Changed storage of tokens from registry to CASA wallet.
Broke out storage of Session tokens and Authentication tokens.
This commit is contained in:
parent
a9e70687e1
commit
fc7f88c01d
615
CASA-auth-token/client/cache.c
Normal file
615
CASA-auth-token/client/cache.c
Normal file
@ -0,0 +1,615 @@
|
||||
/***********************************************************************
|
||||
*
|
||||
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; version 2.1
|
||||
* of the License.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, Novell, Inc.
|
||||
*
|
||||
* To contact Novell about this file by physical or electronic mail,
|
||||
* you may find current contact information at www.novell.com.
|
||||
*
|
||||
* Author: Juan Carlos Luciani <jluciani@novell.com>
|
||||
*
|
||||
***********************************************************************/
|
||||
|
||||
|
||||
//===[ Include files ]=====================================================
|
||||
|
||||
#include "internal.h"
|
||||
#include <micasa.h>
|
||||
|
||||
//===[ Type definitions ]==================================================
|
||||
|
||||
//
|
||||
// Registry Key/Value defines used in the AuthCache
|
||||
//
|
||||
#define CASA_AUTH_CACHE_REG_KEY "CASA_Auth_Cache"
|
||||
#define CREATION_TIME_REG_VALUE "CreationTime"
|
||||
#define EXPIRATION_TIME_REG_VALUE "ExpirationTime"
|
||||
#define DOES_NOT_EXPIRE_REG_VALUE "DoesNotExpire"
|
||||
#define STATUS_REG_VALUE "Status"
|
||||
#define TOKEN_REG_VALUE "Token"
|
||||
|
||||
|
||||
//===[ Function prototypes ]===============================================
|
||||
|
||||
//===[ Global variables ]==================================================
|
||||
|
||||
// Non-host specific key name
|
||||
static
|
||||
char g_allHosts[] = "AllHosts";
|
||||
|
||||
static
|
||||
int g_cacheEntryCount = 0;
|
||||
|
||||
HANDLE g_hCASAContext;
|
||||
|
||||
//++=======================================================================
|
||||
AuthCacheEntry*
|
||||
CreateAuthTokenCacheEntry(
|
||||
IN const char *pCacheKey,
|
||||
IN const char *pGroupOrHostName,
|
||||
IN CasaStatus status,
|
||||
IN unsigned char *pToken,
|
||||
IN int entryLifetime // seconds (0 == Lives forever)
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
uint32_t tokenSize, entrySize, keySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
unsigned char *pKey;
|
||||
|
||||
|
||||
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
|
||||
|
||||
if (status == CASA_STATUS_SUCCESS)
|
||||
{
|
||||
tokenSize = (uint32_t)strlen(pToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
tokenSize = 0;
|
||||
}
|
||||
|
||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||
|
||||
// Allocate space for the entry
|
||||
// The AuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pEntry = (AuthCacheEntry*) malloc(entrySize);
|
||||
if (pEntry)
|
||||
{
|
||||
// Set the status
|
||||
pEntry->status = status;
|
||||
|
||||
if (pEntry->status == CASA_STATUS_SUCCESS)
|
||||
{
|
||||
memcpy(&pEntry->token[0], pToken, tokenSize);
|
||||
}
|
||||
|
||||
pEntry->token[tokenSize] = '\0';
|
||||
|
||||
// Set the time when the entry was added to the cache
|
||||
pEntry->creationTime = GetTickCount();
|
||||
|
||||
// First determine the time when the entry is due to expire
|
||||
if (entryLifetime != 0)
|
||||
{
|
||||
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
|
||||
pEntry->doesNotExpire = FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
// The entry does not expire
|
||||
pEntry->expirationTime = 0;
|
||||
pEntry->doesNotExpire = TRUE;
|
||||
}
|
||||
|
||||
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
|
||||
|
||||
pKey = malloc(keySize);
|
||||
|
||||
if (pKey)
|
||||
{
|
||||
strncpy(pKey, pCacheKey, keySize);
|
||||
strncat(pKey, "@", keySize);
|
||||
strncat(pKey, pGroupOrHostName, keySize);
|
||||
|
||||
retStatus = miCASAWriteBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
pKey,
|
||||
keySize,
|
||||
(uint8_t *)pEntry,
|
||||
&entrySize,
|
||||
NULL,
|
||||
NULL);
|
||||
|
||||
|
||||
free(pKey);
|
||||
}
|
||||
else
|
||||
{
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %08X\n", pEntry);
|
||||
|
||||
return pEntry;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
AuthCacheEntry*
|
||||
CreateSessionTokenCacheEntry(
|
||||
IN const char *pCacheKey,
|
||||
IN CasaStatus status,
|
||||
IN unsigned char *pToken,
|
||||
IN int entryLifetime // seconds (0 == Lives forever)
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
uint32_t tokenSize, entrySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
|
||||
|
||||
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
|
||||
|
||||
if (status == CASA_STATUS_SUCCESS)
|
||||
{
|
||||
tokenSize = (uint32_t)strlen(pToken);
|
||||
}
|
||||
else
|
||||
{
|
||||
tokenSize = 0;
|
||||
}
|
||||
|
||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||
|
||||
// Allocate space for the entry
|
||||
// The AuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pEntry = (AuthCacheEntry*) malloc(entrySize);
|
||||
if (pEntry)
|
||||
{
|
||||
// Set the status
|
||||
pEntry->status = status;
|
||||
|
||||
if (pEntry->status == CASA_STATUS_SUCCESS)
|
||||
{
|
||||
memcpy(&pEntry->token[0], pToken, tokenSize);
|
||||
}
|
||||
|
||||
pEntry->token[tokenSize] = '\0';
|
||||
|
||||
// Set the time when the entry was added to the cache
|
||||
pEntry->creationTime = GetTickCount();
|
||||
|
||||
// First determine the time when the entry is due to expire
|
||||
if (entryLifetime != 0)
|
||||
{
|
||||
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
|
||||
pEntry->doesNotExpire = FALSE;
|
||||
}
|
||||
else
|
||||
{
|
||||
// The entry does not expire
|
||||
pEntry->expirationTime = 0;
|
||||
pEntry->doesNotExpire = TRUE;
|
||||
}
|
||||
|
||||
retStatus = miCASAWriteBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
(char *)pCacheKey,
|
||||
(uint32_t)strlen(pCacheKey) + 1,
|
||||
(uint8_t *)pEntry,
|
||||
&entrySize,
|
||||
NULL,
|
||||
NULL);
|
||||
}
|
||||
else
|
||||
{
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %08X\n", pEntry);
|
||||
|
||||
return pEntry;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
void
|
||||
FreeAuthCacheEntry(
|
||||
IN AuthCacheEntry *pEntry
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %08X\n", pEntry);
|
||||
|
||||
// Free the entry
|
||||
free(pEntry);
|
||||
|
||||
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
static
|
||||
BOOL
|
||||
CacheEntryLifetimeExpired(
|
||||
IN DWORD creationTime,
|
||||
IN DWORD expirationTime
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
DWORD currentTime = GetTickCount();
|
||||
BOOL expired = FALSE;
|
||||
|
||||
DbgTrace(2, "-CacheEntryLifetimeExpired- Start\n", 0);
|
||||
|
||||
// Check if the clock has wrapped
|
||||
if (currentTime >= creationTime)
|
||||
{
|
||||
// The clock has not wrapped, check if the
|
||||
// expiration time has wrapped.
|
||||
if (expirationTime > creationTime)
|
||||
{
|
||||
// The expiration time also has not wrapped,
|
||||
// do a straight compare against the current
|
||||
// time.
|
||||
if (currentTime >= expirationTime)
|
||||
{
|
||||
// It has expired
|
||||
expired = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// The clock has wrapped, check if the expiration
|
||||
// time also wrapped.
|
||||
if (expirationTime > creationTime)
|
||||
{
|
||||
// The expiration time did not wrap, therefore
|
||||
// it has been exceeded since the clock wrapped.
|
||||
expired = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
// The expiration time also wrapped, do a straight
|
||||
// compare against the current time.
|
||||
if (currentTime >= expirationTime)
|
||||
{
|
||||
// It has expired
|
||||
expired = TRUE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
DbgTrace(2, "-CacheEntryLifetimeExpired- End, result = %08X\n", expired);
|
||||
|
||||
return expired;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
AuthCacheEntry*
|
||||
FindSessionTokenEntryInCache(
|
||||
IN const char *pCacheKey
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
uint32_t valueLength, bytesRequired;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
|
||||
|
||||
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
|
||||
|
||||
valueLength = 0;
|
||||
bytesRequired = 0;
|
||||
|
||||
retStatus = miCASAReadBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
(char *)pCacheKey,
|
||||
(uint32_t)strlen(pCacheKey) + 1,
|
||||
NULL,
|
||||
&valueLength,
|
||||
NULL,
|
||||
&bytesRequired,
|
||||
NULL);
|
||||
|
||||
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
|
||||
&& bytesRequired != 0)
|
||||
{
|
||||
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
|
||||
|
||||
if (pEntry)
|
||||
{
|
||||
valueLength = bytesRequired;
|
||||
bytesRequired = 0;
|
||||
|
||||
retStatus = miCASAReadBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
(char *)pCacheKey,
|
||||
(uint32_t)strlen(pCacheKey) + 1,
|
||||
(uint8_t *)pEntry,
|
||||
&valueLength,
|
||||
NULL,
|
||||
&bytesRequired,
|
||||
NULL);
|
||||
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
if (pEntry->doesNotExpire == FALSE
|
||||
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
|
||||
{
|
||||
// Remove the entry ???
|
||||
//miCASARemoveBinaryKey();
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
}
|
||||
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
{
|
||||
FreeAuthCacheEntry(pEntry);
|
||||
pEntry = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %08X\n", pEntry);
|
||||
|
||||
return pEntry;
|
||||
}
|
||||
|
||||
//++=======================================================================
|
||||
AuthCacheEntry*
|
||||
FindAuthTokenEntryInCache(
|
||||
IN const char *pCacheKey,
|
||||
IN const char *pGroupOrHostName
|
||||
)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
uint32_t valueLength, bytesRequired, keySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
unsigned char *pKey;
|
||||
|
||||
|
||||
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
|
||||
|
||||
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
|
||||
|
||||
pKey = malloc(keySize);
|
||||
|
||||
if (pKey)
|
||||
{
|
||||
strncpy(pKey, pCacheKey, keySize);
|
||||
strncat(pKey, "@", keySize);
|
||||
strncat(pKey, pGroupOrHostName, keySize);
|
||||
|
||||
valueLength = 0;
|
||||
bytesRequired = 0;
|
||||
|
||||
retStatus = miCASAReadBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
pKey,
|
||||
keySize,
|
||||
NULL,
|
||||
&valueLength,
|
||||
NULL,
|
||||
&bytesRequired,
|
||||
NULL);
|
||||
|
||||
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
|
||||
&& bytesRequired != 0)
|
||||
{
|
||||
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
|
||||
|
||||
if (pEntry)
|
||||
{
|
||||
valueLength = bytesRequired;
|
||||
bytesRequired = 0;
|
||||
|
||||
retStatus = miCASAReadBinaryKey(
|
||||
g_hCASAContext,
|
||||
0,
|
||||
&sessionKeyChain,
|
||||
&sharedId,
|
||||
pKey,
|
||||
keySize,
|
||||
(uint8_t *)pEntry,
|
||||
&valueLength,
|
||||
NULL,
|
||||
&bytesRequired,
|
||||
NULL);
|
||||
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
if (pEntry->doesNotExpire == FALSE
|
||||
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
|
||||
{
|
||||
// Remove the entry ???
|
||||
//miCASARemoveBinaryKey();
|
||||
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
}
|
||||
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
{
|
||||
FreeAuthCacheEntry(pEntry);
|
||||
pEntry = NULL;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
free(pKey);
|
||||
}
|
||||
|
||||
DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %08X\n", pEntry);
|
||||
|
||||
return pEntry;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
CasaStatus
|
||||
InitializeAuthCache()
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
CasaStatus retStatus;
|
||||
SSCS_SECRETSTORE_T ssId;
|
||||
|
||||
DbgTrace(1, "-InitializeAuthCache- Start\n", 0);
|
||||
|
||||
ssId.version = NSSCS_VERSION_NUMBER;
|
||||
strcpy((char *)ssId.ssName, (char *)SSCS_DEFAULT_SECRETSTORE_ID);
|
||||
|
||||
g_hCASAContext = miCASAOpenSecretStoreCache(
|
||||
&ssId,
|
||||
0,
|
||||
NULL);
|
||||
|
||||
if (!g_hCASAContext)
|
||||
{
|
||||
retStatus = CasaStatusBuild(
|
||||
CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
}
|
||||
else
|
||||
{
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
DbgTrace(1, "-InitializeAuthCache- End, retStatus = %08X\n", retStatus);
|
||||
|
||||
return retStatus;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
//++=======================================================================
|
||||
//++=======================================================================
|
||||
|
@ -21,7 +21,7 @@
|
||||
Name="VCCLCompilerTool"
|
||||
AdditionalOptions="/D "XML_STATIC""
|
||||
Optimization="0"
|
||||
AdditionalIncludeDirectories=".;windows;..\include;..\..\include;..\..\..\Expat-2.0.0\source\lib"
|
||||
AdditionalIncludeDirectories=".;.\windows;..\include;..\..\CASA\include;"..\..\Expat-2.0.0\source\lib""
|
||||
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
|
||||
MinimalRebuild="TRUE"
|
||||
BasicRuntimeChecks="3"
|
||||
@ -36,10 +36,10 @@
|
||||
Name="VCLinkerTool"
|
||||
IgnoreImportLibrary="FALSE"
|
||||
AdditionalOptions="/EXPORT:ObtainAuthToken"
|
||||
AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib"
|
||||
AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib micasa.lib"
|
||||
OutputFile="$(OutDir)/authtoken.dll"
|
||||
LinkIncremental="1"
|
||||
AdditionalLibraryDirectories=""..\..\..\Expat-2.0.0\StaticLibs""
|
||||
AdditionalLibraryDirectories=""\Program Files\Novell\CASA\lib";"..\..\Expat-2.0.0\StaticLibs""
|
||||
GenerateDebugInformation="TRUE"
|
||||
ProgramDatabaseFile="$(OutDir)/client.pdb"
|
||||
SubSystem="0"
|
||||
@ -151,7 +151,19 @@ copy $(SolutionDir)client\windows\authtoken.lib \"Program Files"\novel
|
||||
RelativePath=".\win32\authtoken.def">
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\windows\cache.c">
|
||||
RelativePath=".\cache.c">
|
||||
<FileConfiguration
|
||||
Name="Debug|Win32">
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
|
||||
</FileConfiguration>
|
||||
<FileConfiguration
|
||||
Name="Release|Win32">
|
||||
<Tool
|
||||
Name="VCCLCompilerTool"
|
||||
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
|
||||
</FileConfiguration>
|
||||
</File>
|
||||
<File
|
||||
RelativePath=".\config.c">
|
||||
|
@ -38,14 +38,17 @@
|
||||
//
|
||||
// Debug tracing level
|
||||
//
|
||||
int DebugLevel = 0;
|
||||
int DebugLevel = -1;
|
||||
|
||||
//
|
||||
// Operating parameter
|
||||
//
|
||||
bool secureRpcSetting = false;
|
||||
int retryLifetime = DEFAULT_RETRY_LIFETIME;
|
||||
|
||||
// Synchronization mutex for the dll initialization
|
||||
static
|
||||
HANDLE g_hInitializationMutex;
|
||||
bool g_bInitialized = FALSE;
|
||||
|
||||
//++=======================================================================
|
||||
static
|
||||
@ -100,8 +103,8 @@ ObtainSessionToken(
|
||||
}
|
||||
else
|
||||
{
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
// Free the entry
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
}
|
||||
|
||||
@ -125,6 +128,10 @@ ObtainSessionToken(
|
||||
pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext);
|
||||
if (pCacheEntry == NULL)
|
||||
{
|
||||
char *pReqMsg = NULL;
|
||||
char *pRespMsg = NULL;
|
||||
int respLen;
|
||||
|
||||
// Get authentication mechanism token
|
||||
retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken);
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
@ -137,15 +144,6 @@ ObtainSessionToken(
|
||||
continue;
|
||||
}
|
||||
|
||||
// Create a cache entry for the auth context
|
||||
pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext);
|
||||
if (pCacheEntry)
|
||||
{
|
||||
char *pReqMsg = NULL;
|
||||
char *pRespMsg = NULL;
|
||||
int respLen;
|
||||
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
|
||||
|
||||
// Authenticate to the ATS
|
||||
pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken);
|
||||
if (pReqMsg)
|
||||
@ -166,9 +164,13 @@ ObtainSessionToken(
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Return the auth token to the caller
|
||||
pCacheEntry->pToken = pAuthenticateResp->pToken;
|
||||
pCacheEntry = CreateSessionTokenCacheEntry(
|
||||
pAuthContext->pContext,
|
||||
retStatus,
|
||||
pAuthenticateResp->pToken,
|
||||
pAuthenticateResp->tokenLifetime);
|
||||
|
||||
pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer
|
||||
cacheEntryLifetime = pAuthenticateResp->tokenLifetime;
|
||||
|
||||
// Free the Authenticate response object
|
||||
RelAuthenticateResp(pAuthenticateResp);
|
||||
@ -195,26 +197,20 @@ ObtainSessionToken(
|
||||
|
||||
// Add the entry to the cache if successful or if the reason that we failed
|
||||
// was because the server was unavailable.
|
||||
if (CASA_SUCCESS(retStatus)
|
||||
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
|
||||
if (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
|
||||
{
|
||||
pCacheEntry->status = retStatus;
|
||||
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime);
|
||||
pCacheEntry = CreateSessionTokenCacheEntry(
|
||||
pAuthContext->pContext,
|
||||
retStatus,
|
||||
NULL,
|
||||
DEFAULT_RETRY_LIFETIME);
|
||||
|
||||
}
|
||||
|
||||
// Release the cache entry if the resulting status is not successful
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-ObtainSessionToken- Cache entry creation failure\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
|
||||
// Free up the buffer associated with the authentication mechanism token
|
||||
@ -222,8 +218,8 @@ ObtainSessionToken(
|
||||
}
|
||||
else
|
||||
{
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
// Free the entry
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
|
||||
// Advance to the next entry
|
||||
@ -234,11 +230,11 @@ ObtainSessionToken(
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Allocate a buffer for the return token
|
||||
*ppSessionToken = (char*) malloc(strlen(pCacheEntry->pToken) + 1);
|
||||
*ppSessionToken = (char*) malloc(strlen(pCacheEntry->token) + 1);
|
||||
if (*ppSessionToken)
|
||||
{
|
||||
// Copy the token onto the allocated buffer
|
||||
strcpy(*ppSessionToken, pCacheEntry->pToken);
|
||||
strcpy(*ppSessionToken, pCacheEntry->token);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -248,8 +244,7 @@ ObtainSessionToken(
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
|
||||
DbgTrace(1, "-ObtainSessionToken- End, retStatus = %08X\n", retStatus);
|
||||
@ -482,6 +477,7 @@ ObtainAuthToken(
|
||||
CasaStatus retStatus = CASA_STATUS_SUCCESS;
|
||||
AuthCacheEntry *pCacheEntry;
|
||||
char *pNormalizedHostName;
|
||||
unsigned char *pToken;
|
||||
|
||||
DbgTrace(1, "-ObtainAuthToken- Start\n", 0);
|
||||
|
||||
@ -498,6 +494,39 @@ ObtainAuthToken(
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// Make sure we are initialized
|
||||
// Obtain our synchronization mutex
|
||||
WaitForSingleObject(g_hInitializationMutex, INFINITE);
|
||||
|
||||
// Create user synchronization mutex
|
||||
retStatus = CreateUserMutex();
|
||||
|
||||
if (retStatus != CASA_STATUS_SUCCESS)
|
||||
{
|
||||
DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0);
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if (g_bInitialized == FALSE)
|
||||
{
|
||||
retStatus = InitializeLibrary();
|
||||
|
||||
if (retStatus == CASA_STATUS_SUCCESS)
|
||||
{
|
||||
g_bInitialized = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
|
||||
// Release our synchronization mutex
|
||||
if (ReleaseMutex(g_hInitializationMutex) == 0)
|
||||
{
|
||||
DbgTrace(0, "-ObtainAuthToken- ReleaseMutex failed, error\n", 0);
|
||||
}
|
||||
|
||||
// Normalize the host name
|
||||
pNormalizedHostName = NormalizeHostName(pHostName);
|
||||
if (pNormalizedHostName)
|
||||
@ -509,16 +538,13 @@ ObtainAuthToken(
|
||||
pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName);
|
||||
if (pCacheEntry == NULL)
|
||||
{
|
||||
// No entry found in the cache, create one.
|
||||
pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, pNormalizedHostName);
|
||||
if (pCacheEntry)
|
||||
{
|
||||
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
|
||||
// Initialize to retry in case of failure
|
||||
int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
|
||||
|
||||
// Cache entry created, now try to obtain auth token from the CASA Server
|
||||
retStatus = ObtainAuthTokenFromServer(pServiceName,
|
||||
pNormalizedHostName,
|
||||
&pCacheEntry->pToken,
|
||||
&pToken,
|
||||
&cacheEntryLifetime);
|
||||
|
||||
// Add the entry to the cache if successful or if the reason that we failed
|
||||
@ -526,24 +552,23 @@ ObtainAuthToken(
|
||||
if (CASA_SUCCESS(retStatus)
|
||||
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
|
||||
{
|
||||
pCacheEntry->status = retStatus;
|
||||
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime);
|
||||
}
|
||||
pCacheEntry = CreateAuthTokenCacheEntry(
|
||||
pServiceName,
|
||||
pNormalizedHostName,
|
||||
retStatus,
|
||||
pToken,
|
||||
cacheEntryLifetime);
|
||||
|
||||
if (pCacheEntry)
|
||||
{
|
||||
// Release the cache entry if the resulting status is not successful
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-ObtainAuthToken- Cache entry creation failure\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -551,22 +576,22 @@ ObtainAuthToken(
|
||||
// and release it if its status is not successful.
|
||||
if (!CASA_SUCCESS(retStatus = pCacheEntry->status))
|
||||
{
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
// Try to return auth token if we have one to return
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
int tokenLen = (int) strlen(pCacheEntry->pToken) + 1;
|
||||
int tokenLen = (int) strlen(pCacheEntry->token) + 1;
|
||||
|
||||
// We have an authentication token, try to return it to the caller
|
||||
// after verifying that the supplied buffer is big enough.
|
||||
if (*pAuthTokenBufLen >= tokenLen)
|
||||
{
|
||||
// Return the auth token to the caller
|
||||
strcpy(pAuthTokenBuf, pCacheEntry->pToken);
|
||||
strcpy(pAuthTokenBuf, pCacheEntry->token);
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -579,8 +604,7 @@ ObtainAuthToken(
|
||||
// Return the token length to the caller
|
||||
*pAuthTokenBufLen = tokenLen;
|
||||
|
||||
// Release auth cache entry reference
|
||||
ReleaseAuthCacheEntry(pCacheEntry);
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
|
||||
// Stop user process synchronization
|
||||
@ -605,6 +629,41 @@ exit:
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
int
|
||||
Initialize(void)
|
||||
//
|
||||
// Arguments:
|
||||
//
|
||||
// Returns:
|
||||
//
|
||||
// Abstract:
|
||||
//
|
||||
// Notes:
|
||||
//
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int retStatus = -1;
|
||||
|
||||
DbgTrace(1, "-InitializeLibrary- Start\n", 0);
|
||||
|
||||
// Create a cache mutex only applicable to the current process
|
||||
g_hInitializationMutex = CreateMutex(NULL,
|
||||
FALSE,
|
||||
NULL);
|
||||
|
||||
if (g_hInitializationMutex != NULL)
|
||||
{
|
||||
retStatus = CASA_STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
|
||||
|
||||
return retStatus;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
int
|
||||
InitializeLibrary(void)
|
||||
@ -624,39 +683,21 @@ InitializeLibrary(void)
|
||||
|
||||
DbgTrace(1, "-InitializeLibrary- Start\n", 0);
|
||||
|
||||
// Create user synchronization mutex
|
||||
if (CreateUserMutex() == 0)
|
||||
{
|
||||
// Initialize the auth cache
|
||||
if (CASA_SUCCESS(InitializeAuthCache()))
|
||||
{
|
||||
// Initialize the host name normalization
|
||||
if (CASA_SUCCESS(InitializeHostNameNormalization()))
|
||||
retStatus = InitializeHostNameNormalization();
|
||||
|
||||
|
||||
if (CASA_SUCCESS(retStatus))
|
||||
{
|
||||
// Success
|
||||
retStatus = 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-InitializeLibrary- Error initializing host name normalization\n", 0);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-InitializeLibrary- Error initializing the auth cache\n", 0);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-InitializeLibrary- Error creating mutex for the user\n", 0);
|
||||
retStatus = InitializeAuthCache();
|
||||
}
|
||||
|
||||
|
||||
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
|
||||
|
||||
return retStatus;
|
||||
}
|
||||
|
||||
|
||||
//++=======================================================================
|
||||
//++=======================================================================
|
||||
//++=======================================================================
|
||||
|
@ -118,6 +118,10 @@ extern char pathCharString[];
|
||||
// Functions exported by engine.c
|
||||
//
|
||||
|
||||
extern
|
||||
int
|
||||
Initialize(void);
|
||||
|
||||
extern
|
||||
int
|
||||
InitializeLibrary(void);
|
||||
@ -222,21 +226,25 @@ RelGetAuthTokenResp(
|
||||
extern
|
||||
AuthCacheEntry*
|
||||
CreateSessionTokenCacheEntry(
|
||||
IN const char *pCacheKey);
|
||||
IN const char *pCacheKey,
|
||||
IN CasaStatus status,
|
||||
IN unsigned char *pToken,
|
||||
IN int entryLifetime
|
||||
);
|
||||
|
||||
extern
|
||||
AuthCacheEntry*
|
||||
CreateAuthTokenCacheEntry(
|
||||
IN const char *pCacheKey,
|
||||
IN const char *pGroupOrHostName);
|
||||
IN const char *pHostName,
|
||||
IN CasaStatus status,
|
||||
IN unsigned char *pToken,
|
||||
IN int entryLifetime
|
||||
);
|
||||
|
||||
extern
|
||||
void
|
||||
ReleaseAuthCacheEntry(
|
||||
IN AuthCacheEntry *pEntry);
|
||||
|
||||
extern void
|
||||
IncAuthCacheEntryRefCount(
|
||||
FreeAuthCacheEntry(
|
||||
IN AuthCacheEntry *pEntry);
|
||||
|
||||
extern
|
||||
@ -250,12 +258,6 @@ FindAuthTokenEntryInCache(
|
||||
IN const char *pCacheKey,
|
||||
IN const char *pGroupOrHostName);
|
||||
|
||||
extern
|
||||
void
|
||||
AddEntryToAuthCache(
|
||||
IN AuthCacheEntry *pEntry,
|
||||
IN int entryLifetime);
|
||||
|
||||
extern
|
||||
CasaStatus
|
||||
InitializeAuthCache(void);
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -58,7 +58,7 @@ BOOL APIENTRY DllMain(
|
||||
g_hModule = hModule;
|
||||
|
||||
// Initialize the library
|
||||
if (InitializeLibrary() != 0)
|
||||
if (Initialize() != 0)
|
||||
{
|
||||
// Failed to initialize the library
|
||||
OutputDebugString("CASAAUTH -DllMain- Library initialization failed\n");
|
||||
|
@ -146,7 +146,7 @@ CreateUserMutex(void)
|
||||
}
|
||||
else
|
||||
{
|
||||
DbgTrace(0, "-CreateUserMutex- Un-expected GetUserName error, error = %d\n", GetLastError());
|
||||
DbgTrace(0, "-CreateUserMutex- Unexpected GetUserName error, error = %d\n", GetLastError());
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_UNSUCCESSFUL);
|
||||
|
@ -74,15 +74,15 @@ char printBuff[256]; \
|
||||
//
|
||||
typedef struct _AuthCacheEntry
|
||||
{
|
||||
LIST_ENTRY listEntry;
|
||||
int refCount;
|
||||
// LIST_ENTRY listEntry;
|
||||
// int refCount;
|
||||
int status;
|
||||
DWORD creationTime;
|
||||
DWORD expirationTime;
|
||||
BOOL doesNotExpire;
|
||||
char *pHostName;
|
||||
char *pCacheKeyName;
|
||||
char *pToken;
|
||||
int status;
|
||||
// char *pHostName;
|
||||
// char *pCacheKeyName;
|
||||
char token[1];
|
||||
|
||||
} AuthCacheEntry, *PAuthCacheEntry;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user