geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Changed storage of tokens from registry to CASA wallet.

Browse Source 
Broke out storage of Session tokens and Authentication tokens.
This commit is contained in:
Todd Throne 2006-06-20 20:33:11 +00:00
parent a9e70687e1
commit fc7f88c01d
8 changed files with 840 additions and 1261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

615
CASA-auth-token/client/cache.c Normal file
View File

@ -0,0 +1,615 @@
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
* Author: Juan Carlos Luciani <jluciani@novell.com>
*
***********************************************************************/
//===[ Include files ]=====================================================
#include "internal.h"
#include <micasa.h>
//===[ Type definitions ]==================================================
//
// Registry Key/Value defines used in the AuthCache
//
#define CASA_AUTH_CACHE_REG_KEY "CASA_Auth_Cache"
#define CREATION_TIME_REG_VALUE "CreationTime"
#define EXPIRATION_TIME_REG_VALUE "ExpirationTime"
#define DOES_NOT_EXPIRE_REG_VALUE "DoesNotExpire"
#define STATUS_REG_VALUE "Status"
#define TOKEN_REG_VALUE "Token"
//===[ Function prototypes ]===============================================
//===[ Global variables ]==================================================
// Non-host specific key name
static
char g_allHosts[] = "AllHosts";
static
int g_cacheEntryCount = 0;
HANDLE g_hCASAContext;
//++=======================================================================
AuthCacheEntry*
CreateAuthTokenCacheEntry(
IN const char *pCacheKey,
IN const char *pGroupOrHostName,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime // seconds (0 == Lives forever)
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
uint32_t tokenSize, entrySize, keySize;
AuthCacheEntry *pEntry = NULL;
unsigned char *pKey;
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t)strlen(pToken);
}
else
{
tokenSize = 0;
}
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry
// The AuthCacheEntry structure contains room for the tokens NULL terminator
pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry)
{
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = FALSE;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = TRUE;
}
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
retStatus = miCASAWriteBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
(uint8_t *)pEntry,
&entrySize,
NULL,
NULL);
free(pKey);
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
CreateSessionTokenCacheEntry(
IN const char *pCacheKey,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime // seconds (0 == Lives forever)
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
uint32_t tokenSize, entrySize;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t)strlen(pToken);
}
else
{
tokenSize = 0;
}
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry
// The AuthCacheEntry structure contains room for the tokens NULL terminator
pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry)
{
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = FALSE;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = TRUE;
}
retStatus = miCASAWriteBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
(uint8_t *)pEntry,
&entrySize,
NULL,
NULL);
}
else
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
void
FreeAuthCacheEntry(
IN AuthCacheEntry *pEntry
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %08X\n", pEntry);
// Free the entry
free(pEntry);
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
}
//++=======================================================================
static
BOOL
CacheEntryLifetimeExpired(
IN DWORD creationTime,
IN DWORD expirationTime
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DWORD currentTime = GetTickCount();
BOOL expired = FALSE;
DbgTrace(2, "-CacheEntryLifetimeExpired- Start\n", 0);
// Check if the clock has wrapped
if (currentTime >= creationTime)
{
// The clock has not wrapped, check if the
// expiration time has wrapped.
if (expirationTime > creationTime)
{
// The expiration time also has not wrapped,
// do a straight compare against the current
// time.
if (currentTime >= expirationTime)
{
// It has expired
expired = TRUE;
}
}
}
else
{
// The clock has wrapped, check if the expiration
// time also wrapped.
if (expirationTime > creationTime)
{
// The expiration time did not wrap, therefore
// it has been exceeded since the clock wrapped.
expired = TRUE;
}
else
{
// The expiration time also wrapped, do a straight
// compare against the current time.
if (currentTime >= expirationTime)
{
// It has expired
expired = TRUE;
}
}
}
DbgTrace(2, "-CacheEntryLifetimeExpired- End, result = %08X\n", expired);
return expired;
}
//++=======================================================================
AuthCacheEntry*
FindSessionTokenEntryInCache(
IN const char *pCacheKey
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
uint32_t valueLength, bytesRequired;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
valueLength = 0;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
NULL,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry)
{
valueLength = bytesRequired;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(char *)pCacheKey,
(uint32_t)strlen(pCacheKey) + 1,
(uint8_t *)pEntry,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (CASA_SUCCESS(retStatus))
{
if (pEntry->doesNotExpire == FALSE
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry ???
//miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
FindAuthTokenEntryInCache(
IN const char *pCacheKey,
IN const char *pGroupOrHostName
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
uint32_t valueLength, bytesRequired, keySize;
AuthCacheEntry *pEntry = NULL;
unsigned char *pKey;
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
valueLength = 0;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
NULL,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry)
{
valueLength = bytesRequired;
bytesRequired = 0;
retStatus = miCASAReadBinaryKey(
g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
pKey,
keySize,
(uint8_t *)pEntry,
&valueLength,
NULL,
&bytesRequired,
NULL);
if (CASA_SUCCESS(retStatus))
{
if (pEntry->doesNotExpire == FALSE
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry ???
//miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
free(pKey);
}
DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %08X\n", pEntry);
return pEntry;
}
//++=======================================================================
CasaStatus
InitializeAuthCache()
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_SECRETSTORE_T ssId;
DbgTrace(1, "-InitializeAuthCache- Start\n", 0);
ssId.version = NSSCS_VERSION_NUMBER;
strcpy((char *)ssId.ssName, (char *)SSCS_DEFAULT_SECRETSTORE_ID);
g_hCASAContext = miCASAOpenSecretStoreCache(
&ssId,
0,
NULL);
if (!g_hCASAContext)
{
retStatus = CasaStatusBuild(
CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
else
{
retStatus = CASA_STATUS_SUCCESS;
}
DbgTrace(1, "-InitializeAuthCache- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
//++=======================================================================
//++=======================================================================

20
CASA-auth-token/client/client.vcproj
View File

@ -21,7 +21,7 @@
Name="VCCLCompilerTool"
AdditionalOptions="/D &quot;XML_STATIC&quot;"
Optimization="0"
AdditionalIncludeDirectories=".;windows;..\include;..\..\include;..\..\..\Expat-2.0.0\source\lib"
AdditionalIncludeDirectories=".;.\windows;..\include;..\..\CASA\include;&quot;..\..\Expat-2.0.0\source\lib&quot;"
PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
MinimalRebuild="TRUE"
BasicRuntimeChecks="3"
@ -36,10 +36,10 @@
Name="VCLinkerTool"
IgnoreImportLibrary="FALSE"
AdditionalOptions="/EXPORT:ObtainAuthToken"
AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib"
AdditionalDependencies="ws2_32.lib winhttp.lib libexpatml.lib micasa.lib"
OutputFile="$(OutDir)/authtoken.dll"
LinkIncremental="1"
AdditionalLibraryDirectories="&quot;..\..\..\Expat-2.0.0\StaticLibs&quot;"
AdditionalLibraryDirectories="&quot;\Program Files\Novell\CASA\lib&quot;;&quot;..\..\Expat-2.0.0\StaticLibs&quot;"
GenerateDebugInformation="TRUE"
ProgramDatabaseFile="$(OutDir)/client.pdb"
SubSystem="0"
@ -151,7 +151,19 @@ copy $(SolutionDir)client\windows\authtoken.lib \&quot;Program Files&quot;\novel
RelativePath=".\win32\authtoken.def">
</File>
<File
RelativePath=".\windows\cache.c">
RelativePath=".\cache.c">
<FileConfiguration
Name="Debug|Win32">
<Tool
Name="VCCLCompilerTool"
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
</FileConfiguration>
<FileConfiguration
Name="Release|Win32">
<Tool
Name="VCCLCompilerTool"
ObjectFile="$(IntDir)/$(InputName)1.obj"/>
</FileConfiguration>
</File>
<File
RelativePath=".\config.c">

331
CASA-auth-token/client/engine.c
View File

@ -38,14 +38,17 @@
//
// Debug tracing level
//
int DebugLevel = 0;
int DebugLevel = -1;
//
// Operating parameter
//
bool secureRpcSetting = false;
int retryLifetime = DEFAULT_RETRY_LIFETIME;
// Synchronization mutex for the dll initialization
static
HANDLE g_hInitializationMutex;
bool g_bInitialized = FALSE;
//++=======================================================================
static
@ -100,8 +103,8 @@ ObtainSessionToken(
}
else
{
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
// Free the entry
FreeAuthCacheEntry(pCacheEntry);
}
}
@ -125,6 +128,10 @@ ObtainSessionToken(
pCacheEntry = FindSessionTokenEntryInCache(pAuthContext->pContext);
if (pCacheEntry == NULL)
{
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
// Get authentication mechanism token
retStatus = GetAuthMechToken(pAuthContext, &pAuthMechToken);
if (!CASA_SUCCESS(retStatus))
@ -137,93 +144,82 @@ ObtainSessionToken(
continue;
}
// Create a cache entry for the auth context
pCacheEntry = CreateSessionTokenCacheEntry(pAuthContext->pContext);
if (pCacheEntry)
{
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
// Authenticate to the ATS
pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken);
if (pReqMsg)
{
// Issue rpc
retStatus = Rpc(pRpcSession,
"Authenticate",
secureRpcSetting,
pReqMsg,
&pRespMsg,
&respLen);
if (CASA_SUCCESS(retStatus))
{
AuthenticateResp *pAuthenticateResp;
// Authenticate to the ATS
pReqMsg = BuildAuthenticateMsg(pAuthContext, pAuthMechToken);
if (pReqMsg)
{
// Issue rpc
retStatus = Rpc(pRpcSession,
"Authenticate",
secureRpcSetting,
pReqMsg,
&pRespMsg,
&respLen);
if (CASA_SUCCESS(retStatus))
{
AuthenticateResp *pAuthenticateResp;
// Create Authenticate response object
retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp);
if (CASA_SUCCESS(retStatus))
{
// Return the auth token to the caller
pCacheEntry = CreateSessionTokenCacheEntry(
pAuthContext->pContext,
retStatus,
pAuthenticateResp->pToken,
pAuthenticateResp->tokenLifetime);
// Create Authenticate response object
retStatus = CreateAuthenticateResp(pRespMsg, respLen, &pAuthenticateResp);
if (CASA_SUCCESS(retStatus))
{
// Return the auth token to the caller
pCacheEntry->pToken = pAuthenticateResp->pToken;
pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer
cacheEntryLifetime = pAuthenticateResp->tokenLifetime;
pAuthenticateResp->pToken = NULL; // To keep us from freeing the buffer
// Free the Authenticate response object
RelAuthenticateResp(pAuthenticateResp);
}
}
else
{
DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus);
}
// Free the Authenticate response object
RelAuthenticateResp(pAuthenticateResp);
}
}
else
{
DbgTrace(0, "-ObtainSessionToken- Authenticate Rpc failure, error = %08X\n", retStatus);
}
// Free resources that may be hanging around
if (pRespMsg)
free(pRespMsg);
// Free resources that may be hanging around
if (pRespMsg)
free(pRespMsg);
free(pReqMsg);
}
else
{
DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
free(pReqMsg);
}
else
{
DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was unavailable.
if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry->status = retStatus;
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime);
}
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was unavailable.
if (CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry = CreateSessionTokenCacheEntry(
pAuthContext->pContext,
retStatus,
NULL,
DEFAULT_RETRY_LIFETIME);
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
}
}
else
{
DbgTrace(0, "-ObtainSessionToken- Cache entry creation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pCacheEntry);
}
// Free up the buffer associated with the authentication mechanism token
free(pAuthMechToken);
}
else
{
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
// Free the entry
FreeAuthCacheEntry(pCacheEntry);
}
// Advance to the next entry
@ -234,11 +230,11 @@ ObtainSessionToken(
if (CASA_SUCCESS(retStatus))
{
// Allocate a buffer for the return token
*ppSessionToken = (char*) malloc(strlen(pCacheEntry->pToken) + 1);
*ppSessionToken = (char*) malloc(strlen(pCacheEntry->token) + 1);
if (*ppSessionToken)
{
// Copy the token onto the allocated buffer
strcpy(*ppSessionToken, pCacheEntry->pToken);
strcpy(*ppSessionToken, pCacheEntry->token);
}
else
{
@ -248,8 +244,7 @@ ObtainSessionToken(
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
FreeAuthCacheEntry(pCacheEntry);
}
DbgTrace(1, "-ObtainSessionToken- End, retStatus = %08X\n", retStatus);
@ -482,6 +477,7 @@ ObtainAuthToken(
CasaStatus retStatus = CASA_STATUS_SUCCESS;
AuthCacheEntry *pCacheEntry;
char *pNormalizedHostName;
unsigned char *pToken;
DbgTrace(1, "-ObtainAuthToken- Start\n", 0);
@ -498,6 +494,39 @@ ObtainAuthToken(
goto exit;
}
// Make sure we are initialized
// Obtain our synchronization mutex
WaitForSingleObject(g_hInitializationMutex, INFINITE);
// Create user synchronization mutex
retStatus = CreateUserMutex();
if (retStatus != CASA_STATUS_SUCCESS)
{
DbgTrace(0, "-ObtainAuthToken- Error creating mutex for the user\n", 0);
goto exit;
}
if (g_bInitialized == FALSE)
{
retStatus = InitializeLibrary();
if (retStatus == CASA_STATUS_SUCCESS)
{
g_bInitialized = TRUE;
}
else
{
goto exit;
}
}
// Release our synchronization mutex
if (ReleaseMutex(g_hInitializationMutex) == 0)
{
DbgTrace(0, "-ObtainAuthToken- ReleaseMutex failed, error\n", 0);
}
// Normalize the host name
pNormalizedHostName = NormalizeHostName(pHostName);
if (pNormalizedHostName)
@ -509,41 +538,37 @@ ObtainAuthToken(
pCacheEntry = FindAuthTokenEntryInCache(pServiceName, pNormalizedHostName);
if (pCacheEntry == NULL)
{
// No entry found in the cache, create one.
pCacheEntry = CreateAuthTokenCacheEntry(pServiceName, pNormalizedHostName);
if (pCacheEntry)
{
int cacheEntryLifetime = retryLifetime; // Initialize to retry in case of failure
// Initialize to retry in case of failure
int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
// Cache entry created, now try to obtain auth token from the CASA Server
retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName,
&pCacheEntry->pToken,
&cacheEntryLifetime);
// Cache entry created, now try to obtain auth token from the CASA Server
retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName,
&pToken,
&cacheEntryLifetime);
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was un-available.
if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry->status = retStatus;
AddEntryToAuthCache(pCacheEntry, cacheEntryLifetime);
}
// Add the entry to the cache if successful or if the reason that we failed
// was because the server was un-available.
if (CASA_SUCCESS(retStatus)
|| CasaStatusCode(retStatus) == CASA_STATUS_AUTH_SERVER_UNAVAILABLE)
{
pCacheEntry = CreateAuthTokenCacheEntry(
pServiceName,
pNormalizedHostName,
retStatus,
pToken,
cacheEntryLifetime);
if (pCacheEntry)
{
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pCacheEntry);
}
}
}
// Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus))
{
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
}
}
else
{
DbgTrace(0, "-ObtainAuthToken- Cache entry creation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
else
{
@ -551,22 +576,22 @@ ObtainAuthToken(
// and release it if its status is not successful.
if (!CASA_SUCCESS(retStatus = pCacheEntry->status))
{
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
FreeAuthCacheEntry(pCacheEntry);
}
}
// Try to return auth token if we have one to return
if (CASA_SUCCESS(retStatus))
{
int tokenLen = (int) strlen(pCacheEntry->pToken) + 1;
int tokenLen = (int) strlen(pCacheEntry->token) + 1;
// We have an authentication token, try to return it to the caller
// after verifying that the supplied buffer is big enough.
if (*pAuthTokenBufLen >= tokenLen)
{
// Return the auth token to the caller
strcpy(pAuthTokenBuf, pCacheEntry->pToken);
strcpy(pAuthTokenBuf, pCacheEntry->token);
}
else
{
@ -579,8 +604,7 @@ ObtainAuthToken(
// Return the token length to the caller
*pAuthTokenBufLen = tokenLen;
// Release auth cache entry reference
ReleaseAuthCacheEntry(pCacheEntry);
FreeAuthCacheEntry(pCacheEntry);
}
// Stop user process synchronization
@ -605,6 +629,41 @@ exit:
}
//++=======================================================================
int
Initialize(void)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
int retStatus = -1;
DbgTrace(1, "-InitializeLibrary- Start\n", 0);
// Create a cache mutex only applicable to the current process
g_hInitializationMutex = CreateMutex(NULL,
FALSE,
NULL);
if (g_hInitializationMutex != NULL)
{
retStatus = CASA_STATUS_SUCCESS;
}
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
int
InitializeLibrary(void)
@ -624,39 +683,21 @@ InitializeLibrary(void)
DbgTrace(1, "-InitializeLibrary- Start\n", 0);
// Create user synchronization mutex
if (CreateUserMutex() == 0)
// Initialize the host name normalization
retStatus = InitializeHostNameNormalization();
if (CASA_SUCCESS(retStatus))
{
// Initialize the auth cache
if (CASA_SUCCESS(InitializeAuthCache()))
{
// Initialize the host name normalization
if (CASA_SUCCESS(InitializeHostNameNormalization()))
{
// Success
retStatus = 0;
}
else
{
DbgTrace(0, "-InitializeLibrary- Error initializing host name normalization\n", 0);
}
}
else
{
DbgTrace(0, "-InitializeLibrary- Error initializing the auth cache\n", 0);
}
}
else
{
DbgTrace(0, "-InitializeLibrary- Error creating mutex for the user\n", 0);
retStatus = InitializeAuthCache();
}
DbgTrace(1, "-InitializeLibrary- End, retStatus = %08X\n", retStatus);
return retStatus;
}
//++=======================================================================
//++=======================================================================
//++=======================================================================

28
CASA-auth-token/client/internal.h
View File

@ -118,6 +118,10 @@ extern char pathCharString[];
// Functions exported by engine.c
//
extern
int
Initialize(void);
extern
int
InitializeLibrary(void);
@ -222,21 +226,25 @@ RelGetAuthTokenResp(
extern
AuthCacheEntry*
CreateSessionTokenCacheEntry(
IN const char *pCacheKey);
IN const char *pCacheKey,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime
);
extern
AuthCacheEntry*
CreateAuthTokenCacheEntry(
IN const char *pCacheKey,
IN const char *pGroupOrHostName);
IN const char *pHostName,
IN CasaStatus status,
IN unsigned char *pToken,
IN int entryLifetime
);
extern
void
ReleaseAuthCacheEntry(
IN AuthCacheEntry *pEntry);
extern void
IncAuthCacheEntryRefCount(
FreeAuthCacheEntry(
IN AuthCacheEntry *pEntry);
extern
@ -250,12 +258,6 @@ FindAuthTokenEntryInCache(
IN const char *pCacheKey,
IN const char *pGroupOrHostName);
extern
void
AddEntryToAuthCache(
IN AuthCacheEntry *pEntry,
IN int entryLifetime);
extern
CasaStatus
InitializeAuthCache(void);

1091
CASA-auth-token/client/windows/cache.c
View File

File diff suppressed because it is too large Load Diff

2
CASA-auth-token/client/windows/dllsup.c
View File

@ -58,7 +58,7 @@ BOOL APIENTRY DllMain(
g_hModule = hModule;
// Initialize the library
if (InitializeLibrary() != 0)
if (Initialize() != 0)
{
// Failed to initialize the library
OutputDebugString("CASAAUTH -DllMain- Library initialization failed\n");

2
CASA-auth-token/client/windows/platform.c
View File

@ -146,7 +146,7 @@ CreateUserMutex(void)
}
else
{
DbgTrace(0, "-CreateUserMutex- Un-expected GetUserName error, error = %d\n", GetLastError());
DbgTrace(0, "-CreateUserMutex- Unexpected GetUserName error, error = %d\n", GetLastError());
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);

12
CASA-auth-token/client/windows/platform.h
View File

@ -74,15 +74,15 @@ char printBuff[256]; \
//
typedef struct _AuthCacheEntry
{
LIST_ENTRY listEntry;
int refCount;
// LIST_ENTRY listEntry;
// int refCount;
int status;
DWORD creationTime;
DWORD expirationTime;
BOOL doesNotExpire;
char *pHostName;
char *pCacheKeyName;
char *pToken;
int status;
// char *pHostName;
// char *pCacheKeyName;
char token[1];
} AuthCacheEntry, *PAuthCacheEntry;