From 5ba91c92a6a034672ba65c2575edf9ec1d3b4e8b Mon Sep 17 00:00:00 2001 From: Juan Carlos Luciani Date: Mon, 26 Mar 2007 21:45:10 +0000 Subject: [PATCH] Fixed issues found when testing the auth.policy mechanism_info changes for the Krb5 and the Pwd mechanisms using a linux client. --- CASA-auth-token/client/library/config.c | 16 ++--- .../client/library/linux/osslsupp.c | 20 +++---- .../library/mechanisms/krb5/linux/get.c | 60 +++++++++---------- .../library/mechanisms/krb5/windows/get.c | 60 +++++++++---------- .../client/library/mechanisms/pwd/get.c | 6 +- .../library/mechanisms/pwd/windows/platform.h | 1 + CASA-auth-token/server-java/Svc/README | 10 ++-- 7 files changed, 87 insertions(+), 86 deletions(-) diff --git a/CASA-auth-token/client/library/config.c b/CASA-auth-token/client/library/config.c index 87bfcf93..3abd2cf5 100644 --- a/CASA-auth-token/client/library/config.c +++ b/CASA-auth-token/client/library/config.c @@ -89,7 +89,7 @@ RemoveWhiteSpaceFromTheEnd( char *pLineEnd = (char*) pInString + strlen(pInString) - 1; - DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0); + DbgTrace(4, "-RemoveWhiteSpaceFromTheEnd- Start\n", 0); while (pLineEnd != pInString) { @@ -108,7 +108,7 @@ RemoveWhiteSpaceFromTheEnd( } } - DbgTrace(3, "-RemoveWhiteSpaceFromTheEnd- End\n", 0); + DbgTrace(4, "-RemoveWhiteSpaceFromTheEnd- End\n", 0); } @@ -130,7 +130,7 @@ SkipWhiteSpace( { char *pOutString = (char*) pInString; - DbgTrace(3, "-SkipWhiteSpace- Start\n", 0); + DbgTrace(4, "-SkipWhiteSpace- Start\n", 0); while (*pOutString != '\0') { @@ -148,7 +148,7 @@ SkipWhiteSpace( } } - DbgTrace(3, "-SkipWhiteSpace- End\n", 0); + DbgTrace(4, "-SkipWhiteSpace- End\n", 0); return pOutString; } @@ -172,7 +172,7 @@ SkipNonWhiteSpace( { char *pOutString = (char*) pInString; - DbgTrace(3, "-SkipNonWhiteSpace- Start\n", 0); + DbgTrace(4, "-SkipNonWhiteSpace- Start\n", 0); while (*pOutString != '\0') { @@ -190,7 +190,7 @@ SkipNonWhiteSpace( } } - DbgTrace(3, "-SkipNonWhiteSpace- End\n", 0); + DbgTrace(4, "-SkipNonWhiteSpace- End\n", 0); return pOutString; } @@ -216,7 +216,7 @@ LowerCaseString( { int i; - DbgTrace(3, "-LowerCaseString- Start\n", 0); + DbgTrace(4, "-LowerCaseString- Start\n", 0); // Copy the string as lower case for (i = 0; pSrcString[i] != '\0'; i++) @@ -230,7 +230,7 @@ LowerCaseString( // Null terminate the destination string pDestString[i] = '\0'; - DbgTrace(3, "-LowerCaseString- End\n", 0); + DbgTrace(4, "-LowerCaseString- End\n", 0); } diff --git a/CASA-auth-token/client/library/linux/osslsupp.c b/CASA-auth-token/client/library/linux/osslsupp.c index 8856425d..9af515eb 100644 --- a/CASA-auth-token/client/library/linux/osslsupp.c +++ b/CASA-auth-token/client/library/linux/osslsupp.c @@ -61,7 +61,7 @@ StaticLockFunction( // L2 //=======================================================================-- { - DbgTrace(3, "-StaticLockFunction- Start\n", 0); + DbgTrace(4, "-StaticLockFunction- Start\n", 0); // Verify that the lock number is within range if (n < g_numStaticLocks @@ -84,7 +84,7 @@ StaticLockFunction( DbgTrace(0, "-StaticLockFunction- n out of range\n", 0); } - DbgTrace(3, "-StaticLockFunction- End\n", 0); + DbgTrace(4, "-StaticLockFunction- End\n", 0); } @@ -107,7 +107,7 @@ DynLockFunction( // L2 //=======================================================================-- { - DbgTrace(3, "-DynLockFunction- Start\n", 0); + DbgTrace(4, "-DynLockFunction- Start\n", 0); if (l) { @@ -128,7 +128,7 @@ DynLockFunction( DbgTrace(0, "-DynLockFunction- Invalid parameter\n", 0); } - DbgTrace(3, "-DynLockFunction- End\n", 0); + DbgTrace(4, "-DynLockFunction- End\n", 0); } @@ -151,7 +151,7 @@ CreateDynLockFunction( { struct CRYPTO_dynlock_value *l; - DbgTrace(1, "-CreateDynLockFunction- Start\n", 0); + DbgTrace(3, "-CreateDynLockFunction- Start\n", 0); // Allocate space for the lock l = (struct CRYPTO_dynlock_value*) malloc(sizeof(pthread_mutex_t)); @@ -164,7 +164,7 @@ CreateDynLockFunction( DbgTrace(0, "-CreateDynLockFunction- Buffer allocation failure\n", 0); } - DbgTrace(1, "-CreateDynLockFunction- End, l = %0lX\n", (long) l); + DbgTrace(3, "-CreateDynLockFunction- End, l = %0lX\n", (long) l); return l; } @@ -188,7 +188,7 @@ DestroyDynLockFunction( // L2 //=======================================================================-- { - DbgTrace(1, "-DestroyDynLockFunction- Start, l = %0lX\n", (long) l); + DbgTrace(3, "-DestroyDynLockFunction- Start, l = %0lX\n", (long) l); if (l) { @@ -196,7 +196,7 @@ DestroyDynLockFunction( free(l); } - DbgTrace(1, "-DestroyDynLockFunction- End\n", 0); + DbgTrace(3, "-DestroyDynLockFunction- End\n", 0); } @@ -217,11 +217,11 @@ ThreadIdFunction(void) { unsigned long threadId; - DbgTrace(3, "-ThreadIdFunction- Start\n", 0); + DbgTrace(4, "-ThreadIdFunction- Start\n", 0); threadId = (unsigned long) pthread_self(); - DbgTrace(3, "-ThreadIdFunction- End, id = %0lX\n", threadId); + DbgTrace(4, "-ThreadIdFunction- End, id = %0lX\n", threadId); return threadId; } diff --git a/CASA-auth-token/client/library/mechanisms/krb5/linux/get.c b/CASA-auth-token/client/library/mechanisms/krb5/linux/get.c index 511f6259..cebc1b8f 100644 --- a/CASA-auth-token/client/library/mechanisms/krb5/linux/get.c +++ b/CASA-auth-token/client/library/mechanisms/krb5/linux/get.c @@ -210,36 +210,36 @@ AuthTokenIf_GetAuthToken( goto exit; } - // Process any mechanism information that may have been provided - if (pMechInfo) - { - // Mechanism information has been provided. Mechanism information - // consists of semicolon delimited settings. The settings are formated - // using the format settingName=settingvalue. No white space is allowed - // as part of the mechanism information. - char *pNextSettingToken; - char *pSettingValueToken = strtok_r(pMechInfo, ";", &pNextSettingToken); - while (pSettingValueToken != NULL) - { - char *pNextToken; - char *pSettingName = strtok_r(pSettingValueToken, "=", &pNextToken); - char *pSettingValue = strtok_r(NULL, "=", &pNextToken); - if (pSettingValue) - { - // Process the setting - if (strcmpi(pSettingName, "SVC_PRINCIPAL") == 0) - { - pKrbServiceName = pSettingValue; - } - } - else - { - printf("Bad setting\n"); - } - - pSettingValueToken = strtok_r(NULL, ";", &pNextSettingToken); - } - } + // Process any mechanism information that may have been provided + if (pMechInfo) + { + // Mechanism information has been provided. Mechanism information + // consists of semicolon delimited settings. The settings are formated + // using the format settingName=settingvalue. No white space is allowed + // as part of the mechanism information. + char *pNextSettingToken; + char *pSettingValueToken = strtok_r(pMechInfo, ";", &pNextSettingToken); + while (pSettingValueToken != NULL) + { + char *pNextToken; + char *pSettingName = strtok_r(pSettingValueToken, "=", &pNextToken); + char *pSettingValue = strtok_r(NULL, "=", &pNextToken); + if (pSettingValue) + { + // Process the setting + if (strcasecmp(pSettingName, "SVC_PRINCIPAL") == 0) + { + pKrbServiceName = pSettingValue; + } + } + else + { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Bad setting\n", 0); + } + + pSettingValueToken = strtok_r(NULL, ";", &pNextSettingToken); + } + } // Check if we need to construct the service name if (pKrbServiceName == NULL diff --git a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c index af63631d..799fcb6e 100644 --- a/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c +++ b/CASA-auth-token/client/library/mechanisms/krb5/windows/get.c @@ -119,36 +119,36 @@ AuthTokenIf_GetAuthToken( goto exit; } - // Process any mechanism information that may have been provided - if (pMechInfo) - { - // Mechanism information has been provided. Mechanism information - // consists of semicolon delimited settings. The settings are formated - // using the format settingName=settingvalue. No white space is allowed - // as part of the mechanism information. - char *pNextSettingToken; - char *pSettingValueToken = strtok_r(pMechInfo, ";", &pNextSettingToken); - while (pSettingValueToken != NULL) - { - char *pNextToken; - char *pSettingName = strtok_r(pSettingValueToken, "=", &pNextToken); - char *pSettingValue = strtok_r(NULL, "=", &pNextToken); - if (pSettingValue) - { - // Process the setting - if (strcmpi(pSettingName, "SVC_PRINCIPAL") == 0) - { - pKrbServiceName = pSettingValue; - } - } - else - { - printf("Bad setting\n"); - } - - pSettingValueToken = strtok_r(NULL, ";", &pNextSettingToken); - } - } + // Process any mechanism information that may have been provided + if (pMechInfo) + { + // Mechanism information has been provided. Mechanism information + // consists of semicolon delimited settings. The settings are formated + // using the format settingName=settingvalue. No white space is allowed + // as part of the mechanism information. + char *pNextSettingToken; + char *pSettingValueToken = strtok_r(pMechInfo, ";", &pNextSettingToken); + while (pSettingValueToken != NULL) + { + char *pNextToken; + char *pSettingName = strtok_r(pSettingValueToken, "=", &pNextToken); + char *pSettingValue = strtok_r(NULL, "=", &pNextToken); + if (pSettingValue) + { + // Process the setting + if (strcmpi(pSettingName, "SVC_PRINCIPAL") == 0) + { + pKrbServiceName = pSettingValue; + } + } + else + { + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Bad setting\n", 0); + } + + pSettingValueToken = strtok_r(NULL, ";", &pNextSettingToken); + } + } // Check if we need to construct the service name if (pKrbServiceName == NULL diff --git a/CASA-auth-token/client/library/mechanisms/pwd/get.c b/CASA-auth-token/client/library/mechanisms/pwd/get.c index fe9e0204..6155106b 100644 --- a/CASA-auth-token/client/library/mechanisms/pwd/get.c +++ b/CASA-auth-token/client/library/mechanisms/pwd/get.c @@ -316,9 +316,9 @@ AuthTokenIf_GetAuthToken( if (pSettingValue) { // Process the setting - if (strcmpi(pSettingName, "REALM_CREDENTIALS_ONLY") == 0) + if (strcasecmp(pSettingName, "REALM_CREDENTIALS_ONLY") == 0) { - if (strcmpi(pSettingValue, "true") == 0) + if (strcasecmp(pSettingValue, "true") == 0) { realm_credentials_only = true; } @@ -326,7 +326,7 @@ AuthTokenIf_GetAuthToken( } else { - printf("Bad setting\n"); + DbgTrace(0, "-AuthTokenIf_GetAuthToken- Bad setting\n", 0); } pSettingValueToken = strtok_r(NULL, ";", &pNextSettingToken); diff --git a/CASA-auth-token/client/library/mechanisms/pwd/windows/platform.h b/CASA-auth-token/client/library/mechanisms/pwd/windows/platform.h index e6ea4268..fda3a006 100644 --- a/CASA-auth-token/client/library/mechanisms/pwd/windows/platform.h +++ b/CASA-auth-token/client/library/mechanisms/pwd/windows/platform.h @@ -79,6 +79,7 @@ FILE *pDebugFile; \ #define true TRUE #define false FALSE #define strtok_r strtok_s +#define strcasecmp strcmpi //===[ Inlines functions ]=============================================== diff --git a/CASA-auth-token/server-java/Svc/README b/CASA-auth-token/server-java/Svc/README index 2876d66e..3bd6b5e3 100644 --- a/CASA-auth-token/server-java/Svc/README +++ b/CASA-auth-token/server-java/Svc/README @@ -184,7 +184,7 @@ The following is an example auth.policy file: CorpTree Krb5Authenticate - SVC_PRINCIPAL=host/tokenserver.company.novell.com@KRB_REALM + SVC_PRINCIPAL=host/tokenserver.company.novell.com CorpTree @@ -211,10 +211,10 @@ Note the following about the sample auth.policy file: configuration requirements of the specified mechanism. - The name of the Krb5 Authentication mechanism is "Krb5Authenticate". This mechanism - defaults the service principal name to host/hostname@KERBEROS_REALM. You can use a - different service principal name by setting the SVC_PRINCIPAL setting equal to it - under the mechanism_info key. Notice that mechanism info settings for this mechanism - are separated using a semicolon and no-white space is allowed. + defaults the service principal name to host/hostname. You can use a different + service principal name by setting the SVC_PRINCIPAL setting equal to it under the + mechanism_info key. Notice that mechanism info settings for this mechanism are + separated using a semicolon and no-white space is allowed. - The name of the username/password authentication mechanism is "PwdAuthenticate" and it does not require any information to be included under the mechanism_info key. You