|
|
/**********************************************************************//** Microsoft Passport **//** Copyright(c) Microsoft Corporation, 1999 - 2001 **//**********************************************************************/
/*
fastauth.cpp COM object for fast auth interface
FILE HISTORY:
*/
// FastAuth.cpp : Implementation of CFastAuth
#include "stdafx.h"
#include <time.h>
#include <httpfilt.h>
#include <httpext.h>
#include "Passport.h"
#include "FastAuth.h"
#include "Ticket.h"
#include "Profile.h"
#include "VariantUtils.h"
#include "PMErrorCodes.h"
#include "HelperFuncs.h"
#define DIMENSION(a) (sizeof(a) / sizeof(a[0]))
/////////////////////////////////////////////////////////////////////////////
// CFastAuth
//===========================================================================
//
// InterfaceSupportsErrorInfo
//
STDMETHODIMP CFastAuth::InterfaceSupportsErrorInfo(REFIID riid){ static const IID* arr[] = { &IID_IPassportFastAuth, &IID_IPassportFastAuth2, }; for (int i=0; i < sizeof(arr) / sizeof(arr[0]); i++) { if (InlineIsEqualGUID(*arr[i],riid)) return S_OK; } return S_FALSE;}
//===========================================================================
//
// LogoTag
//
//
// old API. href to login
//
STDMETHODIMPCFastAuth::LogoTag( BSTR bstrTicket, BSTR bstrProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BSTR* pbstrLogoTag ){ return CommonLogoTag(bstrTicket, bstrProfile, vRU, vTimeWindow, vForceLogin, vCoBrand, vLCID, vSecure, vLogoutURL, vSiteName, vNameSpace, vKPP, vUseSecureAuth, FALSE, pbstrLogoTag);
}
//===========================================================================
//
// LogoTag2
//
//
// new API. href back to partner
//
STDMETHODIMPCFastAuth::LogoTag2( BSTR bstrTicket, BSTR bstrProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BSTR* pbstrLogoTag ){ return CommonLogoTag(bstrTicket, bstrProfile, vRU, vTimeWindow, vForceLogin, vCoBrand, vLCID, vSecure, vLogoutURL, vSiteName, vNameSpace, vKPP, vUseSecureAuth, TRUE, pbstrLogoTag);
}
//===========================================================================
//
// CommonLogoTag
//
//
// logotag impl
//
STDMETHODIMPCFastAuth::CommonLogoTag( BSTR bstrTicket, BSTR bstrProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BOOL fRedirToSelf, BSTR* pbstrLogoTag ){ HRESULT hr; CComObject<CTicket> *pTicket = NULL; CComObject<CProfile> *pProfile = NULL; time_t ct; ULONG TimeWindow; int nKPP; VARIANT_BOOL ForceLogin, bSecure = VARIANT_FALSE; ULONG ulSecureLevel = 0; BSTR CBT = NULL, returnUrl = NULL, bstrSiteName = NULL, bstrNameSpace = NULL; int hasCB = -1, hasRU = -1, hasLCID, hasTW, hasFL, hasSec, hasSiteName, hasNameSpace = -1, hasUseSec; int hasKPP = -1; USHORT Lang; CNexusConfig* cnc = NULL; CRegistryConfig* crc = NULL; VARIANT_BOOL bTicketValid,bProfileValid; LPSTR szSiteName; VARIANT vFalse;
USES_CONVERSION;
PassportLog("CFastAuth::CommonLogoTag Enter:\r\n"); if (NULL != bstrTicket) { PassportLog(" %ws\r\n", bstrTicket); } if (NULL != bstrProfile) { PassportLog(" %ws\r\n", bstrProfile); }
if (NULL == pbstrLogoTag) { hr = E_INVALIDARG; goto Cleanup; } *pbstrLogoTag = NULL;
if (!g_config->isValid()) // Guarantees config is non-null
{ AtlReportError(CLSID_FastAuth, PP_E_NOT_CONFIGUREDSTR, IID_IPassportFastAuth, PP_E_NOT_CONFIGURED); hr = PP_E_NOT_CONFIGURED; goto Cleanup; }
//
// due to STL the allocations of CTicket and CProfile can AV in low memory conditions
//
try { // ticket object
pTicket = new CComObject<CTicket>(); if (NULL == pTicket) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pTicket->AddRef(); }
// profile object
pProfile = new CComObject<CProfile>();
if (NULL == pProfile) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pProfile->AddRef(); } } catch(...) { hr = E_OUTOFMEMORY; goto Cleanup; }
// Get site name if any...
hasSiteName = GetBstrArg(vSiteName, &bstrSiteName); if(hasSiteName == CV_OK || hasSiteName == CV_FREE) szSiteName = W2A(bstrSiteName); else szSiteName = NULL;
if(hasSiteName == CV_FREE) SysFreeString(bstrSiteName);
cnc = g_config->checkoutNexusConfig(); crc = g_config->checkoutRegistryConfig(szSiteName);
hr = DecryptTicketAndProfile(bstrTicket, bstrProfile, FALSE, NULL, crc, pTicket, pProfile);
if (hr != S_OK) { goto Cleanup; }
VariantInit(&vFalse); vFalse.vt = VT_BOOL; vFalse.boolVal = VARIANT_FALSE;
pTicket->get_IsAuthenticated(0, VARIANT_FALSE, vFalse, &bTicketValid);
pProfile->get_IsValid(&bProfileValid);
time(&ct);
// Make sure args are of the right type
if ((hasTW = GetIntArg(vTimeWindow, (int*) &TimeWindow)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasFL = GetBoolArg(vForceLogin, &ForceLogin)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasSec = GetBoolArg(vSecure,&bSecure)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasUseSec = GetIntArg(vUseSecureAuth,(int*)&ulSecureLevel)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasLCID = GetShortArg(vLCID,&Lang)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasKPP = GetIntArg(vKPP, &nKPP)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
hasCB = GetBstrArg(vCoBrand, &CBT);
if (hasCB == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if (hasCB == CV_FREE) { TAKEOVER_BSTR(CBT); }
hasRU = GetBstrArg(vRU, &returnUrl); if (hasRU == CV_BAD) { if (hasCB == CV_FREE && CBT) SysFreeString(CBT); hr = E_INVALIDARG; goto Cleanup; }
if (hasRU == CV_FREE) { TAKEOVER_BSTR(returnUrl); }
hasNameSpace = GetBstrArg(vNameSpace, &bstrNameSpace); if (hasNameSpace == CV_BAD) { if (hasCB == CV_FREE && CBT) SysFreeString(CBT); if (hasRU == CV_FREE && returnUrl) SysFreeString(returnUrl); return E_INVALIDARG; } if (hasNameSpace == CV_FREE) { TAKEOVER_BSTR(bstrNameSpace); } if (hasNameSpace == CV_DEFAULT) { bstrNameSpace = crc->getNameSpace(); }
WCHAR *szSIAttrName, *szSOAttrName; if (hasSec == CV_OK && bSecure != VARIANT_FALSE) { szSIAttrName = L"SecureSigninLogo"; szSOAttrName = L"SecureSignoutLogo"; } else { szSIAttrName = L"SigninLogo"; szSOAttrName = L"SignoutLogo"; }
WCHAR *szAUAttrName; if (hasUseSec == CV_OK && SECURELEVEL_USE_HTTPS(ulSecureLevel)) szAUAttrName = L"AuthSecure"; else szAUAttrName = L"Auth";
if (hasLCID == CV_DEFAULT) Lang = crc->getDefaultLCID();
if (hasTW == CV_DEFAULT) TimeWindow = crc->getDefaultTicketAge(); if (hasFL == CV_DEFAULT) ForceLogin = crc->forceLoginP() ? VARIANT_TRUE : VARIANT_FALSE; if (hasCB == CV_DEFAULT) CBT = crc->getDefaultCoBrand(); if (hasRU == CV_DEFAULT) returnUrl = crc->getDefaultRU(); if (hasKPP == CV_DEFAULT) nKPP = -1; if (returnUrl == NULL) returnUrl = L"";
if ((TimeWindow != 0 && TimeWindow < PPM_TIMEWINDOW_MIN) || TimeWindow > PPM_TIMEWINDOW_MAX) { //
// 20 will always be more than large enough for a ULONG
//
WCHAR buf[20];
_itow(TimeWindow,buf,10); if (g_pAlert) g_pAlert->report(PassportAlertInterface::WARNING_TYPE, PM_TIMEWINDOW_INVALID, buf); AtlReportError(CLSID_FastAuth, (LPCOLESTR) PP_E_INVALID_TIMEWINDOWSTR, IID_IPassportFastAuth, PP_E_INVALID_TIMEWINDOW); hr = PP_E_INVALID_TIMEWINDOW; goto Cleanup; }
if (bTicketValid) { LPCWSTR domain = NULL; WCHAR url[1025]; VARIANT freeMe; VariantInit(&freeMe);
if (crc->DisasterModeP()) { lstrcpynW(url, crc->getDisasterUrl(), DIMENSION(url) - 1); url[DIMENSION(url) - 1] = L'\0'; } else { if (bProfileValid && pProfile->get_ByIndex(MEMBERNAME_INDEX, &freeMe) == S_OK && freeMe.vt == VT_BSTR) { domain = wcsrchr(freeMe.bstrVal, L'@'); }
cnc->getDomainAttribute(domain ? domain+1 : L"Default", L"Logout", DIMENSION(url) - 1, url, Lang);
url[DIMENSION(url) - 1] = L'\0'; }
// find out if there are any updates
WCHAR iurl[1025]; BSTR upd = NULL;
pProfile->get_updateString(&upd);
if (upd) { TAKEOVER_BSTR(upd); // form the appropriate URL
CCoCrypt* crypt = NULL; BSTR newCH = NULL; crypt = crc->getCurrentCrypt(); // IsValid ensures this is non-null
// This should never fail... (famous last words)
if (!crypt->Encrypt(crc->getCurrentCryptVersion(), (LPSTR)upd, SysStringByteLen(upd), &newCH)) { AtlReportError(CLSID_Manager, (LPCOLESTR) PP_E_UNABLE_TO_ENCRYPTSTR, IID_IPassportManager, PP_E_UNABLE_TO_ENCRYPT); hr = PP_E_UNABLE_TO_ENCRYPT; goto Cleanup; } FREE_BSTR(upd); TAKEOVER_BSTR(newCH); cnc->getDomainAttribute(domain ? domain+1 : L"Default", L"Update", DIMENSION(iurl) - 1, iurl, Lang);
iurl[DIMENSION(iurl) - 1] = L'\0';
// This is a bit gross... we need to find the $1 in the update url...
// We'll break if null, but won't crash...
if (*url != L'\0') *pbstrLogoTag = FormatUpdateLogoTag( url, crc->getSiteId(), returnUrl, TimeWindow, ForceLogin, crc->getCurrentCryptVersion(), ct, CBT, nKPP, (*iurl == L'\0' ? NULL : iurl), bSecure, newCH, PM_LOGOTYPE_SIGNOUT, ulSecureLevel, crc, TRUE ); FREE_BSTR(newCH); } else { cnc->getDomainAttribute(domain ? domain+1 : L"Default", szSOAttrName, DIMENSION(iurl), iurl, Lang);
iurl[DIMENSION(iurl) - 1] = L'\0';
if (*iurl != L'\0') *pbstrLogoTag = FormatNormalLogoTag( url, crc->getSiteId(), returnUrl, TimeWindow, ForceLogin, crc->getCurrentCryptVersion(), ct, CBT, iurl, NULL, nKPP, PM_LOGOTYPE_SIGNOUT, Lang, ulSecureLevel, crc, fRedirToSelf, TRUE ); } VariantClear(&freeMe); if (NULL == *pbstrLogoTag) { hr = E_OUTOFMEMORY; goto Cleanup; } } else { WCHAR url[1025]; WCHAR iurl[1025];
if (!crc->DisasterModeP()) { cnc->getDomainAttribute(L"Default", szAUAttrName, DIMENSION(url), url, Lang);
url[DIMENSION(url) - 1] = L'\0'; } else { lstrcpynW(url, crc->getDisasterUrl(), DIMENSION(url));
url[DIMENSION(url) - 1] = L'\0'; }
cnc->getDomainAttribute(L"Default", szSIAttrName, DIMENSION(iurl), iurl, Lang);
iurl[DIMENSION(iurl) - 1] = L'\0';
if (*iurl != L'\0') { *pbstrLogoTag = FormatNormalLogoTag( url, crc->getSiteId(), returnUrl, TimeWindow, ForceLogin, crc->getCurrentCryptVersion(), ct, CBT, iurl, bstrNameSpace, nKPP, PM_LOGOTYPE_SIGNIN, Lang, ulSecureLevel, crc, fRedirToSelf, TRUE ); if (NULL == *pbstrLogoTag) { hr = E_OUTOFMEMORY; goto Cleanup; } } }
hr = S_OK;
Cleanup: PassportLog("CFastAuth::CommonLogoTag Exit: %X\r\n", hr); if ((NULL != pbstrLogoTag) && (NULL != *pbstrLogoTag)) { PassportLog(" %ws\r\n", *pbstrLogoTag); }
if (pTicket) pTicket->Release(); if (pProfile) pProfile->Release();
if (crc) crc->Release(); if (cnc) cnc->Release();
if (hasRU == CV_FREE && returnUrl) FREE_BSTR(returnUrl); if (hasCB == CV_FREE && CBT) FREE_BSTR(CBT); if (hasNameSpace == CV_FREE && bstrNameSpace) FREE_BSTR(bstrNameSpace);
return hr;}
//===========================================================================
//
// IsAuthenticated
//
STDMETHODIMPCFastAuth::IsAuthenticated( BSTR bstrTicket, BSTR bstrProfile, VARIANT vSecure, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vSiteName, VARIANT vDoSecureCheck, VARIANT_BOOL* pbAuthenticated ){ HRESULT hr; CComObject<CTicket> *pTicket = NULL; CComObject<CProfile> *pProfile = NULL;
CRegistryConfig* crc = NULL; ULONG TimeWindow; VARIANT_BOOL ForceLogin, bTicketValid, bProfileValid; int hasSec = CV_DEFAULT, hasTW = CV_DEFAULT, hasFL = CV_DEFAULT, hasSiteName = CV_DEFAULT; BSTR bstrSecure, bstrSiteName; LPSTR szSiteName; VARIANT vFalse;
USES_CONVERSION;
PassportLog("CFastAuth::IsAuthenticated Enter:\r\n"); if (NULL != bstrTicket) { PassportLog(" %ws\r\n", bstrTicket); } if (NULL != bstrProfile) { PassportLog(" %ws\r\n", bstrProfile); }
if (!g_config->isValid()) // Guarantees config is non-null
{ AtlReportError(CLSID_Manager, PP_E_NOT_CONFIGUREDSTR, IID_IPassportManager, PP_E_NOT_CONFIGURED); hr = PP_E_NOT_CONFIGURED; goto Cleanup; }
hasSec = GetBstrArg(vSecure, &bstrSecure); if(hasSec == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if(hasSec == CV_DEFAULT) bstrSecure = NULL;
hasSiteName = GetBstrArg(vSiteName, &bstrSiteName); if(hasSiteName == CV_OK || hasSiteName == CV_FREE) { szSiteName = W2A(bstrSiteName);
PassportLog(" %ws\r\n", szSiteName); } else szSiteName = NULL;
if(hasSiteName == CV_FREE) SysFreeString(bstrSiteName);
crc = g_config->checkoutRegistryConfig(szSiteName);
//
// due to STL the allocations of CTicket and CProfile can AV in low memory conditions
//
try { // ticket object
pTicket = new CComObject<CTicket>(); if (NULL == pTicket) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pTicket->AddRef(); }
// profile object
pProfile = new CComObject<CProfile>();
if (NULL == pProfile) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pProfile->AddRef(); } } catch(...) { hr = E_OUTOFMEMORY; goto Cleanup; }
hr = DecryptTicketAndProfile(bstrTicket, NULL, FALSE, NULL, crc, pTicket, pProfile);
if(hr != S_OK) { goto Cleanup; }
VariantInit(&vFalse); vFalse.vt = VT_BOOL; vFalse.boolVal = VARIANT_FALSE;
pTicket->get_IsAuthenticated(0, VARIANT_FALSE, vFalse, &bTicketValid);
/*
// Both profile AND ticket must be valid to be authenticated
// (as of 1.3, this is no longer true).
Profile.get_IsValid(&bProfileValid);
if (!bProfileValid) { hr = E_FAIL; goto Cleanup; } */
if ((hasTW = GetIntArg(vTimeWindow,(int*)&TimeWindow)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if (hasTW == CV_DEFAULT) TimeWindow = crc->getDefaultTicketAge();
if ((hasFL = GetBoolArg(vForceLogin, &ForceLogin)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if (hasFL == CV_DEFAULT) ForceLogin = crc->forceLoginP() ? VARIANT_TRUE : VARIANT_FALSE;
PassportLog(" TW = %X\r\n", TimeWindow);
hr = pTicket->get_IsAuthenticated(TimeWindow, ForceLogin, vDoSecureCheck, pbAuthenticated);
Cleanup: PassportLog("CFastAuth::IsAuthenticated Exit\r\n");
if (pTicket) pTicket->Release(); if (pProfile) pProfile->Release();
if (crc) crc->Release();
if(hasSec == CV_FREE) SysFreeString(bstrSecure);
if(hr != S_OK) { *pbAuthenticated = VARIANT_FALSE; }
return hr;}
//===========================================================================
//
// AuthURL
//
//
// old API. Auth URL goes to login
//
STDMETHODIMPCFastAuth::AuthURL( VARIANT vTicket, VARIANT vProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vReserved1, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BSTR* pbstrAuthURL ){ return CommonAuthURL(vTicket, vProfile, vRU, vTimeWindow, vForceLogin, vCoBrand, vLCID, vSecure, vLogoutURL, vReserved1, vSiteName, vNameSpace, vKPP, vUseSecureAuth, FALSE, pbstrAuthURL);
}
//===========================================================================
//
// AuthURL2
//
//
// new API. Auth URL points to partner
//
STDMETHODIMPCFastAuth::AuthURL2( VARIANT vTicket, VARIANT vProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vReserved1, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BSTR* pbstrAuthURL ){ return CommonAuthURL(vTicket, vProfile, vRU, vTimeWindow, vForceLogin, vCoBrand, vLCID, vSecure, vLogoutURL, vReserved1, vSiteName, vNameSpace, vKPP, vUseSecureAuth, TRUE, pbstrAuthURL);
}
//===========================================================================
//
// CommonAuthURL
//
STDMETHODIMPCFastAuth::CommonAuthURL( VARIANT vTicket, VARIANT vProfile, VARIANT vRU, VARIANT vTimeWindow, VARIANT vForceLogin, VARIANT vCoBrand, VARIANT vLCID, VARIANT vSecure, VARIANT vLogoutURL, VARIANT vReserved1, VARIANT vSiteName, VARIANT vNameSpace, VARIANT vKPP, VARIANT vUseSecureAuth, BOOL fRedirToSelf, BSTR* pbstrAuthURL ){ HRESULT hr; BSTR bstrTicket = NULL; BSTR bstrProfile = NULL; CComObject<CTicket> *pTicket = NULL; CComObject<CProfile> *pProfile = NULL; time_t ct; WCHAR url[1025]; VARIANT freeMe; UINT TimeWindow; int nKPP; VARIANT_BOOL ForceLogin; VARIANT_BOOL bTicketValid; VARIANT_BOOL bProfileValid; ULONG ulSecureLevel = 0; BSTR CBT = NULL, returnUrl = NULL, bstrSiteName = NULL, bstrNameSpace = NULL; int hasCB = -1, hasRU = -1, hasLCID, hasTW, hasFL, hasNameSpace = -1, hasUseSec; int hasTicket = -1, hasProfile = -1, hasSiteName = -1, hasKPP = -1; USHORT Lang; CNexusConfig* cnc = NULL; CRegistryConfig* crc = NULL; LPSTR szSiteName; VARIANT vFalse;
USES_CONVERSION;
PassportLog("CFastAuth::CommonAuthURL Enter:\r\n");
if (!g_config->isValid()) // Guarantees config is non-null
{ AtlReportError(CLSID_FastAuth, PP_E_NOT_CONFIGUREDSTR, IID_IPassportFastAuth, PP_E_NOT_CONFIGURED); hr = PP_E_NOT_CONFIGURED; goto Cleanup; }
hasSiteName = GetBstrArg(vSiteName, &bstrSiteName); if(hasSiteName == CV_OK || hasSiteName == CV_FREE) szSiteName = W2A(bstrSiteName); else szSiteName = NULL;
if(hasSiteName == CV_FREE) SysFreeString(bstrSiteName);
cnc = g_config->checkoutNexusConfig(); crc = g_config->checkoutRegistryConfig(szSiteName);
// Make sure args are of the right type
if ((hasTicket = GetBstrArg(vTicket, &bstrTicket)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasProfile = GetBstrArg(vProfile, &bstrProfile)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if (NULL != bstrTicket) { PassportLog(" %ws\r\n", bstrTicket); } if (NULL != bstrProfile) { PassportLog(" %ws\r\n", bstrProfile); }
//
// due to STL the allocations of CTicket and CProfile can AV in low memory conditions
//
try { // ticket object
pTicket = new CComObject<CTicket>(); if (NULL == pTicket) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pTicket->AddRef(); }
// profile object
pProfile = new CComObject<CProfile>();
if (NULL == pProfile) { hr = E_OUTOFMEMORY; goto Cleanup; } else { pProfile->AddRef(); } } catch(...) { hr = E_OUTOFMEMORY; goto Cleanup; }
if(hasTicket != CV_DEFAULT && hasProfile != CV_DEFAULT) { hr = DecryptTicketAndProfile(bstrTicket, bstrProfile, FALSE, NULL, crc, pTicket, pProfile);
if(hr != S_OK) { bTicketValid = VARIANT_FALSE; bProfileValid = VARIANT_FALSE; } else { VariantInit(&vFalse); vFalse.vt = VT_BOOL; vFalse.boolVal = VARIANT_FALSE;
pTicket->get_IsAuthenticated(0, VARIANT_FALSE, vFalse, &bTicketValid); pProfile->get_IsValid(&bProfileValid); } } else { bTicketValid = VARIANT_FALSE; bProfileValid = VARIANT_FALSE; }
if ((hasTW = GetIntArg(vTimeWindow, (int*) &TimeWindow)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasFL = GetBoolArg(vForceLogin, &ForceLogin)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasUseSec = GetIntArg(vUseSecureAuth, (int*)&ulSecureLevel)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasLCID = GetShortArg(vLCID,&Lang)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if ((hasKPP = GetIntArg(vKPP, &nKPP)) == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
hasCB = GetBstrArg(vCoBrand, &CBT); if (hasCB == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; }
if (hasCB == CV_FREE) { TAKEOVER_BSTR(CBT); } hasRU = GetBstrArg(vRU, &returnUrl); if (hasRU == CV_BAD) { if (hasCB == CV_FREE && CBT) FREE_BSTR(CBT); hr = E_INVALIDARG; goto Cleanup; }
if (hasRU == CV_FREE) { TAKEOVER_BSTR(returnUrl); }
hasNameSpace = GetBstrArg(vNameSpace, &bstrNameSpace); if (hasNameSpace == CV_BAD) { hr = E_INVALIDARG; goto Cleanup; } if (hasNameSpace == CV_FREE) { TAKEOVER_BSTR(bstrNameSpace); } if (hasNameSpace == CV_DEFAULT) { bstrNameSpace = crc->getNameSpace(); }
if (hasLCID == CV_DEFAULT) Lang = crc->getDefaultLCID(); if (hasKPP == CV_DEFAULT) nKPP = -1;
WCHAR *szAUAttrName; if (hasUseSec == CV_OK && SECURELEVEL_USE_HTTPS(ulSecureLevel)) szAUAttrName = L"AuthSecure"; else szAUAttrName = L"Auth";
VariantInit(&freeMe);
if (!crc->DisasterModeP()) { // If I'm authenticated, get my domain specific url
if (bTicketValid && bProfileValid) { hr = pProfile->get_ByIndex(MEMBERNAME_INDEX, &freeMe); if (hr != S_OK || freeMe.vt != VT_BSTR) { cnc->getDomainAttribute(L"Default", szAUAttrName, DIMENSION(url) - 1, url, Lang);
url[DIMENSION(url) - 1] = L'\0'; } else { LPCWSTR psz = wcsrchr(freeMe.bstrVal, L'@'); cnc->getDomainAttribute(psz ? psz+1 : L"Default", szAUAttrName, DIMENSION(url) - 1, url, Lang);
url[DIMENSION(url) - 1] = L'\0'; } } else { cnc->getDomainAttribute(L"Default", szAUAttrName, DIMENSION(url) - 1, url, Lang);
url[DIMENSION(url) - 1] = L'\0'; } } else { lstrcpynW(url, crc->getDisasterUrl(), DIMENSION(url) - 1); url[DIMENSION(url) - 1] = L'\0'; }
time(&ct);
if (!url) { hr = S_OK; goto Cleanup; }
if (hasTW == CV_DEFAULT) TimeWindow = crc->getDefaultTicketAge(); if (hasFL == CV_DEFAULT) ForceLogin = crc->forceLoginP() ? VARIANT_TRUE : VARIANT_FALSE; if (hasCB == CV_DEFAULT) CBT = crc->getDefaultCoBrand(); if (hasRU == CV_DEFAULT) returnUrl = crc->getDefaultRU(); if (returnUrl == NULL) returnUrl = L"";
if ((TimeWindow != 0 && TimeWindow < PPM_TIMEWINDOW_MIN) || TimeWindow > PPM_TIMEWINDOW_MAX) { //
// 20 will always be more than large enough for a ULONG
//
WCHAR buf[20];
_itow(TimeWindow,buf,10);
if (g_pAlert) g_pAlert->report(PassportAlertInterface::WARNING_TYPE, PM_TIMEWINDOW_INVALID, buf);
AtlReportError(CLSID_FastAuth, (LPCOLESTR) PP_E_INVALID_TIMEWINDOWSTR, IID_IPassportFastAuth, PP_E_INVALID_TIMEWINDOW);
hr = PP_E_INVALID_TIMEWINDOW; goto Cleanup; }
if (NULL == pbstrAuthURL) { hr = E_INVALIDARG; goto Cleanup; }
*pbstrAuthURL = FormatAuthURL( url, crc->getSiteId(), returnUrl, TimeWindow, ForceLogin, crc->getCurrentCryptVersion(), ct, CBT, bstrNameSpace, nKPP, Lang, ulSecureLevel, crc, fRedirToSelf, TRUE ); if (NULL == *pbstrAuthURL) { hr = E_OUTOFMEMORY; goto Cleanup; }
hr = S_OK;
Cleanup: PassportLog("CFastAuth::CommonAuthURL Exit: %X\r\n", hr);
if (pTicket) pTicket->Release(); if (pProfile) pProfile->Release();
if(cnc) cnc->Release(); if(crc) crc->Release(); if (hasTicket == CV_FREE && bstrTicket) FREE_BSTR(bstrTicket); if (hasProfile == CV_FREE && bstrProfile) FREE_BSTR(bstrProfile); if (hasRU == CV_FREE && returnUrl) FREE_BSTR(returnUrl); if (hasCB == CV_FREE && CBT) FREE_BSTR(CBT); if (hasNameSpace == CV_FREE && bstrNameSpace) FREE_BSTR(bstrNameSpace); VariantClear(&freeMe);
return hr;}
//===========================================================================
//
// GetTicketAndProfilePFC
//
HRESULTCFastAuth::GetTicketAndProfilePFC( BYTE* pbPFC, BYTE* pbPPH, BSTR* pbstrTicket, BSTR* pbstrProfile, BSTR* pbstrSecure, BSTR* pbstrSiteName ){ HTTP_FILTER_CONTEXT* pfc = (HTTP_FILTER_CONTEXT*)pbPFC; HTTP_FILTER_PREPROC_HEADERS* pph = (HTTP_FILTER_PREPROC_HEADERS*)pbPPH; BSTR bstrF = NULL; CHAR achBuf[2048]; DWORD dwBufLen; LPSTR pszQueryString; HRESULT hr = S_FALSE;
USES_CONVERSION;
dwBufLen = DIMENSION(achBuf);
if(GetSiteNamePFC(pfc, achBuf, &dwBufLen) == S_OK) *pbstrSiteName = SysAllocString(A2W(achBuf)); else *pbstrSiteName = NULL;
dwBufLen = DIMENSION(achBuf);
if(pph->GetHeader(pfc, "URL", achBuf, &dwBufLen)) { pszQueryString = strchr(achBuf, '?'); if(pszQueryString) { pszQueryString++;
if(GetQueryData(achBuf, pbstrTicket, pbstrProfile, &bstrF)) { PassportLog("CFastAuth::GetTicketAndProfilePFC URL: %s\r\n", achBuf);
*pbstrSecure = NULL; hr = S_OK; goto Cleanup; } } }
dwBufLen = DIMENSION(achBuf);
if(pph->GetHeader(pfc, "Cookie:", achBuf, &dwBufLen)) { if(!GetCookie(achBuf, "MSPAuth", pbstrTicket)) { goto Cleanup; }
GetCookie(achBuf, "MSPProf", pbstrProfile); GetCookie(achBuf, "MSPSecAuth", pbstrSecure);
hr = S_OK; }Cleanup: PassportLog("CFastAuth::GetTicketAndProfilePFC Exit: %X\r\n", hr);
if (bstrF) { FREE_BSTR(bstrF); } return hr;}
//===========================================================================
//
// GetTicketAndProfileECB
//
HRESULTCFastAuth::GetTicketAndProfileECB( BYTE* pbECB, BSTR* pbstrTicket, BSTR* pbstrProfile, BSTR* pbstrSecure, BSTR* pbstrSiteName ){ EXTENSION_CONTROL_BLOCK* pECB = (EXTENSION_CONTROL_BLOCK*)pbECB; CHAR achBuf[2048]; DWORD dwBufLen; BSTR bstrF;
USES_CONVERSION;
dwBufLen = DIMENSION(achBuf);
if(GetSiteNameECB(pECB, achBuf, &dwBufLen) == S_OK) *pbstrSiteName = SysAllocString(A2W(achBuf)); else *pbstrSiteName = NULL;
dwBufLen = DIMENSION(achBuf);
if(pECB->GetServerVariable(pECB, "QUERY_STRING", achBuf, &dwBufLen)) { if(GetQueryData(achBuf, pbstrTicket, pbstrProfile, &bstrF)) { PassportLog("CFastAuth::GetTicketAndProfilePFC QS: %s\r\n", achBuf);
*pbstrSecure = NULL; return S_OK; } }
dwBufLen = DIMENSION(achBuf);
if(pECB->GetServerVariable(pECB, "HTTP_COOKIE", achBuf, &dwBufLen)) { if(!GetCookie(achBuf, "MSPAuth", pbstrTicket)) return S_FALSE;
GetCookie(achBuf, "MSPProf", pbstrProfile); GetCookie(achBuf, "MSPSecAuth", pbstrSecure);
return S_OK; }
PassportLog("CFastAuth::GetTicketAndProfilePFC Failed: %s\r\n", achBuf);
return S_FALSE;}
//===========================================================================
//
// GetSiteName
//
HRESULT GetSiteName( LPSTR szServerName, LPSTR szPort, LPSTR szSecure, LPSTR szBuf, LPDWORD lpdwBufLen ){ HRESULT hr; DWORD dwSize; int nLength; LPSTR szPortTest;
if(!szServerName) { hr = E_FAIL; goto Cleanup; }
//
// Make sure the string (plus terminating null)
// isn't too long to fit into the buffer
//
dwSize = lstrlenA(szServerName); if(dwSize + 1 > *lpdwBufLen) { hr = E_FAIL; goto Cleanup; }
//
// Copy the string.
//
lstrcpyA(szBuf, szServerName);
//
// Now, if the incoming port is a port other than
// 80/443, append it to the server name.
//
if(szPort && szSecure) { nLength = lstrlenA(szPort);
if(lstrcmpA(szSecure, "on") == 0) szPortTest = "443"; else szPortTest = "80";
if(lstrcmpA(szPort, szPortTest) != 0 && (dwSize + nLength + 2) <= *lpdwBufLen) { szBuf[dwSize] = ':'; lstrcpyA(&(szBuf[dwSize + 1]), szPort); *lpdwBufLen = dwSize + nLength + 2; } else *lpdwBufLen = dwSize + 1; } else *lpdwBufLen = dwSize + 1;
hr = S_OK;
Cleanup:
return hr;}
//===========================================================================
//
// GetSiteNamePFC
//
HRESULTGetSiteNamePFC( HTTP_FILTER_CONTEXT* pfc, LPSTR szBuf, LPDWORD lpdwBufLen ){ HRESULT hr;
LPSTR szServerName = GetServerVariablePFC(pfc, "SERVER_NAME"); LPSTR szPort = GetServerVariablePFC(pfc, "SERVER_PORT"); LPSTR szSecure = GetServerVariablePFC(pfc, "HTTPS");
hr = GetSiteName(szServerName, szPort, szSecure, szBuf, lpdwBufLen);
if(szServerName) delete [] szServerName; if(szPort) delete [] szPort; if(szSecure) delete [] szSecure;
return hr;}
//===========================================================================
//
// GetSiteNameECB
//
HRESULTGetSiteNameECB( EXTENSION_CONTROL_BLOCK* pECB, LPSTR szBuf, LPDWORD lpdwBufLen ){ HRESULT hr;
LPSTR szServerName = GetServerVariableECB(pECB, "SERVER_NAME"); LPSTR szPort = GetServerVariableECB(pECB, "SERVER_PORT"); LPSTR szSecure = GetServerVariableECB(pECB, "HTTPS");
hr = GetSiteName(szServerName, szPort, szSecure, szBuf, lpdwBufLen);
if(szServerName) delete [] szServerName; if(szPort) delete [] szPort; if(szSecure) delete [] szSecure;
return hr;}
|
