|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: cache.h
//
// Contents:
//
// Classes:
//
// Functions:
//
// History: 09-23-97 jbanes Ported over SGC stuff from NT 4 tree.
//
//----------------------------------------------------------------------------
#include <sslcache.h>
#define SP_CACHE_MAGIC 0xCACE
#define SP_CACHE_FLAG_EMPTY 0x00000001
#define SP_CACHE_FLAG_READONLY 0x00000002
#define SP_CACHE_FLAG_MASTER_EPHEM 0x00000004
#define SP_CACHE_FLAG_USE_VALIDATED 0x00000010 // Whether user has validated client credential.
struct _SPContext;
typedef struct _SessCacheItem {
DWORD Magic; DWORD dwFlags;
LONG cRef;
DWORD ZombieJuju; DWORD fProtocol; DWORD CreationTime; DWORD Lifespan; DWORD DeferredJuju;
// List of cache entries assigned to a particular cache index.
LIST_ENTRY IndexEntryList;
// Global list of cache entries sorted by creation time.
LIST_ENTRY EntryList;
// Process ID of process that owns this cache entry.
ULONG ProcessID;
HMAPPER * phMapper;
// Handle to "Schannel" key container used to store the server's master
// secret. This will either be the one corresponding to the server's
// credentials or the 512-bit ephemeral key.
HCRYPTPROV hMasterProv;
// Whether 'hMasterProv' is an actual CSP or a static library.
DWORD dwCapiFlags; // Master secret, from which all session keys are derived.
HCRYPTKEY hMasterKey;
ALG_ID aiCipher; DWORD dwStrength; ALG_ID aiHash; DWORD dwCipherSuiteIndex; // used for managing reconnects
ExchSpec SessExchSpec; DWORD dwExchStrength;
PCERT_CONTEXT pRemoteCert; PUBLICKEY * pRemotePublic;
struct _SessCacheItem *pClonedItem;
// Server Side Client Auth related items
/* HLOCATOR */ HLOCATOR hLocator; SECURITY_STATUS LocatorStatus;
// Local credentials.
PSPCredentialGroup pServerCred; PSPCredential pActiveServerCred; CRED_THUMBPRINT CredThumbprint; // credential group
CRED_THUMBPRINT CertThumbprint; // local certificate
// Cipher level (domestic, export, sgc, etc);
DWORD dwCF;
// Server certificate (pct only)
DWORD cbServerCertificate; PBYTE pbServerCertificate;
// cache ID (usually machine name or ip address)
LPWSTR szCacheID; LUID LogonId;
// Session ID for this session
DWORD cbSessionID; UCHAR SessionID[SP_MAX_SESSION_ID];
// Clear key (pct only)
DWORD cbClearKey; UCHAR pClearKey[SP_MAX_MASTER_KEY];
DWORD cbKeyArgs; UCHAR pKeyArgs[SP_MAX_KEY_ARGS];
// This contains the client certificate that was sent to the server.
PCCERT_CONTEXT pClientCert;
// When a client credential is created automatically, the credential
// information is stored here.
PSPCredential pClientCred;
DWORD cbAppData; PBYTE pbAppData;
} SessCacheItem, *PSessCacheItem;
typedef struct{ PLIST_ENTRY SessionCache;
DWORD dwClientLifespan; DWORD dwServerLifespan; DWORD dwCleanupInterval; DWORD dwCacheSize; DWORD dwMaximumEntries; DWORD dwUsedEntries;
LIST_ENTRY EntryList; RTL_RESOURCE Lock; BOOL LockInitialized;
} SCHANNEL_CACHE;
extern SCHANNEL_CACHE SchannelCache;
#define SP_CACHE_CLIENT_LIFESPAN (10 * 3600 * 1000) // 10 hours
#define SP_CACHE_SERVER_LIFESPAN (10 * 3600 * 1000) // 10 hours
#define SP_CACHE_CLEANUP_INTERVAL (5 * 60 * 1000) // 5 minutes
#define SP_MAXIMUM_CACHE_ELEMENTS 10000
#define SP_MASTER_KEY_CS_COUNT 50
extern BOOL g_fMultipleProcessClientCache;extern BOOL g_fCacheInitialized;
// Perf counter values.
extern DWORD g_cClientHandshakes;extern DWORD g_cServerHandshakes;extern DWORD g_cClientReconnects;extern DWORD g_cServerReconnects;
#define HasTimeElapsed(StartTime, CurrentTime, Interval) \
(((CurrentTime) > (StartTime) && \ (CurrentTime) - (StartTime) > (Interval)) || \ ((CurrentTime) < (StartTime) && \ (CurrentTime) + (MAXULONG - (StartTime)) >= (Interval)))
/* SPInitSessionCache() *//* inits the internal cache to CacheSize items */SP_STATUS SPInitSessionCache(VOID);
SP_STATUSSPShutdownSessionCache(VOID);
// Reference and dereference cache items
LONG SPCacheReference(PSessCacheItem pItem);
LONG SPCacheDereference(PSessCacheItem pItem);
voidSPCachePurgeCredential( PSPCredentialGroup pCred);
void SPCachePurgeProcessId( ULONG ProcessId);
NTSTATUSSPCachePurgeEntries( LUID *LoginId, ULONG ProcessID, LPWSTR pwszTargetName, DWORD Flags);
NTSTATUSSPCacheGetInfo( LUID * LogonId, LPWSTR pszTargetName, DWORD dwFlags, PSSL_SESSION_CACHE_INFO_RESPONSE pCacheInfo);
NTSTATUSSPCacheGetPerfmonInfo( DWORD dwFlags, PSSL_PERFMON_INFO_RESPONSE pPerfmonInfo);
/* Retrieve item from cache by SessionID.
* Auto-Reference the item if successful */BOOL SPCacheRetrieveBySession( struct _SPContext * pContext, PBYTE pbSessionID, DWORD cbSessionID, PSessCacheItem *ppRetItem);
/* Retrieve item from cache by ID.
* Auto-Reference the item if successful */BOOL SPCacheRetrieveByName( LPWSTR pwszName, PSPCredentialGroup pCredGroup, PSessCacheItem *ppRetItem);
/* find an empty cache item for use by a context */BOOLSPCacheRetrieveNew( BOOL fServer, LPWSTR pszTargetName, PSessCacheItem * ppRetItem);
/* Locks a recently retrieved item into the cache */BOOL SPCacheAdd( struct _SPContext * pContext);
/* Helper for REDO sessions */BOOLSPCacheClone(PSessCacheItem *ppRetItem);
NTSTATUSSetCacheAppData( PSessCacheItem pItem, PBYTE pbAppData, DWORD cbAppData);
NTSTATUSGetCacheAppData( PSessCacheItem pItem, PBYTE *ppbAppData, DWORD *pcbAppData);
|
