetime,
pCredStoreScope);
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was un-available.
if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry = CreateAuthTokenCacheEntry(pServiceName,
pNormalizedHostName,
retStatus,
pToken,
cacheEntryLifetime,
pCredStoreScope);
if (pCacheEntry)
{
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pCacheEntry);
}
}
}
}
else
{
// Cache entry found, update the return status with the information saved in it
// and release it if its status is not successful.
if (!CASA_SUCCESS(retStatus = pCacheEntry->status))
{
FreeAuthCacheEntry(pCacheEntry);
}
}
// Try to return auth token if we have one to return
if (CASA_SUCCESS(retStatus))
{
int tokenLen = (int) strlen(pCacheEntry->token) + 1;
// We have an authentication token, try to return it to the caller
// after verifying that the supplied buffer is big enough.
if (*pAuthTokenBufLen >= tokenLen)
{
// Return the auth token to the caller
DbgTrace(2, "-ObtainAuthTokenInt- Copying the token into the callers buffer\n", 0);
strcpy(pAuthTokenBuf, pCacheEntry->token);
}
else
{
DbgTrace(0, "-ObtainAuthTokenInt- The supplied buffer is not large enough", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_BUFFER_OVERFLOW);
}
// Return the token length to the caller
*pAuthTokenBufLen = tokenLen;
FreeAuthCacheEntry(pCacheEntry);
}
// Stop user process synchronization
ReleaseUserMutex(hUserMutex);
// Free the space allocated for the normalized host name
free(pNormalizedHostName);
}
else
{
DbgTrace(0, "-ObtainAuthTokenInt- Host name normalization failed\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
exit:
if (hUserMutex != NULL)
{
DestroyUserMutex(hUserMutex);
}
DbgTrace(1, "-ObtainAuthTokenInt- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++======================================================================= //++=======================================================================
CasaStatus SSCS_CALL CasaStatus SSCS_CALL
ObtainAuthToken( ObtainAuthToken(
@ -475,157 +697,17 @@ ObtainAuthToken(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus = CASA_STATUS_SUCCESS; CasaStatus retStatus;
AuthCacheEntry *pCacheEntry;
char *pNormalizedHostName;
char *pToken;
HANDLE hUserMutex = NULL;
DbgTrace(1, "-ObtainAuthToken- Start\n", 0); DbgTrace(1, "-ObtainAuthToken- Start\n", 0);
// Verify the input parameters // Call our internal worker
if (pServiceName == NULL retStatus = ObtainAuthTokenInt(pServiceName,
|| pHostName == NULL pHostName,
|| pAuthTokenBufLen == NULL pAuthTokenBuf,
|| (*pAuthTokenBufLen != 0 && pAuthTokenBuf == NULL)) pAuthTokenBufLen,
{ NULL);
DbgTrace(0, "-ObtainAuthToken- Invalid parameter\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INVALID_PARAMETER);
goto exit;
}
DbgTrace(1, "-ObtainAuthToken- ServiceName = %s\n", pServiceName);
DbgTrace(1, "-ObtainAuthToken- HostName = %s\n", pHostName);
DbgTrace(1, "-ObtainAuthToken- BufferLength = %d\n", *pAuthTokenBufLen);
// Obtain our synchronization mutex
AcquireModuleMutex;
// Create user synchronization mutex
retStatus = CreateUserMutex(&hUserMutex);
if (retStatus != CASA_STATUS_SUCCESS)
{
DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0);
goto exit;
}
// Make sure we are fully initialized
if (g_bInitialized == false)
{
retStatus = InitializeLibrary();
if (retStatus == CASA_STATUS_SUCCESS)
{
g_bInitialized = true;
}
else
{
goto exit;
}
}
// Release our synchronization mutex
ReleaseModuleMutex;
// Normalize the host name
pNormalizedHostName = NormalizeHostName(pHostName);
if (pNormalizedHostName)
{
// Start user process synchronization
AcquireUserMutex(hUserMutex);
// Try to find a cache entry for the service
pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName);
if (pCacheEntry == NULL)
{
// Initialize to retry in case of failure
int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
// Cache entry created, now try to obtain auth token from the CASA Server
retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName,
&pToken,
&cacheEntryLifetime);
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was un-available.
if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry = CreateAuthTokenCacheEntry(pServiceName,
pNormalizedHostName,
retStatus,
pToken,
cacheEntryLifetime);
if (pCacheEntry)
{
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pCacheEntry);
}
}
}
}
else
{
// Cache entry found, update the return status with the information saved in it
// and release it if its status is not successful.
if (!CASA_SUCCESS(retStatus = pCacheEntry->status))
{
FreeAuthCacheEntry(pCacheEntry);
}
}
// Try to return auth token if we have one to return
if (CASA_SUCCESS(retStatus))
{
int tokenLen = (int) strlen(pCacheEntry->token) + 1;
// We have an authentication token, try to return it to the caller
// after verifying that the supplied buffer is big enough.
if (*pAuthTokenBufLen >= tokenLen)
{
// Return the auth token to the caller
DbgTrace(2, "-ObtainAuthToken- Copying the token into the callers buffer\n", 0);
strcpy(pAuthTokenBuf, pCacheEntry->token);
}
else
{
DbgTrace(0, "-ObtainAuthToken- The supplied buffer is not large enough", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_BUFFER_OVERFLOW);
}
// Return the token length to the caller
*pAuthTokenBufLen = tokenLen;
FreeAuthCacheEntry(pCacheEntry);
}
// Stop user process synchronization
ReleaseUserMutex(hUserMutex);
// Free the space allocated for the normalized host name
free(pNormalizedHostName);
}
else
{
DbgTrace(0, "-ObtainAuthToken- Host name normalization failed\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
exit:
if (hUserMutex != NULL)
{
DestroyUserMutex(hUserMutex);
}
DbgTrace(1, "-ObtainAuthToken- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-ObtainAuthToken- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;

21
CASA-auth-token/non-java/client/internal.h
View File

@ -132,6 +132,15 @@ extern char pathCharString[];
// Functions exported by engine.c // Functions exported by engine.c
// //
extern
CasaStatus
ObtainAuthTokenInt(
IN const char *pServiceName,
IN const char *pHostName,
INOUT char *pAuthTokenBuf,
INOUT int *pAuthTokenBufLen,
IN void *pCredStoreScope);
// //
// Functions exported by authmech.c // Functions exported by authmech.c
// //
@ -235,7 +244,8 @@ CreateSessionTokenCacheEntry(
IN const char *pCacheKey, IN const char *pCacheKey,
IN CasaStatus status, IN CasaStatus status,
IN char *pToken, IN char *pToken,
IN int entryLifetime); IN int entryLifetime,
IN void *pCredStoreScope);
extern extern
AuthCacheEntry* AuthCacheEntry*
@ -244,7 +254,8 @@ CreateAuthTokenCacheEntry(
IN const char *pHostName, IN const char *pHostName,
IN CasaStatus status, IN CasaStatus status,
IN char *pToken, IN char *pToken,
IN int entryLifetime); IN int entryLifetime,
IN void *pCredStoreScope);
extern extern
void void
@ -254,13 +265,15 @@ FreeAuthCacheEntry(
extern extern
AuthCacheEntry* AuthCacheEntry*
FindSessionTokenEntryInCache( FindSessionTokenEntryInCache(
IN const char *pCacheKey); IN const char *pCacheKey,
IN void *pCredStoreScope);
extern extern
AuthCacheEntry* AuthCacheEntry*
FindAuthTokenEntryInCache( FindAuthTokenEntryInCache(
IN const char *pCacheKey, IN const char *pCacheKey,
IN const char *pGroupOrHostName); IN const char *pGroupOrHostName,
IN void *pCredStoreScope);
extern extern
CasaStatus CasaStatus

7
CASA-auth-token/non-java/client/windows/client.vcproj
View File

@ -21,7 +21,7 @@
Name="VCCLCompilerTool" Name="VCCLCompilerTool"
AdditionalOptions="/D "XML_STATIC"" AdditionalOptions="/D "XML_STATIC""
Optimization="0" Optimization="0"
AdditionalIncludeDirectories=".;..\;..\..\include;"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib"" AdditionalIncludeDirectories=".;..\;..\..\include;"C:\Dev\casa\CASA-auth-token\non-java\include\windows";"\Program Files\novell\casa\include";"C:\Dev\Expat-2.0.0\Source\lib""
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="TRUE" MinimalRebuild="TRUE"
BasicRuntimeChecks="3" BasicRuntimeChecks="3"
@ -81,7 +81,7 @@ copy $(SolutionDir)client\windows\authtoken.lib \"Program Files"\novel
<Tool <Tool
Name="VCCLCompilerTool" Name="VCCLCompilerTool"
AdditionalOptions="/D &quot;XML_STATIC&quot;" AdditionalOptions="/D &quot;XML_STATIC&quot;"
AdditionalIncludeDirectories=".;..\;..\..\include;&quot;\Program Files\novell\casa\include&quot;;&quot;C:\Dev\Expat-2.0.0\Source\lib&quot;" AdditionalIncludeDirectories=".;..\;..\..\include;&quot;C:\Dev\casa\CASA-auth-token\non-java\include\windows&quot;;&quot;\Program Files\novell\casa\include&quot;;&quot;C:\Dev\Expat-2.0.0\Source\lib&quot;"
PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE" PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
RuntimeLibrary="4" RuntimeLibrary="4"
UsePrecompiledHeader="0" UsePrecompiledHeader="0"
@ -188,6 +188,9 @@ copy $(SolutionDir)client\windows\authtoken.lib \&quot;Program Files&quot;\novel
<File <File
RelativePath="..\..\include\casa_c_authtoken.h"> RelativePath="..\..\include\casa_c_authtoken.h">
</File> </File>
<File
RelativePath="..\..\include\windows\casa_c_authtoken_ex.h">
</File>
<File <File
RelativePath="..\config_if.h"> RelativePath="..\config_if.h">
</File> </File>

70
CASA-auth-token/non-java/client/windows/dllsup.c
View File

@ -27,6 +27,7 @@
#include "internal.h" #include "internal.h"
#include <shlobj.h> #include <shlobj.h>
#include <shlwapi.h> #include <shlwapi.h>
#include "casa_c_authtoken_ex.h"
//===[ External data ]===================================================== //===[ External data ]=====================================================
extern extern
@ -49,6 +50,75 @@ HANDLE g_hModule;
HANDLE g_hModuleMutex; HANDLE g_hModuleMutex;
//++=======================================================================
CasaStatus SSCS_CALL
ObtainAuthTokenEx(
IN const char *pServiceName,
IN const char *pHostName,
INOUT char *pAuthTokenBuf,
INOUT int *pAuthTokenBufLen,
IN void *pCredStoreScope)
//
// Arguments:
// pServiceName -
// Pointer to NULL terminated string that contains the
// name of the service to which the client is trying to
// authenticate.
//
// pHostName -
// Pointer to NULL terminated string that contains the
// name of the host where resides the service to which the
// client is trying to authenticate. Note that the name
// can either be a DNS name or a dotted IP address.
//
// pAuthTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
// pAuthTokenBufLen parameter. Note that the the authentication
// token will be in the form of a NULL terminated string.
//
// pAuthTokenBufLen -
// Pointer to integer that contains the length of the
// buffer pointed at by pAuthTokenBuf. Upon return of the
// function, the integer will contain the actual length
// of the authentication token if the function successfully
// completes or the buffer length required if the function
// fails because the buffer pointed at by pAuthTokenBuf is
// not large enough.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged by applications
// running in the context of System.
//
// Returns:
// Casa Status
//
// Description:
// Get authentication token to authenticate user to specified
// service at host. The user is scoped using the info associated
// with the magic cookie.
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
DbgTrace(1, "-ObtainAuthTokenEx- Start\n", 0);
// Call our internal worker
retStatus = ObtainAuthTokenInt(pServiceName,
pHostName,
pAuthTokenBuf,
pAuthTokenBufLen,
pCredStoreScope);
DbgTrace(1, "-ObtainAuthTokenEx- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++======================================================================= //++=======================================================================
BOOL APIENTRY DllMain( BOOL APIENTRY DllMain(
HANDLE hModule, HANDLE hModule,

109
CASA-auth-token/non-java/include/windows/casa_c_authtoken_ex.h Normal file
View File

@ -0,0 +1,109 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
#ifndef _CASA_C_AUTHTOKEN_EX_H_
#define _CASA_C_AUTHTOKEN_EX_H_
#if defined(__cplusplus) || defined(c_plusplus)
extern "C"
{
#endif
//===[ Include files ]=====================================================
#include <micasa_types.h>
#include <casa_status.h>
//===[ Type definitions ]==================================================
#ifndef SSCS_CALL
#if defined(WIN32)
#define SSCS_CALL __stdcall
#else
#define SSCS_CALL
#endif
#endif
//===[ Function prototypes ]===============================================
//===[ Global variables ]==================================================
//++=======================================================================
CasaStatus SSCS_CALL
ObtainAuthTokenEx(
IN const char *pServiceName,
IN const char *pHostName,
INOUT char *pAuthTokenBuf,
INOUT int *pAuthTokenBufLen,
IN void *pCredStoreScope);
//
// Arguments:
// pServiceName -
// Pointer to NULL terminated string that contains the
// name of the service to which the client is trying to
// authenticate.
//
// pHostName -
// Pointer to NULL terminated string that contains the
// name of the host where resides the service to which the
// client is trying to authenticate. Note that the name
// can either be a DNS name or a dotted IP address.
//
// pAuthTokenBuf -
// Pointer to buffer that will receive the authentication
// token. The length of this buffer is specified by the
// pAuthTokenBufLen parameter. Note that the the authentication
// token will be in the form of a NULL terminated string.
//
// pAuthTokenBufLen -
// Pointer to integer that contains the length of the
// buffer pointed at by pAuthTokenBuf. Upon return of the
// function, the integer will contain the actual length
// of the authentication token if the function successfully
// completes or the buffer length required if the function
// fails because the buffer pointed at by pAuthTokenBuf is
// not large enough.
//
// pCredStoreScope -
// Pointer to CASA structure for scoping credential store access
// to specific users. This can only be leveraged by applications
// running in the context of System.
//
// Returns:
// Casa Status
//
// Description:
// Get authentication token to authenticate user to specified
// service at host. The user is scoped using the info associated
// with the magic cookie.
//=======================================================================--
#if defined(__cplusplus) || defined(c_plusplus)
}
#endif // #if defined(__cplusplus) || defined(c_plusplus)
#endif // #ifndef _CASA_C_AUTHTOKEN_EX_H_