//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: cache.h
//
// Contents:
//
// Classes:
//
// Functions:
//
// History: 09-23-97 jbanes Ported over SGC stuff from NT 4 tree.
//
//----------------------------------------------------------------------------
#include <sslcache.h>
#define SP_CACHE_MAGIC 0xCACE
#define SP_CACHE_FLAG_EMPTY 0x00000001
#define SP_CACHE_FLAG_READONLY 0x00000002
#define SP_CACHE_FLAG_MASTER_EPHEM 0x00000004
#define SP_CACHE_FLAG_USE_VALIDATED 0x00000010 // Whether user has validated client credential.
struct _SPContext;
typedef struct _SessCacheItem {
DWORD Magic;
DWORD dwFlags;
LONG cRef;
DWORD ZombieJuju;
DWORD fProtocol;
DWORD CreationTime;
DWORD Lifespan;
DWORD DeferredJuju;
// List of cache entries assigned to a particular cache index.
LIST_ENTRY IndexEntryList;
// Global list of cache entries sorted by creation time.
LIST_ENTRY EntryList;
// Process ID of process that owns this cache entry.
ULONG ProcessID;
HMAPPER * phMapper;
// Handle to "Schannel" key container used to store the server's master
// secret. This will either be the one corresponding to the server's
// credentials or the 512-bit ephemeral key.
HCRYPTPROV hMasterProv;
// Whether 'hMasterProv' is an actual CSP or a static library.
DWORD dwCapiFlags;
// Master secret, from which all session keys are derived.
HCRYPTKEY hMasterKey;
ALG_ID aiCipher;
DWORD dwStrength;
ALG_ID aiHash;
DWORD dwCipherSuiteIndex; // used for managing reconnects
ExchSpec SessExchSpec;
DWORD dwExchStrength;
PCERT_CONTEXT pRemoteCert;
PUBLICKEY * pRemotePublic;
struct _SessCacheItem *pClonedItem;
// Server Side Client Auth related items
/* HLOCATOR */
HLOCATOR hLocator;
SECURITY_STATUS LocatorStatus;
// Local credentials.
PSPCredentialGroup pServerCred;
PSPCredential pActiveServerCred;
CRED_THUMBPRINT CredThumbprint; // credential group
CRED_THUMBPRINT CertThumbprint; // local certificate
// Cipher level (domestic, export, sgc, etc);
DWORD dwCF;
// Server certificate (pct only)
DWORD cbServerCertificate;
PBYTE pbServerCertificate;
// cache ID (usually machine name or ip address)
LPWSTR szCacheID;
LUID LogonId;
// Session ID for this session
DWORD cbSessionID;
UCHAR SessionID[SP_MAX_SESSION_ID];
// Clear key (pct only)
DWORD cbClearKey;
UCHAR pClearKey[SP_MAX_MASTER_KEY];
DWORD cbKeyArgs;
UCHAR pKeyArgs[SP_MAX_KEY_ARGS];
// This contains the client certificate that was sent to the server.
PCCERT_CONTEXT pClientCert;
// When a client credential is created automatically, the credential
// information is stored here.
PSPCredential pClientCred;
DWORD cbAppData;
PBYTE pbAppData;
} SessCacheItem, *PSessCacheItem;
typedef struct
{
PLIST_ENTRY SessionCache;
DWORD dwClientLifespan;
DWORD dwServerLifespan;
DWORD dwCleanupInterval;
DWORD dwCacheSize;
DWORD dwMaximumEntries;
DWORD dwUsedEntries;
LIST_ENTRY EntryList;
RTL_RESOURCE Lock;
BOOL LockInitialized;
} SCHANNEL_CACHE;
extern SCHANNEL_CACHE SchannelCache;
#define SP_CACHE_CLIENT_LIFESPAN (10 * 3600 * 1000) // 10 hours
#define SP_CACHE_SERVER_LIFESPAN (10 * 3600 * 1000) // 10 hours
#define SP_CACHE_CLEANUP_INTERVAL (5 * 60 * 1000) // 5 minutes
#define SP_MAXIMUM_CACHE_ELEMENTS 10000
#define SP_MASTER_KEY_CS_COUNT 50
extern BOOL g_fMultipleProcessClientCache;
extern BOOL g_fCacheInitialized;
// Perf counter values.
extern DWORD g_cClientHandshakes;
extern DWORD g_cServerHandshakes;
extern DWORD g_cClientReconnects;
extern DWORD g_cServerReconnects;
#define HasTimeElapsed(StartTime, CurrentTime, Interval) \
(((CurrentTime) > (StartTime) && \
(CurrentTime) - (StartTime) > (Interval)) || \
((CurrentTime) < (StartTime) && \
(CurrentTime) + (MAXULONG - (StartTime)) >= (Interval)))
/* SPInitSessionCache() */
/* inits the internal cache to CacheSize items */
SP_STATUS SPInitSessionCache(VOID);
SP_STATUS
SPShutdownSessionCache(VOID);
// Reference and dereference cache items
LONG SPCacheReference(PSessCacheItem pItem);
LONG SPCacheDereference(PSessCacheItem pItem);
void
SPCachePurgeCredential(
PSPCredentialGroup pCred);
void
SPCachePurgeProcessId(
ULONG ProcessId);
NTSTATUS
SPCachePurgeEntries(
LUID *LoginId,
ULONG ProcessID,
LPWSTR pwszTargetName,
DWORD Flags);
NTSTATUS
SPCacheGetInfo(
LUID * LogonId,
LPWSTR pszTargetName,
DWORD dwFlags,
PSSL_SESSION_CACHE_INFO_RESPONSE pCacheInfo);
NTSTATUS
SPCacheGetPerfmonInfo(
DWORD dwFlags,
PSSL_PERFMON_INFO_RESPONSE pPerfmonInfo);
/* Retrieve item from cache by SessionID.
* Auto-Reference the item if successful */
BOOL SPCacheRetrieveBySession(
struct _SPContext * pContext,
PBYTE pbSessionID,
DWORD cbSessionID,
PSessCacheItem *ppRetItem);
/* Retrieve item from cache by ID.
* Auto-Reference the item if successful */
BOOL
SPCacheRetrieveByName(
LPWSTR pwszName,
PSPCredentialGroup pCredGroup,
PSessCacheItem *ppRetItem);
/* find an empty cache item for use by a context */
BOOL
SPCacheRetrieveNew(
BOOL fServer,
LPWSTR pszTargetName,
PSessCacheItem * ppRetItem);
/* Locks a recently retrieved item into the cache */
BOOL
SPCacheAdd(
struct _SPContext * pContext);
/* Helper for REDO sessions */
BOOL
SPCacheClone(PSessCacheItem *ppRetItem);
NTSTATUS
SetCacheAppData(
PSessCacheItem pItem,
PBYTE pbAppData,
DWORD cbAppData);
NTSTATUS
GetCacheAppData(
PSessCacheItem pItem,
PBYTE *ppbAppData,
DWORD *pcbAppData);