geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed storage of tokens from registry to CASA wallet.

Browse Source 
Broke out storage of Session tokens and Authentication tokens.
This commit is contained in:
Todd Throne 2006-06-20 20:33:11 +00:00
parent a9e70687e1
commit fc7f88c01d
8 changed files with 840 additions and 1261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

615
CASA-auth-token/client/cache.c Normal file
View File

@ -0,0 +1,615 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
//===[ Include files ]=====================================================
#include "internal.h"
#include <micasa.h>
//===[ Type definitions ]==================================================
//
// Registry Key/Value defines used in the AuthCache
//
#define CASA_AUTH_CACHE_REG_KEY "CASA_Auth_Cache"
#define CREATION_TIME_REG_VALUE "CreationTime"
#define EXPIRATION_TIME_REG_VALUE "ExpirationTime"
#define DOES_NOT_EXPIRE_REG_VALUE "DoesNotExpire"
#define STATUS_REG_VALUE "Status"
#define TOKEN_REG_VALUE "Token"
//===[ Function prototypes ]===============================================
//===[ Global variables ]==================================================
// Non-host specific key name
static
char g_allHosts[] = "AllHosts";
static
int g_cacheEntryCount = 0;
HANDLE g_hCASAContext;
//++=======================================================================
AuthCacheEntry*
CreateAuthTokenCacheEntry(
IN const char *pCacheKey,
IN const char *pGroupOrHostName,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime // seconds (0 == Lives forever)
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
uint32_t tokenSize, entrySize, keySize;
AuthCacheEntry *pEntry = NULL;
unsigned char *pKey;
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t)strlen(pToken);
}
else
{
tokenSize = 0;
}
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry
// The AuthCacheEntry structure contains room for the tokens NULL terminator
pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry)
{
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = FALSE;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = TRUE;
}
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
retStatus = miCASAWriteBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
(uint8_t *)pEntry,
&entrySize,
NULL,
NULL);
free(pKey);
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
CreateSessionTokenCacheEntry(
IN const char *pCacheKey,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime // seconds (0 == Lives forever)
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
uint32_t tokenSize, entrySize;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t)strlen(pToken);
}
else
{
tokenSize = 0;
}
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry
// The AuthCacheEntry structure contains room for the tokens NULL terminator
pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry)
{
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = FALSE;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = TRUE;
}
retStatus = miCASAWriteBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
(uint8_t *)pEntry,
&entrySize,
NULL,
NULL);
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
void
FreeAuthCacheEntry(
IN AuthCacheEntry *pEntry
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %08X\n", pEntry);
// Free the entry
free(pEntry);
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
}
//++=======================================================================
static
BOOL
CacheEntryLifetimeExpired(
IN DWORD creationTime,
IN DWORD expirationTime
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DWORD currentTime = GetTickCount();
BOOL expired = FALSE;
DbgTrace(2, "-CacheEntryLifetimeExpired- Start\n", 0);
// Check if the clock has wrapped
if (currentTime >= creationTime)
{
// The clock has not wrapped, check if the
// expiration time has wrapped.
if (expirationTime > creationTime)
{
// The expiration time also has not wrapped,
// do a straight compare against the current
// time.
if (currentTime >= expirationTime)
{
// It has expired
expired = TRUE;
}
}
}
else
{
// The clock has wrapped, check if the expiration
// time also wrapped.
if (expirationTime > creationTime)
{
// The expiration time did not wrap, therefore
// it has been exceeded since the clock wrapped.
expired = TRUE;
}
else
{
// The expiration time also wrapped, do a straight
// compare against the current time.
if (currentTime >= expirationTime)
{
// It has expired
expired = TRUE;
}
}
}
DbgTrace(2, "-CacheEntryLifetimeExpired- End, result = %08X\n", expired);
return expired;
}
//++=======================================================================
AuthCacheEntry*
FindSessionTokenEntryInCache(
IN const char *pCacheKey
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
uint32_t valueLength, bytesRequired;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
valueLength = 0;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
NULL,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry)
{
valueLength = bytesRequired;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
(uint8_t *)pEntry,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (CASA_SUCCESS(retStatus))
{
if (pEntry->doesNotExpire == FALSE
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry ???
//miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
FindAuthTokenEntryInCache(
IN const char *pCacheKey,
IN const char *pGroupOrHostName
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
uint32_t valueLength, bytesRequired, keySize;
AuthCacheEntry *pEntry = NULL;
unsigned char *pKey;
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
valueLength = 0;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
NULL,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry)
{
valueLength = bytesRequired;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
(uint8_t *)pEntry,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (CASA_SUCCESS(retStatus))
{
if (pEntry->doesNotExpire == FALSE
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry ???
//miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
free(pKey);
}
DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
CasaStatus
InitializeAuthCache()
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_SECRETSTORE_T ssId;
DbgTrace(1, "-InitializeAuthCache- Start\n", 0);
ssId.version = NSSCS_VERSION_NUMBER;
strcpy((char *)ssId.ssName, (char *)SSCS_DEFAULT_SECRETSTORE_ID);
g_hCASAContext = miCASAOpenSecretStoreCache(
&ssId,
0,
NULL);
if (!g_hCASAContext)
{
retStatus = CasaStatusBuild(
CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
else
{
retStatus = CASA_STATUS_SUCCESS;
}
DbgTrace(1, "-InitializeAuthCache- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
//++=======================================================================
//++=======================================================================

20
CASA-auth-token/client/client.vcproj
View File

@ -21,7 +21,7 @@
Name="VCCLCompilerTool" Name="VCCLCompilerTool"
AdditionalOptions="/D &quot;XML_STATIC&quot;" AdditionalOptions="/D &quot;XML_STATIC&quot;"
Optimization="0" Optimization="0"
AdditionalIncludeDirectories=".;windows;..\include;..\..\include;..\..\..\Expat-2.0.0\source\lib" AdditionalIncludeDirectories=".;.\windows;..\include;..\..\CASA\include;&quot;..\..\Expat-2.0.0\source\lib&quot;"
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE" PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="TRUE" MinimalRebuild="TRUE"
BasicRuntimeChecks="3" BasicRuntimeChecks="3"
@ -36,10 +36,10 @@
Name="VCLinkerTool" Name="VCLinkerTool"
IgnoreImportLibrary="FALSE" IgnoreImportLibrary="FALSE"
AdditionalOptions="/EXPORT:ObtainAuthToken" AdditionalOptions="/EXPORT:ObtainAuthToken"
AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib" AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib micasa.lib"
OutputFile="$(OutDir)/authtoken.dll" OutputFile="$(OutDir)/authtoken.dll"
LinkIncremental="1" LinkIncremental="1"
AdditionalLibraryDirectories="&quot;..\..\..\Expat-2.0.0\StaticLibs&quot;" AdditionalLibraryDirectories="&quot;\Program Files\Novell\CASA\lib&quot;;&quot;..\..\Expat-2.0.0\StaticLibs&quot;"
GenerateDebugInformation="TRUE" GenerateDebugInformation="TRUE"
ProgramDatabaseFile="$(OutDir)/client.pdb" ProgramDatabaseFile="$(OutDir)/client.pdb"
SubSystem="0" SubSystem="0"
@ -151,7 +151,19 @@ copy $(SolutionDir)client\windows\authtoken.lib \&quot;Program Files&quot;\novel
RelativePath=".\win32\authtoken.def"> RelativePath=".\win32\authtoken.def">
</File> </File>
<File <File
RelativePath=".\windows\cache.c"> RelativePath=".\cache.c">
<FileConfiguration
Name="Debug|Win32">
<Tool
Name="VCCLCompilerTool"
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
</FileConfiguration>
<FileConfiguration
Name="Release|Win32">
<Tool
Name="VCCLCompilerTool"
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
</FileConfiguration>
</File> </File>
<File <File
RelativePath=".\config.c"> RelativePath=".\config.c">

205
CASA-auth-token/client/engine.c
View File

@ -38,14 +38,17 @@
// //
// Debug tracing level // Debug tracing level
// //
int DebugLevel = 0; int DebugLevel = -1;
// //
// Operating parameter // Operating parameter
// //
bool secureRpcSetting = false; bool secureRpcSetting = false;
int retryLifetime = DEFAULT_RETRY_LIFETIME;
// Synchronization mutex for the dll initialization
static
HANDLE g_hInitializationMutex;
bool g_bInitialized = FALSE;
//++======================================================================= //++=======================================================================
static static
@ -100,8 +103,8 @@ ObtainSessionToken(
} }
else else
{ {
// Release auth cache entry reference // Free the entry
ReleaseAuthCacheEntry(pCacheEntry); FreeAuthCacheEntry(pCacheEntry);
} }
} }
@ -125,6 +128,10 @@ ObtainSessionToken(
pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext); pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext);
if (pCacheEntry == NULL) if (pCacheEntry == NULL)
{ {
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
// Get authentication mechanism token // Get authentication mechanism token
retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken); retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken);
if (!CASA_SUCCESS(retStatus)) if (!CASA_SUCCESS(retStatus))
@ -137,15 +144,6 @@ ObtainSessionToken(
continue; continue;
} }
// Create a cache entry for the auth context
pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext);
if (pCacheEntry)
{
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
// Authenticate to the ATS // Authenticate to the ATS
pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken); pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken);
if (pReqMsg) if (pReqMsg)
@ -166,9 +164,13 @@ ObtainSessionToken(
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
// Return the auth token to the caller // Return the auth token to the caller
pCacheEntry->pToken = pAuthenticateResp->pToken; pCacheEntry = CreateSessionTokenCacheEntry(
pAuthContext->pContext,
retStatus,
pAuthenticateResp->pToken,
pAuthenticateResp->tokenLifetime);
pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer
cacheEntryLifetime = pAuthenticateResp->tokenLifetime;
// Free the Authenticate response object // Free the Authenticate response object
RelAuthenticateResp(pAuthenticateResp); RelAuthenticateResp(pAuthenticateResp);
@ -195,26 +197,20 @@ ObtainSessionToken(
// Add the entry to the cache if successful or if the reason that we failed // Add the entry to the cache if successful or if the reason that we failed
// was because the server was unavailable. // was because the server was unavailable.
if (CASA_SUCCESS(retStatus) if (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{ {
pCacheEntry->status = retStatus; pCacheEntry = CreateSessionTokenCacheEntry(
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime); pAuthContext->pContext,
retStatus,
NULL,
DEFAULT_RETRY_LIFETIME);
} }
// Release the cache entry if the resulting status is not successful // Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus)) if (!CASA_SUCCESS(retStatus))
{ {
// Release auth cache entry reference FreeAuthCacheEntry(pCacheEntry);
ReleaseAuthCacheEntry(pCacheEntry);
}
}
else
{
DbgTrace(0, "-ObtainSessionToken- Cache entry creation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
// Free up the buffer associated with the authentication mechanism token // Free up the buffer associated with the authentication mechanism token
@ -222,8 +218,8 @@ ObtainSessionToken(
} }
else else
{ {
// Release auth cache entry reference // Free the entry
ReleaseAuthCacheEntry(pCacheEntry); FreeAuthCacheEntry(pCacheEntry);
} }
// Advance to the next entry // Advance to the next entry
@ -234,11 +230,11 @@ ObtainSessionToken(
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
// Allocate a buffer for the return token // Allocate a buffer for the return token
*ppSessionToken = (char*) malloc(strlen(pCacheEntry->pToken) + 1); *ppSessionToken = (char*) malloc(strlen(pCacheEntry->token) + 1);
if (*ppSessionToken) if (*ppSessionToken)
{ {
// Copy the token onto the allocated buffer // Copy the token onto the allocated buffer
strcpy(*ppSessionToken, pCacheEntry->pToken); strcpy(*ppSessionToken, pCacheEntry->token);
} }
else else
{ {
@ -248,8 +244,7 @@ ObtainSessionToken(
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
// Release auth cache entry reference FreeAuthCacheEntry(pCacheEntry);
ReleaseAuthCacheEntry(pCacheEntry);
} }
DbgTrace(1, "-ObtainSessionToken- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-ObtainSessionToken- End, retStatus = %08X\n", retStatus);
@ -482,6 +477,7 @@ ObtainAuthToken(
CasaStatus retStatus = CASA_STATUS_SUCCESS; CasaStatus retStatus = CASA_STATUS_SUCCESS;
AuthCacheEntry *pCacheEntry; AuthCacheEntry *pCacheEntry;
char *pNormalizedHostName; char *pNormalizedHostName;
unsigned char *pToken;
DbgTrace(1, "-ObtainAuthToken- Start\n", 0); DbgTrace(1, "-ObtainAuthToken- Start\n", 0);
@ -498,6 +494,39 @@ ObtainAuthToken(
goto exit; goto exit;
} }
// Make sure we are initialized
// Obtain our synchronization mutex
WaitForSingleObject(g_hInitializationMutex, INFINITE);
// Create user synchronization mutex
retStatus = CreateUserMutex();
if (retStatus != CASA_STATUS_SUCCESS)
{
DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0);
goto exit;
}
if (g_bInitialized == FALSE)
{
retStatus = InitializeLibrary();
if (retStatus == CASA_STATUS_SUCCESS)
{
g_bInitialized = TRUE;
}
else
{
goto exit;
}
}
// Release our synchronization mutex
if (ReleaseMutex(g_hInitializationMutex) == 0)
{
DbgTrace(0, "-ObtainAuthToken- ReleaseMutex failed, error\n", 0);
}
// Normalize the host name // Normalize the host name
pNormalizedHostName = NormalizeHostName(pHostName); pNormalizedHostName = NormalizeHostName(pHostName);
if (pNormalizedHostName) if (pNormalizedHostName)
@ -509,16 +538,13 @@ ObtainAuthToken(
pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName); pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName);
if (pCacheEntry == NULL) if (pCacheEntry == NULL)
{ {
// No entry found in the cache, create one. // Initialize to retry in case of failure
pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, pNormalizedHostName); int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
if (pCacheEntry)
{
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
// Cache entry created, now try to obtain auth token from the CASA Server // Cache entry created, now try to obtain auth token from the CASA Server
retStatus = ObtainAuthTokenFromServer(pServiceName, retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName, pNormalizedHostName,
&pCacheEntry->pToken, &pToken,
&cacheEntryLifetime); &cacheEntryLifetime);
// Add the entry to the cache if successful or if the reason that we failed // Add the entry to the cache if successful or if the reason that we failed
@ -526,24 +552,23 @@ ObtainAuthToken(
if (CASA_SUCCESS(retStatus) if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE) || CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{ {
pCacheEntry->status = retStatus; pCacheEntry = CreateAuthTokenCacheEntry(
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime); pServiceName,
} pNormalizedHostName,
retStatus,
pToken,
cacheEntryLifetime);
if (pCacheEntry)
{
// Release the cache entry if the resulting status is not successful // Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus)) if (!CASA_SUCCESS(retStatus))
{ {
// Release auth cache entry reference FreeAuthCacheEntry(pCacheEntry);
ReleaseAuthCacheEntry(pCacheEntry);
} }
} }
else
{
DbgTrace(0, "-ObtainAuthToken- Cache entry creation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
} }
else else
{ {
@ -551,22 +576,22 @@ ObtainAuthToken(
// and release it if its status is not successful. // and release it if its status is not successful.
if (!CASA_SUCCESS(retStatus = pCacheEntry->status)) if (!CASA_SUCCESS(retStatus = pCacheEntry->status))
{ {
// Release auth cache entry reference FreeAuthCacheEntry(pCacheEntry);
ReleaseAuthCacheEntry(pCacheEntry);
} }
} }
// Try to return auth token if we have one to return // Try to return auth token if we have one to return
if (CASA_SUCCESS(retStatus)) if (CASA_SUCCESS(retStatus))
{ {
int tokenLen = (int) strlen(pCacheEntry->pToken) + 1; int tokenLen = (int) strlen(pCacheEntry->token) + 1;
// We have an authentication token, try to return it to the caller // We have an authentication token, try to return it to the caller
// after verifying that the supplied buffer is big enough. // after verifying that the supplied buffer is big enough.
if (*pAuthTokenBufLen >= tokenLen) if (*pAuthTokenBufLen >= tokenLen)
{ {
// Return the auth token to the caller // Return the auth token to the caller
strcpy(pAuthTokenBuf, pCacheEntry->pToken); strcpy(pAuthTokenBuf, pCacheEntry->token);
} }
else else
{ {
@ -579,8 +604,7 @@ ObtainAuthToken(
// Return the token length to the caller // Return the token length to the caller
*pAuthTokenBufLen = tokenLen; *pAuthTokenBufLen = tokenLen;
// Release auth cache entry reference FreeAuthCacheEntry(pCacheEntry);
ReleaseAuthCacheEntry(pCacheEntry);
} }
// Stop user process synchronization // Stop user process synchronization
@ -605,6 +629,41 @@ exit:
} }
//++=======================================================================
int
Initialize(void)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
int retStatus = -1;
DbgTrace(1, "-InitializeLibrary- Start\n", 0);
// Create a cache mutex only applicable to the current process
g_hInitializationMutex = CreateMutex(NULL,
FALSE,
NULL);
if (g_hInitializationMutex != NULL)
{
retStatus = CASA_STATUS_SUCCESS;
}
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++======================================================================= //++=======================================================================
int int
InitializeLibrary(void) InitializeLibrary(void)
@ -624,39 +683,21 @@ InitializeLibrary(void)
DbgTrace(1, "-InitializeLibrary- Start\n", 0); DbgTrace(1, "-InitializeLibrary- Start\n", 0);
// Create user synchronization mutex
if (CreateUserMutex() == 0)
{
// Initialize the auth cache
if (CASA_SUCCESS(InitializeAuthCache()))
{
// Initialize the host name normalization // Initialize the host name normalization
if (CASA_SUCCESS(InitializeHostNameNormalization())) retStatus = InitializeHostNameNormalization();
if (CASA_SUCCESS(retStatus))
{ {
// Success retStatus = InitializeAuthCache();
retStatus = 0;
}
else
{
DbgTrace(0, "-InitializeLibrary- Error initializing host name normalization\n", 0);
}
}
else
{
DbgTrace(0, "-InitializeLibrary- Error initializing the auth cache\n", 0);
}
}
else
{
DbgTrace(0, "-InitializeLibrary- Error creating mutex for the user\n", 0);
} }
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus); DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
return retStatus; return retStatus;
} }
//++======================================================================= //++=======================================================================
//++======================================================================= //++=======================================================================
//++======================================================================= //++=======================================================================

28
CASA-auth-token/client/internal.h
View File

@ -118,6 +118,10 @@ extern char pathCharString[];
// Functions exported by engine.c // Functions exported by engine.c
// //
extern
int
Initialize(void);
extern extern
int int
InitializeLibrary(void); InitializeLibrary(void);
@ -222,21 +226,25 @@ RelGetAuthTokenResp(
extern extern
AuthCacheEntry* AuthCacheEntry*
CreateSessionTokenCacheEntry( CreateSessionTokenCacheEntry(
IN const char *pCacheKey); IN const char *pCacheKey,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime
);
extern extern
AuthCacheEntry* AuthCacheEntry*
CreateAuthTokenCacheEntry( CreateAuthTokenCacheEntry(
IN const char *pCacheKey, IN const char *pCacheKey,
IN const char *pGroupOrHostName); IN const char *pHostName,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime
);
extern extern
void void
ReleaseAuthCacheEntry( FreeAuthCacheEntry(
IN AuthCacheEntry *pEntry);
extern void
IncAuthCacheEntryRefCount(
IN AuthCacheEntry *pEntry); IN AuthCacheEntry *pEntry);
extern extern
@ -250,12 +258,6 @@ FindAuthTokenEntryInCache(
IN const char *pCacheKey, IN const char *pCacheKey,
IN const char *pGroupOrHostName); IN const char *pGroupOrHostName);
extern
void
AddEntryToAuthCache(
IN AuthCacheEntry *pEntry,
IN int entryLifetime);
extern extern
CasaStatus CasaStatus
InitializeAuthCache(void); InitializeAuthCache(void);

1091
CASA-auth-token/client/windows/cache.c
View File

File diff suppressed because it is too large Load Diff

2
CASA-auth-token/client/windows/dllsup.c
View File

@ -58,7 +58,7 @@ BOOL APIENTRY DllMain(
g_hModule = hModule; g_hModule = hModule;
// Initialize the library // Initialize the library
if (InitializeLibrary() != 0) if (Initialize() != 0)
{ {
// Failed to initialize the library // Failed to initialize the library
OutputDebugString("CASAAUTH -DllMain- Library initialization failed\n"); OutputDebugString("CASAAUTH -DllMain- Library initialization failed\n");

2
CASA-auth-token/client/windows/platform.c
View File

@ -146,7 +146,7 @@ CreateUserMutex(void)
} }
else else
{ {
DbgTrace(0, "-CreateUserMutex- Un-expected GetUserName error, error = %d\n", GetLastError()); DbgTrace(0, "-CreateUserMutex- Unexpected GetUserName error, error = %d\n", GetLastError());
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL); CASA_STATUS_UNSUCCESSFUL);

12
CASA-auth-token/client/windows/platform.h
View File

@ -74,15 +74,15 @@ char printBuff[256]; \
// //
typedef struct _AuthCacheEntry typedef struct _AuthCacheEntry
{ {
LIST_ENTRY listEntry; // LIST_ENTRY listEntry;
int refCount; // int refCount;
int status;
DWORD creationTime; DWORD creationTime;
DWORD expirationTime; DWORD expirationTime;
BOOL doesNotExpire; BOOL doesNotExpire;
char *pHostName; // char *pHostName;
char *pCacheKeyName; // char *pCacheKeyName;
char *pToken; char token[1];
int status;
} AuthCacheEntry, *PAuthCacheEntry; } AuthCacheEntry, *PAuthCacheEntry;