545 lines
20 KiB
C
545 lines
20 KiB
C
/***********************************************************************
|
|
*
|
|
* Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; version 2.1
|
|
* of the License.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, Novell, Inc.
|
|
*
|
|
* To contact Novell about this file by physical or electronic mail,
|
|
* you may find current contact information at www.novell.com.
|
|
*
|
|
***********************************************************************/
|
|
|
|
|
|
|
|
//===[ Include files ]=====================================================
|
|
|
|
#include "internal.h"
|
|
|
|
//===[ Type definitions ]==================================================
|
|
|
|
//
|
|
// AuthModule definition
|
|
//
|
|
typedef struct _AuthModule
|
|
{
|
|
LIST_ENTRY listEntry;
|
|
char *pAuthTypeName;
|
|
int authTypeNameLen;
|
|
void *libHandle;
|
|
AuthTokenIf *pAuthTokenIf;
|
|
|
|
} AuthModule, *PAuthModule;
|
|
|
|
//===[ Function prototypes ]===============================================
|
|
|
|
//===[ Global variables ]==================================================
|
|
|
|
// Debug Level
|
|
int DebugLevel = 1;
|
|
|
|
// AuthModule List and syncronizing mutex
|
|
static
|
|
LIST_ENTRY g_authModuleListHead = {&g_authModuleListHead, &g_authModuleListHead};
|
|
|
|
static
|
|
pthread_mutex_t g_authModuleMutex = PTHREAD_MUTEX_INITIALIZER;
|
|
|
|
|
|
//++=======================================================================
|
|
static
|
|
CasaStatus
|
|
GetAuthTokenInterface(
|
|
IN const char *pAuthTypeName,
|
|
INOUT AuthTokenIf **ppAuthTokenIf)
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Abstract:
|
|
//
|
|
// Notes:
|
|
//
|
|
// Environment:
|
|
//
|
|
// L2
|
|
//=======================================================================--
|
|
{
|
|
CasaStatus retStatus;
|
|
ConfigIf *pModuleConfigIf;
|
|
|
|
|
|
DbgTrace(2, "auth_token -GetAuthTokenInterface- Start\n", 0);
|
|
|
|
// Get the configuration for the module
|
|
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/modules.d",
|
|
pAuthTypeName,
|
|
&pModuleConfigIf);
|
|
if (CASA_SUCCESS(retStatus)
|
|
&& CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
|
|
{
|
|
LIST_ENTRY *pListEntry;
|
|
AuthModule *pAuthModule = NULL;
|
|
int32_t authTypeNameLen = strlen(pAuthTypeName);
|
|
|
|
// Gain exclusive access to our mutex
|
|
pthread_mutex_lock(&g_authModuleMutex);
|
|
|
|
// Look if we already have the module in our list
|
|
pListEntry = g_authModuleListHead.Flink;
|
|
while (pListEntry != &g_authModuleListHead)
|
|
{
|
|
// Get pointer to the current entry
|
|
pAuthModule = CONTAINING_RECORD(pListEntry, AuthModule, listEntry);
|
|
|
|
// Check if this is the module that we need
|
|
if (pAuthModule->authTypeNameLen == authTypeNameLen
|
|
&& memcmp(pAuthTypeName, pAuthModule->pAuthTypeName, authTypeNameLen) == 0)
|
|
{
|
|
// This is the module that we need, stop looking.
|
|
break;
|
|
}
|
|
else
|
|
{
|
|
// This is not the module that we are looking for
|
|
pAuthModule = NULL;
|
|
}
|
|
|
|
// Advance to the next entry
|
|
pListEntry = pListEntry->Flink;
|
|
}
|
|
|
|
// Proceed based on whether or not a module was found
|
|
if (pAuthModule)
|
|
{
|
|
// Module found in our list, provide the caller with its AuthTokenIf
|
|
// instance after we have incremented its reference count.
|
|
pAuthModule->pAuthTokenIf->addReference(pAuthModule->pAuthTokenIf);
|
|
*ppAuthTokenIf = pAuthModule->pAuthTokenIf;
|
|
|
|
// Success
|
|
retStatus = CASA_STATUS_SUCCESS;
|
|
}
|
|
else
|
|
{
|
|
// Needed module not found in our list, create an entry.
|
|
pAuthModule = malloc(sizeof(*pAuthModule));
|
|
if (pAuthModule)
|
|
{
|
|
// Allocate buffer to contain the authentication type name within the module entry
|
|
pAuthModule->pAuthTypeName = malloc(authTypeNameLen + 1);
|
|
if (pAuthModule->pAuthTypeName)
|
|
{
|
|
char *pLibraryName;
|
|
|
|
// Initialize the library handle field
|
|
pAuthModule->libHandle = NULL;
|
|
|
|
// Save the auth type name within the entry
|
|
strcpy(pAuthModule->pAuthTypeName, pAuthTypeName);
|
|
pAuthModule->authTypeNameLen = authTypeNameLen;
|
|
|
|
// Obtain the name of the library that we must load
|
|
pLibraryName = pModuleConfigIf->getEntryValue(pModuleConfigIf, "LibraryName");
|
|
if (pLibraryName)
|
|
{
|
|
// Load the library
|
|
pAuthModule->libHandle = dlopen(pLibraryName, RTLD_LAZY);
|
|
if (pAuthModule->libHandle)
|
|
{
|
|
PFN_GetAuthTokenIfRtn pGetAuthTokenIfRtn;
|
|
|
|
// Library has been loaded, now get a pointer to its GetAuthTokenInterface routine
|
|
pGetAuthTokenIfRtn = dlsym(pAuthModule->libHandle, GET_AUTH_TOKEN_INTERFACE_RTN_SYMBOL);
|
|
if (pGetAuthTokenIfRtn)
|
|
{
|
|
// Now, obtain the modules AuthTokenIf.
|
|
retStatus = (pGetAuthTokenIfRtn)(pModuleConfigIf, &pAuthModule->pAuthTokenIf);
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- dlsym error = %s\n", dlerror());
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_LIBRARY_LOAD_FAILURE);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- dlopen error = %s\n", dlerror());
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_UNSUCCESSFUL);
|
|
}
|
|
|
|
// Free the buffer holding the library name
|
|
free(pLibraryName);
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- Library name not configured\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_CONFIGURATION_ERROR);
|
|
}
|
|
|
|
// Check if we were successful at obtaining the AuthTokenIf instance for the
|
|
// module.
|
|
if (CASA_SUCCESS(retStatus))
|
|
{
|
|
// Insert the entry in the list, provide the caller with its AuthTokenIf
|
|
// instance after we have incremented its reference count.
|
|
InsertTailList(&g_authModuleListHead, &pAuthModule->listEntry);
|
|
pAuthModule->pAuthTokenIf->addReference(pAuthModule->pAuthTokenIf);
|
|
*ppAuthTokenIf = pAuthModule->pAuthTokenIf;
|
|
}
|
|
else
|
|
{
|
|
// Failed, free resources.
|
|
free(pAuthModule->pAuthTypeName);
|
|
if (pAuthModule->libHandle)
|
|
dlclose(pAuthModule->libHandle);
|
|
free(pAuthModule);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to allocate buffer\n", 0);
|
|
|
|
// Free buffer allocated for entry
|
|
free(pAuthModule);
|
|
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to allocate buffer\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
|
}
|
|
}
|
|
|
|
// Release exclusive access to our mutex
|
|
pthread_mutex_unlock(&g_authModuleMutex);
|
|
|
|
// Release config interface instance
|
|
pModuleConfigIf->releaseReference(pModuleConfigIf);
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenInterface- Unable to obtain config interface\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_CONFIGURATION_ERROR);
|
|
}
|
|
|
|
DbgTrace(2, "auth_token -GetAuthTokenInterface- End, retStatus = %08X\n", retStatus);
|
|
|
|
return retStatus;
|
|
}
|
|
|
|
|
|
//++=======================================================================
|
|
CasaStatus SSCS_CALL
|
|
GetAuthTokenCredentials(
|
|
IN const char *pServiceName,
|
|
INOUT const char *pUserNameBuf,
|
|
INOUT int *pUserNameBufLen,
|
|
INOUT const char *pTokenBuf,
|
|
INOUT int *pTokenBufLen)
|
|
//
|
|
// Arguments:
|
|
// pServiceName -
|
|
// Pointer to NULL terminated string that contains the
|
|
// name of the service to which the client is trying to
|
|
// authenticate.
|
|
//
|
|
// pUserNameBuf -
|
|
// Pointer to buffer that will receive a string with the
|
|
// username that should used when authenticating to the
|
|
// service. The length of this buffer is specified by the
|
|
// pUserNameBufLen parameter. Note that the string
|
|
// returned will be NULL terminated.
|
|
//
|
|
// pUserNameBufLen -
|
|
// Pointer to integer that contains the length of the
|
|
// buffer pointed at by pUserNameBuf. Upon return of the
|
|
// function, the integer will contain the actual length
|
|
// of the username string (including the NULL terminator)
|
|
// if the function successfully completes or the buffer
|
|
// length required if the function fails because the buffer
|
|
// pointed at by either pUserNameBuf or pTokenBuf is not
|
|
// large enough.
|
|
//
|
|
// pTokenBuf -
|
|
// Pointer to buffer that will receive the authentication
|
|
// token. The length of this buffer is specified by the
|
|
// pTokenBufLen parameter. Note that the the authentication
|
|
// token will be in the form of a NULL terminated string.
|
|
//
|
|
// pTokenBufLen -
|
|
// Pointer to integer that contains the length of the
|
|
// buffer pointed at by pTokenBuf. Upon return of the
|
|
// function, the integer will contain the actual length
|
|
// of the authentication token if the function successfully
|
|
// completes or the buffer length required if the function
|
|
// fails because the buffer pointed at by either pUserNameBuf
|
|
// or pTokenBuf is not large enough.
|
|
//
|
|
// Returns:
|
|
// Casa Status
|
|
//
|
|
// Description:
|
|
// Get authentication token credentials to authenticate user to specified
|
|
// service.
|
|
//
|
|
// L2
|
|
//=======================================================================--
|
|
{
|
|
CasaStatus retStatus;
|
|
ConfigIf *pServiceConfigIf;
|
|
AuthTokenIf *pAuthTokenIf;
|
|
|
|
|
|
DbgTrace(1, "auth_token -GetAuthTokenCredentials- Start\n", 0);
|
|
|
|
// Validate input parameters
|
|
if (pServiceName == NULL
|
|
|| pUserNameBufLen == NULL
|
|
|| (pUserNameBuf == NULL && *pUserNameBufLen != 0)
|
|
|| pTokenBufLen == NULL
|
|
|| (pTokenBuf == NULL && *pTokenBufLen != 0))
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Invalid input parameter\n", 0);
|
|
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_INVALID_PARAMETER);
|
|
goto exit;
|
|
}
|
|
|
|
// Check if we have a configuration entry for the service
|
|
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/services.d",
|
|
pServiceName,
|
|
&pServiceConfigIf);
|
|
if (CASA_SUCCESS(retStatus)
|
|
&& CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
|
|
{
|
|
char *pAuthType;
|
|
|
|
// Obtain the configured authentication type for the service
|
|
pAuthType = pServiceConfigIf->getEntryValue(pServiceConfigIf, "AuthType");
|
|
if (pAuthType)
|
|
{
|
|
// Obtain the appropriate token interface for the authentication type
|
|
retStatus = GetAuthTokenInterface(pAuthType,
|
|
&pAuthTokenIf);
|
|
if (CASA_SUCCESS(retStatus))
|
|
{
|
|
// We found a provider for the service, query it for credentials.
|
|
retStatus = pAuthTokenIf->getAuthTokenCredentials(pAuthTokenIf,
|
|
pServiceConfigIf,
|
|
pUserNameBuf,
|
|
pUserNameBufLen,
|
|
pTokenBuf,
|
|
pTokenBufLen);
|
|
|
|
// Release token interface
|
|
pAuthTokenIf->releaseReference(pAuthTokenIf);
|
|
}
|
|
else
|
|
{
|
|
// No authentication token interface available for authentication type
|
|
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Failed to obtain authentication token interface\n", 0);
|
|
}
|
|
|
|
// Free the buffer holding the authentication type string
|
|
free(pAuthType);
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -GetAuthTokenCredentials- Authentication type not configured\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_CONFIGURATION_ERROR);
|
|
}
|
|
|
|
// Release service config interface
|
|
pServiceConfigIf->releaseReference(pServiceConfigIf);
|
|
}
|
|
else
|
|
{
|
|
// We are not providing authentication services for the service
|
|
DbgTrace(1, "auth_token -GetAuthTokenCredentials- Service not configured\n", 0);
|
|
}
|
|
|
|
exit:
|
|
|
|
DbgTrace(1, "auth_token -GetAuthTokenCredentials- End, retStatus = %08X\n", retStatus);
|
|
|
|
return retStatus;
|
|
}
|
|
|
|
|
|
//++=======================================================================
|
|
CasaStatus SSCS_CALL
|
|
ValidateAuthTokenCredentials(
|
|
IN const char *pServiceName,
|
|
IN const char *pUserName,
|
|
IN const int userNameLen,
|
|
IN const char *pTokenBuf,
|
|
IN const int tokenBufLen)
|
|
//
|
|
// Arguments:
|
|
// pServiceName -
|
|
// Pointer to NULL terminated string that contains the
|
|
// name of the service to which the client is trying to
|
|
// authenticate.
|
|
//
|
|
// pUserName -
|
|
// Pointer to string with the username that is being
|
|
// authenticated to the service. The length of the name
|
|
// is specified by the pUserNameLen parameter. Note that
|
|
// the string does not need to be NULL terminated.
|
|
//
|
|
// userNameLen -
|
|
// Length of the user name contained within the buffer
|
|
// pointed at by pUserNameBuf (Does not include the NULL
|
|
// terminator). If this parameter is set to -1 then the
|
|
// function assumes that the username string is NULL
|
|
// terminated.
|
|
//
|
|
// pTokenBuf -
|
|
// Pointer to buffer that will receive the authentication
|
|
// token. The length of this buffer is specified by the
|
|
// pTokenBufLen parameter. Note that the the authentication
|
|
// token will be in the form of a NULL terminated string.
|
|
//
|
|
// tokenBufLen -
|
|
// Length of the data contained within the buffer pointed
|
|
// at by pTokenBuf.
|
|
//
|
|
// Returns:
|
|
// Casa status.
|
|
//
|
|
// Description:
|
|
// Validates authentication token credentials.
|
|
//
|
|
// L2
|
|
//=======================================================================--
|
|
{
|
|
CasaStatus retStatus;
|
|
ConfigIf *pServiceConfigIf;
|
|
AuthTokenIf *pAuthTokenIf;
|
|
|
|
|
|
DbgTrace(1, "auth_token -ValidateAuthTokenCredentials- Start\n", 0);
|
|
|
|
// Validate input parameters
|
|
if (pServiceName == NULL
|
|
|| pUserName == NULL
|
|
|| userNameLen == 0
|
|
|| pTokenBuf == NULL
|
|
|| tokenBufLen == 0)
|
|
{
|
|
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Invalid input parameter\n", 0);
|
|
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_INVALID_PARAMETER);
|
|
goto exit;
|
|
}
|
|
|
|
// Check if we have a configuration entry for the service
|
|
retStatus = GetConfigInterface("/etc/opt/novell/CASA/authtoken.d/services.d",
|
|
pServiceName,
|
|
&pServiceConfigIf);
|
|
if (CASA_SUCCESS(retStatus))
|
|
{
|
|
// Check if the configuration entry was not found
|
|
if (CasaStatusCode(retStatus) != CASA_STATUS_OBJECT_NOT_FOUND)
|
|
{
|
|
char *pAuthType;
|
|
|
|
// Obtain the configured authentication type for the service
|
|
pAuthType = pServiceConfigIf->getEntryValue(pServiceConfigIf, "AuthType");
|
|
if (pAuthType)
|
|
{
|
|
// Obtain the appropriate token interface for the authentication type
|
|
retStatus = GetAuthTokenInterface(pAuthType,
|
|
&pAuthTokenIf);
|
|
if (CASA_SUCCESS(retStatus))
|
|
{
|
|
// We found a provider for the service, validate the credentials.
|
|
retStatus = pAuthTokenIf->validateAuthTokenCredentials(pAuthTokenIf,
|
|
pServiceConfigIf,
|
|
pUserName,
|
|
userNameLen,
|
|
pTokenBuf,
|
|
tokenBufLen);
|
|
|
|
// Release token interface
|
|
pAuthTokenIf->releaseReference(pAuthTokenIf);
|
|
}
|
|
else
|
|
{
|
|
// No authentication token interface available for authentication type
|
|
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Failed to obtain authentication token interface\n", 0);
|
|
}
|
|
|
|
// Free the buffer holding the authentication type string
|
|
free(pAuthType);
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Authentication type not configured\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_CONFIGURATION_ERROR);
|
|
}
|
|
|
|
// Release service config interface
|
|
pServiceConfigIf->releaseReference(pServiceConfigIf);
|
|
}
|
|
else
|
|
{
|
|
// We need to return an error
|
|
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Service not configured\n", 0);
|
|
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
|
CASA_FACILITY_AUTHTOKEN,
|
|
CASA_STATUS_CONFIGURATION_ERROR);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DbgTrace(0, "auth_token -ValidateAuthTokenCredentials- Error obtaining service configuration\n", 0);
|
|
}
|
|
|
|
exit:
|
|
|
|
DbgTrace(1, "auth_token -ValidateAuthTokenCredentials- End, retStatus = %08X\n", retStatus);
|
|
|
|
return retStatus;
|
|
}
|
|
|
|
|
|
//++=======================================================================
|
|
//++=======================================================================
|
|
//++=======================================================================
|
|
|