|
|
//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File: bndcache.cxx
//
// Contents: spn cache for Kerberos Package
//
//
// History: 13-August-1996 Created MikeSw
//
//------------------------------------------------------------------------
#include <kerb.hxx>
#include <kerbp.h>
#include <spncache.h>
//
// TBD: Switch this to a table & resource, or entries for
// each SPN prefix.
//
BOOLEAN KerberosSpnCacheInitialized = FALSE;KERBEROS_LIST KerbSpnCache;LONG SpnCount;
#define KerbWriteLockSpnCache() KerbLockList(&KerbSpnCache);
#define KerbReadLockSpnCache() KerbLockList(&KerbSpnCache);
#define KerbUnlockSpnCache() KerbUnlockList(&KerbSpnCache);
#define KerbWriteLockSpnCacheEntry(_x_) RtlAcquireResourceExclusive( &_x_->ResultLock, TRUE)
#define KerbReadLockSpnCacheEntry(_x_) RtlAcquireResourceShared( &_x_->ResultLock, TRUE)
#define KerbUnlockSpnCacheEntry(_x_) RtlReleaseResource( &_x_->ResultLock)
#define KerbConvertSpnCacheEntryReadToWriteLock(_x_) RtlConvertSharedToExclusive( &_x_->ResultLock )
//+-------------------------------------------------------------------------
//
// Function: KerbInitSpnCache
//
// Synopsis: Initializes the SPN cache
//
// Effects: allocates a resources
//
// Arguments: none
//
// Requires:
//
// Returns: STATUS_SUCCESS on success, other error codes on failure
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbInitSpnCache( VOID ){ NTSTATUS Status;
Status = KerbInitializeList( &KerbSpnCache ); if (!NT_SUCCESS(Status)) { goto Cleanup; }
KerberosSpnCacheInitialized = TRUE;
Cleanup: if (!NT_SUCCESS(Status)) { KerbFreeList( &KerbSpnCache ); } return(Status);}
//+-------------------------------------------------------------------------
//
// Function: KerbCleanupSpnCache
//
// Synopsis: Frees the Spn cache
//
// Effects:
//
// Arguments: none
//
// Requires:
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOIDKerbCleanupSpnCache( VOID ){ PKERB_SPN_CACHE_ENTRY CacheEntry;
DebugLog((DEB_TRACE_SPN_CACHE, "Cleaning up SPN cache\n"));
if (KerberosSpnCacheInitialized) { KerbWriteLockSpnCache(); while (!IsListEmpty(&KerbSpnCache.List)) { CacheEntry = CONTAINING_RECORD( KerbSpnCache.List.Flink, KERB_SPN_CACHE_ENTRY, ListEntry.Next );
KerbReferenceListEntry( &KerbSpnCache, &CacheEntry->ListEntry, TRUE );
KerbDereferenceSpnCacheEntry(CacheEntry); }
KerbUnlockSpnCache();
}}
//+-------------------------------------------------------------------------
//
// Function: KerbCleanupResult
//
// Synopsis: Cleans up result entry
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns: none
//
// Notes:
//
//
//+-------------------------------------------------------------------------
VOIDKerbCleanupResult( IN PSPN_CACHE_RESULT Result ){ KerbFreeString(&Result->AccountRealm); KerbFreeString(&Result->TargetRealm);}
//+-------------------------------------------------------------------------
//
// Function: KerbPurgeResultByIndex
//
// Synopsis: Removes
//
// Effects: Dereferences the spn cache entry to make it go away
// when it is no longer being used.
//
// Arguments: decrements reference count and delets cache entry if it goes
// to zero
//
// Requires: SpnCacheEntry - The spn cache entry to dereference.
//
// Returns: none
//
// Notes:
//
//
//+-------------------------------------------------------------------------
VOIDKerbPurgeResultByIndex( IN PKERB_SPN_CACHE_ENTRY CacheEntry, IN ULONG IndexToPurge ){
ULONG i; DebugLog((DEB_ERROR, "Purging %p, %i\n", CacheEntry, IndexToPurge)); KerbCleanupResult(&CacheEntry->Results[IndexToPurge]);
CacheEntry->ResultCount--;
for (i = IndexToPurge; i < CacheEntry->ResultCount; i++) { CacheEntry->Results[i] = CacheEntry->Results[i+1]; }
//
// Zero out fields in last entry so we don't leak on an error path (or free
// bogus info) if we reuse the entry...
//
RtlZeroMemory( &CacheEntry->Results[i], sizeof(SPN_CACHE_RESULT) );}
//+-------------------------------------------------------------------------
//
// Function: KerbDereferenceSpnCacheEntry
//
// Synopsis: Dereferences a spn cache entry
//
// Effects: Dereferences the spn cache entry to make it go away
// when it is no longer being used.
//
// Arguments: decrements reference count and delets cache entry if it goes
// to zero
//
// Requires: SpnCacheEntry - The spn cache entry to dereference.
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOIDKerbDereferenceSpnCacheEntry( IN PKERB_SPN_CACHE_ENTRY SpnCacheEntry ){ if (KerbDereferenceListEntry( &SpnCacheEntry->ListEntry, &KerbSpnCache ) ) { KerbFreeSpnCacheEntry(SpnCacheEntry); }}
//+-------------------------------------------------------------------------
//
// Function: KerbReferenceSpnCacheEntry
//
// Synopsis: References a spn cache entry
//
// Effects: Increments the reference count on the spn cache entry
//
// Arguments: SpnCacheEntry - spn cache entry to reference
//
// Requires: The spn cache must be locked
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOIDKerbReferenceSpnCacheEntry( IN PKERB_SPN_CACHE_ENTRY SpnCacheEntry, IN BOOLEAN RemoveFromList ){ KerbWriteLockSpnCache();
KerbReferenceListEntry( &KerbSpnCache, &SpnCacheEntry->ListEntry, RemoveFromList );
KerbUnlockSpnCache();}
//+-------------------------------------------------------------------------
//
// Function: KerbAgeResults
//
// Synopsis: Ages out a given cache entry's result list. Used
// to reduce the result list to a manageable size, and
// as a scavenger to cleanup orphaned / unused entries.
//
// Effects: Increments the reference count on the spn cache entry
//
// Arguments: SpnCacheEntry - spn cache entry to reference
//
// Requires: The spn cache must be locked
//
// Returns: none
//
// Notes:
//
//
//+-------------------------------------------------------------------------
VOIDKerbAgeResults( IN PKERB_SPN_CACHE_ENTRY CacheEntry ) { TimeStamp CurrentTime, BackoffTime; ULONG i; LONG Interval;
GetSystemTimeAsFileTime((PFILETIME) &CurrentTime);
//
// Age out everything older than GlobalSpnCacheTimeout first.
//
for ( i = 0; i < CacheEntry->ResultCount; i++ ) { if (KerbGetTime(CacheEntry->Results[i].CacheStartTime) + KerbGetTime(KerbGlobalSpnCacheTimeout) < KerbGetTime(CurrentTime)) { D_DebugLog((DEB_TRACE_SPN_CACHE, "removing %x %p\n")); KerbPurgeResultByIndex(CacheEntry, i); } }
if ( CacheEntry->ResultCount < MAX_RESULTS ) { return; }
for ( Interval = 13; Interval > 0; Interval -= 4) { KerbSetTimeInMinutes(&BackoffTime, Interval); for ( i=0; i < CacheEntry->ResultCount ; i++ ) { if (KerbGetTime(CacheEntry->Results[i].CacheStartTime) + KerbGetTime(BackoffTime) < KerbGetTime(CurrentTime)) { D_DebugLog((DEB_TRACE_SPN_CACHE, "removing %x %p\n")); KerbPurgeResultByIndex(CacheEntry, i); } }
if ( CacheEntry->ResultCount < MAX_RESULTS ) { return; } }
//
// Still have MAX_RESULTS after all that geezzz..
//
DebugLog((DEB_ERROR, "Can't get below MAX_RESULTS (%p) \n", CacheEntry )); DsysAssert(FALSE);
for ( i=0; i < CacheEntry->ResultCount ; i++ ) { KerbPurgeResultByIndex(CacheEntry, i); }
return; }
//+-------------------------------------------------------------------------
//
// Function: KerbTaskSpnCacheScavenger
//
// Synopsis: Cleans up any old SPN cache entries. Triggered by 30 minute
// task.
//
// Effects:
//
// Arguments: SpnCacheEntry - spn cache entry to reference
//
// Requires: The spn cache entry must be locked
//
// Returns: none
//
// Notes:
//
//
//
VOIDKerbSpnCacheScavenger(){
PKERB_SPN_CACHE_ENTRY CacheEntry = NULL; PLIST_ENTRY ListEntry; BOOLEAN FreeMe = FALSE;
KerbWriteLockSpnCache();
for (ListEntry = KerbSpnCache.List.Flink ; ListEntry != &KerbSpnCache.List ; ListEntry = ListEntry->Flink ) { CacheEntry = CONTAINING_RECORD(ListEntry, KERB_SPN_CACHE_ENTRY, ListEntry.Next);
KerbWriteLockSpnCacheEntry( CacheEntry ); KerbAgeResults(CacheEntry);
//
// Time to pull this one from list.
//
if ( CacheEntry->ResultCount == 0 ) { ListEntry = ListEntry->Blink;
KerbReferenceSpnCacheEntry( CacheEntry, TRUE ); FreeMe = TRUE; } KerbUnlockSpnCacheEntry( CacheEntry ); //
// Pull the list reference.
//
if ( FreeMe ) { KerbDereferenceSpnCacheEntry( CacheEntry ); FreeMe = FALSE; } }
KerbUnlockSpnCache();
}
//+-------------------------------------------------------------------------
//
// Function: KerbAddCacheResult
//
// Synopsis: Uses registry to create
//
// Effects: Increments the reference count on the spn cache entry
//
// Arguments: SpnCacheEntry - spn cache entry to reference
//
// Requires: The spn cache resource must be locked
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbAddCacheResult( IN PKERB_SPN_CACHE_ENTRY CacheEntry, IN PKERB_PRIMARY_CREDENTIAL AccountCredential, IN ULONG UpdateFlags, IN OPTIONAL PUNICODE_STRING NewRealm ){
NTSTATUS Status = STATUS_SUCCESS; PSPN_CACHE_RESULT Result = NULL; D_DebugLog((DEB_TRACE_SPN_CACHE, "KerbAddCacheResult add domain %wZ to _KERB_SPN_CACHE_ENTRY %p (UpdateFlags %#x), NewRealm %wZ for ", &AccountCredential->DomainName, CacheEntry, UpdateFlags, NewRealm)); D_KerbPrintKdcName(DEB_TRACE_SPN_CACHE, CacheEntry->Spn);
//
// If we don't have an account realm w/ this credential (e.g someone
// supplied you a UPN to acquirecredentialshandle, don't use the
// spn cache.
//
if ( AccountCredential->DomainName.Length == 0 ) { return STATUS_NOT_SUPPORTED; }
//
// First off, see if we're hitting the limits for our array.
// We shouldn't ever get close to MAX_RESULTS, but if we do,
// age out the least current CacheResult.
//
if ( (CacheEntry->ResultCount + 1) == MAX_RESULTS ) { KerbAgeResults(CacheEntry); }
Result = &CacheEntry->Results[CacheEntry->ResultCount];
Status = KerbDuplicateStringEx( &Result->AccountRealm, &AccountCredential->DomainName, FALSE );
if (!NT_SUCCESS( Status )) { goto Cleanup; }
if (ARGUMENT_PRESENT( NewRealm )) { D_DebugLog((DEB_TRACE_SPN_CACHE, "Known - realm %wZ\n", NewRealm)); DsysAssert(UpdateFlags != KERB_SPN_UNKNOWN);
Status = KerbDuplicateStringEx( &Result->TargetRealm, NewRealm, FALSE ); if (!NT_SUCCESS( Status )) { goto Cleanup; } }
#if DBG
else { DsysAssert(UpdateFlags != KERB_SPN_KNOWN); }
#endif
Result->CacheFlags = UpdateFlags; GetSystemTimeAsFileTime((PFILETIME) &Result->CacheStartTime); CacheEntry->ResultCount++;
Cleanup:
if (!NT_SUCCESS( Status ) ) { if ( Result != NULL ) { KerbCleanupResult( Result ); } }
return Status;}
//+-------------------------------------------------------------------------
//
// Function: KerbBuildSpnCacheEntry
//
// Synopsis: Builds a spn cache entry
//
// Effects:
//
// Arguments:
//
// Requires: SpnCacheEntry - The spn cache entry to dereference.
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbCreateSpnCacheEntry( IN PKERB_INTERNAL_NAME Spn, IN PKERB_PRIMARY_CREDENTIAL AccountCredential, IN ULONG UpdateFlags, IN OPTIONAL PUNICODE_STRING NewRealm, IN OUT PKERB_SPN_CACHE_ENTRY* NewCacheEntry ){
NTSTATUS Status; PKERB_SPN_CACHE_ENTRY CacheEntry = NULL; BOOLEAN FreeResource = FALSE;
*NewCacheEntry = NULL;
CacheEntry = (PKERB_SPN_CACHE_ENTRY) KerbAllocate( sizeof(KERB_SPN_CACHE_ENTRY) ); if ( CacheEntry == NULL ) { Status = STATUS_NO_MEMORY; goto Cleanup; }
Status = KerbDuplicateKdcName( &CacheEntry->Spn, Spn );
if (!NT_SUCCESS(Status)) { goto Cleanup; }
Status = KerbAddCacheResult( CacheEntry, AccountCredential, UpdateFlags, NewRealm );
if (!NT_SUCCESS( Status )) { goto Cleanup; }
KerbInitializeListEntry( &CacheEntry->ListEntry );
__try { RtlInitializeResource( &CacheEntry->ResultLock ); } __except(EXCEPTION_EXECUTE_HANDLER) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
FreeResource = TRUE;
KerbInsertSpnCacheEntry(CacheEntry);
*NewCacheEntry = CacheEntry; CacheEntry = NULL;
InterlockedIncrement( &SpnCount );
Cleanup:
if (!NT_SUCCESS(Status) && ( CacheEntry )) { KerbCleanupResult(&CacheEntry->Results[0]); KerbFreeKdcName( &CacheEntry->Spn ); if ( FreeResource ) { RtlDeleteResource( &CacheEntry->ResultLock ); }
KerbFree(CacheEntry); }
return Status;}
//+-------------------------------------------------------------------------
//
// Function: KerbScanResults
//
// Synopsis: Scans result list.
//
// Effects:
//
// Arguments:
//
// Requires: SpnCacheEntry - The spn cache entry to dereference.
//
// Returns: none
//
// Notes:
//
//
//---
BOOLEANKerbScanResults( IN PKERB_SPN_CACHE_ENTRY CacheEntry, IN PUNICODE_STRING Realm, IN OUT PULONG Index ){ BOOLEAN Found = FALSE; ULONG i; for ( i=0; i < CacheEntry->ResultCount; i++) { if (RtlEqualUnicodeString( &CacheEntry->Results[i].AccountRealm, Realm, TRUE )) { Found = TRUE; *Index = i; break; } }
return Found;}
//+-------------------------------------------------------------------------
//
// Function: KerbUpdateSpnCacheEntry
//
// Synopsis: Updates a spn cache entry
//
// Effects:
//
// Arguments:
//
// Requires: SpnCacheEntry - The spn cache entry to dereference.
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbUpdateSpnCacheEntry( IN OPTIONAL PKERB_SPN_CACHE_ENTRY ExistingCacheEntry, IN PKERB_INTERNAL_NAME Spn, IN PKERB_PRIMARY_CREDENTIAL AccountCredential, IN ULONG UpdateFlags, IN OPTIONAL PUNICODE_STRING NewRealm ){ PKERB_SPN_CACHE_ENTRY CacheEntry = ExistingCacheEntry; NTSTATUS Status = STATUS_SUCCESS; BOOLEAN Found = FALSE, Update = FALSE; ULONG Index = 0;
//
// We're not using SPN cache
//
if (KerbGlobalSpnCacheTimeout.QuadPart == 0 || !KerberosSpnCacheInitialized ) { return STATUS_SUCCESS; }
//
// If we didn't have a cache entry before, see if we do now, or create
// one if necessary.
//
if (!ARGUMENT_PRESENT( ExistingCacheEntry )) { KerbWriteLockSpnCache(); CacheEntry = KerbLocateSpnCacheEntry( Spn );
if ( CacheEntry == NULL) { Status = KerbCreateSpnCacheEntry( Spn, AccountCredential, UpdateFlags, NewRealm, &CacheEntry );
if (NT_SUCCESS(Status)) { //
// All done, get outta here.
//
D_DebugLog((DEB_TRACE_SPN_CACHE, "Created new cache entry %p (%x) \n", CacheEntry, UpdateFlags)); D_KerbPrintKdcName(DEB_TRACE_SPN_CACHE, Spn); D_DebugLog((DEB_TRACE_SPN_CACHE, "%wZ\n", &AccountCredential->DomainName));
KerbDereferenceSpnCacheEntry( CacheEntry ); } KerbUnlockSpnCache(); return Status; }
KerbUnlockSpnCache(); }
//
// Got an existing entry - update it.
//
KerbReadLockSpnCacheEntry( CacheEntry ); if (KerbScanResults( CacheEntry, &AccountCredential->DomainName, &Index )) { Found = TRUE; Update = (( CacheEntry->Results[Index].CacheFlags & UpdateFlags) != UpdateFlags); }
KerbUnlockSpnCacheEntry( CacheEntry );
//
// To avoid always taking the write lock, we'll need to rescan the result
// list under a write lock.
//
if ( Update ) { KerbWriteLockSpnCacheEntry( CacheEntry );
if (KerbScanResults( CacheEntry, &AccountCredential->DomainName, &Index )) { //
// Hasn't been updated or removed in the small time slice above. Update.
//
if (( CacheEntry->Results[Index].CacheFlags & UpdateFlags) != UpdateFlags ) { D_DebugLog(( DEB_TRACE_SPN_CACHE, "KerbUpdateSpnCacheEntry changing _KERB_SPN_CACHE_ENTRY %p Result Index %#x: AccountRealm %wZ, TargetRealm %wZ, NewRealm %wZ, CacheFlags %#x to CacheFlags %#x for ", CacheEntry, Index, &CacheEntry->Results[Index].AccountRealm, &CacheEntry->Results[Index].TargetRealm, NewRealm, CacheEntry->Results[Index].CacheFlags, UpdateFlags )); D_KerbPrintKdcName(DEB_TRACE_SPN_CACHE, CacheEntry->Spn);
CacheEntry->Results[Index].CacheFlags = UpdateFlags; GetSystemTimeAsFileTime( (LPFILETIME) &CacheEntry->Results[Index].CacheStartTime );
KerbFreeString(&CacheEntry->Results[Index].TargetRealm);
if (ARGUMENT_PRESENT( NewRealm )) { DsysAssert( UpdateFlags == KERB_SPN_KNOWN ); Status = KerbDuplicateStringEx( &CacheEntry->Results[Index].TargetRealm, NewRealm, FALSE );
if (!NT_SUCCESS( Status )) { KerbUnlockSpnCacheEntry( CacheEntry ); goto Cleanup; } } } } else { Found = FALSE; }
KerbUnlockSpnCacheEntry( CacheEntry ); }
if (!Found) { KerbWriteLockSpnCacheEntry ( CacheEntry );
//
// Still not found
//
if (!KerbScanResults( CacheEntry, &AccountCredential->DomainName, &Index )) { Status = KerbAddCacheResult( CacheEntry, AccountCredential, UpdateFlags, NewRealm ); }
KerbUnlockSpnCacheEntry( CacheEntry );
if (!NT_SUCCESS(Status)) { goto Cleanup; } }
Cleanup: //
// Created a new cache entry, referenced w/i this function.
//
if (!ARGUMENT_PRESENT( ExistingCacheEntry ) && CacheEntry ) { KerbDereferenceSpnCacheEntry( CacheEntry ); }
return Status;}
//+-------------------------------------------------------------------------
//
// Function: KerbLocateSpnCacheEntry
//
// Synopsis: References a spn cache entry by name
//
// Effects: Increments the reference count on the spn cache entry
//
// Arguments: RealmName - Contains the name of the realm for which to
// obtain a binding handle.
// DesiredFlags - Flags desired for binding, such as PDC required
// RemoveFromList - Remove cache entry from cache when found.
//
// Requires:
//
// Returns: The referenced cache entry or NULL if it was not found.
//
// Notes: If an invalid entry is found it may be dereferenced
//
//
//--------------------------------------------------------------------------
PKERB_SPN_CACHE_ENTRYKerbLocateSpnCacheEntry( IN PKERB_INTERNAL_NAME Spn ){ PLIST_ENTRY ListEntry; PKERB_SPN_CACHE_ENTRY CacheEntry = NULL; BOOLEAN Found = FALSE; if (Spn->NameType != KRB_NT_SRV_INST) { return NULL; } //
// We're not using SPN cache
//
if (KerbGlobalSpnCacheTimeout.QuadPart == 0 || !KerberosSpnCacheInitialized ) { return NULL; }
//
// Scale the cache by aging out old entries.
//
if ( SpnCount > MAX_CACHE_ENTRIES ) { KerbSpnCacheScavenger(); }
KerbReadLockSpnCache(); //
// Go through the spn cache looking for the correct entry
//
for (ListEntry = KerbSpnCache.List.Flink ; ListEntry != &KerbSpnCache.List ; ListEntry = ListEntry->Flink ) { CacheEntry = CONTAINING_RECORD(ListEntry, KERB_SPN_CACHE_ENTRY, ListEntry.Next); if (KerbEqualKdcNames(CacheEntry->Spn,Spn)) { KerbReferenceSpnCacheEntry( CacheEntry, FALSE );
D_DebugLog((DEB_TRACE_SPN_CACHE, "SpnCacheEntry %p\n", CacheEntry));
Found = TRUE; break; } }
if (!Found) { CacheEntry = NULL; }
KerbUnlockSpnCache(); return(CacheEntry);}
//+-------------------------------------------------------------------------
//
// Function: KerbCleanupResultList
//
// Synopsis: Frees memory associated with a result list
//
// Effects:
//
// Arguments: SpnCacheEntry - The cache entry to free. It must be
// unlinked, and the Resultlock must be held.
//
// Requires:
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOIDKerbCleanupResultList( IN PKERB_SPN_CACHE_ENTRY CacheEntry ){ for (ULONG i = 0; i < CacheEntry->ResultCount; i++) { KerbCleanupResult(&CacheEntry->Results[i]); }
CacheEntry->ResultCount = 0;}
//+-------------------------------------------------------------------------
//
// Function: KerbFreeSpnCacheEntry
//
// Synopsis: Frees memory associated with a spn cache entry
//
// Effects:
//
// Arguments: SpnCacheEntry - The cache entry to free. It must be
// unlinked.
//
// Requires:
//
// Returns: none
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOIDKerbFreeSpnCacheEntry( IN PKERB_SPN_CACHE_ENTRY SpnCacheEntry ){ //
// Must be unlinked..
//
DsysAssert(SpnCacheEntry->ListEntry.Next.Flink == NULL); DsysAssert(SpnCacheEntry->ListEntry.Next.Blink == NULL); KerbWriteLockSpnCacheEntry(SpnCacheEntry); KerbCleanupResultList(SpnCacheEntry); KerbUnlockSpnCacheEntry(SpnCacheEntry); RtlDeleteResource(&SpnCacheEntry->ResultLock); KerbFreeKdcName(&SpnCacheEntry->Spn); KerbFree(SpnCacheEntry);
InterlockedDecrement( &SpnCount );}
//+-------------------------------------------------------------------------
//
// Function: KerbInsertBinding
//
// Synopsis: Inserts a binding into the spn cache
//
// Effects: bumps reference count on binding
//
// Arguments: CacheEntry - Cache entry to insert
//
// Requires:
//
// Returns: STATUS_SUCCESS always
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbInsertSpnCacheEntry( IN PKERB_SPN_CACHE_ENTRY CacheEntry ){ KerbInsertListEntry( &CacheEntry->ListEntry, &KerbSpnCache );
return(STATUS_SUCCESS);}
//+-------------------------------------------------------------------------
//
// Function: KerbGetSpnCacheStatus
//
// Synopsis: Gets the status of a cache entry for a given realm.
//
// Effects: Returns STATUS_NO_SAM_TRUST_RELATIONSHIP for unknown SPNs,
// STATUS_NO_MATCH, if we're missing a realm result, or
// STATUS_SUCCESS ++ dupe the SPNREalm for the "real" realm
// of the SPN relative to the account realm.
//
// Arguments: CacheEntry - SPN cache entry from ProcessTargetName()
// Credential - Primary cred for account realm.
// SpnRealm - IN OUT Filled in w/ target realm of SPN
//
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUSKerbGetSpnCacheStatus( IN PKERB_SPN_CACHE_ENTRY CacheEntry, IN PKERB_PRIMARY_CREDENTIAL Credential, IN OUT PUNICODE_STRING SpnRealm ){ NTSTATUS Status = STATUS_NO_MATCH;; ULONG i; TimeStamp CurrentTime; BOOLEAN Purge = FALSE;
GetSystemTimeAsFileTime((PFILETIME) &CurrentTime);
//
// Read Lock the spn cache entry
//
KerbReadLockSpnCacheEntry( CacheEntry );
if (KerbScanResults( CacheEntry, &Credential->DomainName, &i )) { if (CacheEntry->Results[i].CacheFlags & KERB_SPN_UNKNOWN) { //
// Check and see if this timestamp has expired.
//
if (KerbGetTime(CacheEntry->Results[i].CacheStartTime) + KerbGetTime(KerbGlobalSpnCacheTimeout) < KerbGetTime(CurrentTime)) { Purge = TRUE; Status = STATUS_SUCCESS; } else { Status = STATUS_NO_TRUST_SAM_ACCOUNT; DebugLog((DEB_WARN, "SPN not found\n")); KerbPrintKdcName(DEB_WARN, CacheEntry->Spn); } } else if (CacheEntry->Results[i].CacheFlags & KERB_SPN_KNOWN) { Status = KerbDuplicateStringEx( SpnRealm, &CacheEntry->Results[i].TargetRealm, FALSE );
D_DebugLog((DEB_TRACE_SPN_CACHE, "Found %wZ\n", SpnRealm)); D_KerbPrintKdcName(DEB_TRACE_SPN_CACHE, CacheEntry->Spn); } }
KerbUnlockSpnCacheEntry( CacheEntry );
if (!NT_SUCCESS( Status )) { return Status; }
//
// Take the write lock, and verify that we still need to purge the above
// result.
//
if ( Purge ) { KerbWriteLockSpnCacheEntry( CacheEntry ); if (KerbScanResults( CacheEntry, &Credential->DomainName, &i )) { if (KerbGetTime(CacheEntry->Results[i].CacheStartTime) + KerbGetTime(KerbGlobalSpnCacheTimeout) < KerbGetTime(CurrentTime)) { D_DebugLog((DEB_TRACE_SPN_CACHE, "Purging %p due to time\n", &CacheEntry->Results[i])); KerbPurgeResultByIndex( CacheEntry, i ); } }
KerbUnlockSpnCacheEntry( CacheEntry ); Status = STATUS_NO_MATCH; }
return Status; }
|
