Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

970 lines
26 KiB

/*++
Copyright (c) 1998 Microsoft Corporation
Module Name:
cache.cxx
Abstract:
Credential cache object for digest sspi package.
Author:
Adriaan Canter (adriaanc) 01-Aug-1998
--*/
#include "include.hxx"
//-----------------CCredCache Private Functions --------------------------------
//--------------------------------------------------------------------
// CCredCache::Lock
//--------------------------------------------------------------------
BOOL CCredCache::Lock()
{
BOOL bRet;
DWORD dwError;
dwError = WaitForSingleObject(_hMutex, INFINITE);
switch (dwError)
{
// Mutex is signalled. We own the mutex. Fall through.
case WAIT_OBJECT_0:
// The thread owning the mutex failed to release it
// before terminating. We still own the mutex.
case WAIT_ABANDONED:
bRet = TRUE;
break;
// Fall through.
case WAIT_FAILED:
// Fail.
default:
bRet = FALSE;
}
return bRet;
}
//--------------------------------------------------------------------
// CCredCache::Unlock
//--------------------------------------------------------------------
BOOL CCredCache::Unlock()
{
BOOL bRet;
bRet = ReleaseMutex(_hMutex);
return bRet;
}
//--------------------------------------------------------------------
// CCredCache::GetPtrToObject
//--------------------------------------------------------------------
LPDWORD CCredCache::GetPtrToObject(DWORD dwObject)
{
return _pMMFile->GetHeaderData(dwObject);
}
//--------------------------------------------------------------------
// CCredCache::SearchCredList
//--------------------------------------------------------------------
CCred* CCredCache::SearchCredList(CSess *pSess, LPSTR szHost,
LPSTR szRealm, LPSTR szUser, BOOL fMatchHost)
{
CList CredList;
CCred *pMatch = NULL;
if (!pSess->dwCred)
goto exit;
CredList.Init(&pSess->dwCred);
while (pMatch = (CCred*) CredList.GetNext())
{
if ((!szRealm || !lstrcmpi(szRealm, CCred::GetRealm(pMatch)))
&& (!szUser || !lstrcmpi(szUser, CCred::GetUser(pMatch))))
{
if (!fMatchHost)
break;
CNonce *pNonce;
CList NonceList;
NonceList.Init(&pMatch->dwNonce);
while (pNonce = (CNonce*) NonceList.GetNext())
{
if (CNonce::IsHostMatch(pNonce, szHost))
goto exit;
}
pMatch = NULL;
break;
}
}
exit:
return pMatch;
}
//--------------------------------------------------------------------
// CCredCache::UpdateInfoList
//--------------------------------------------------------------------
CCredInfo* CCredCache::UpdateInfoList(CCredInfo *pInfo, CCredInfo *pHead)
{
CCredInfo *pList, *pCur;
BOOL fUpdate = TRUE;
if (!pHead)
return (pInfo);
pList = pCur = pHead;
while (pCur)
{
// Do entry usernames match ?
if (!strcmp(pInfo->szUser, pCur->szUser))
{
// Is the new entry timestamp greater?
if (pInfo->tStamp > pCur->tStamp)
{
// De-link existing entry.
if (pCur->pPrev)
pCur->pPrev->pNext = pCur->pNext;
else
pList = pCur->pNext;
if (pCur->pNext)
pCur->pNext->pPrev = pCur->pPrev;
// Delete existing entry.
delete pCur;
}
else
{
// Found a match but time stamp
// of existing entry was greater.
fUpdate = FALSE;
}
break;
}
pCur = pCur->pNext;
}
// If we superceded an existing matching entry
// or found no matching entries, prepend to list.
if (fUpdate)
{
pInfo->pNext = pList;
if (pList)
pList->pPrev = pInfo;
pList = pInfo;
}
return pList;
}
//-----------------CCredCache Public Functions --------------------------------
//--------------------------------------------------------------------
// CCredCache::GetHeapPtr
//--------------------------------------------------------------------
DWORD_PTR CCredCache::GetHeapPtr()
{
return _pMMFile->GetMapPtr();
}
//--------------------------------------------------------------------
// CCredCache::IsTrustedHost
// BUGBUG - no limits on szCtx
//--------------------------------------------------------------------
BOOL CCredCache::IsTrustedHost(LPSTR szCtx, LPSTR szHost)
{
CHAR szBuf[MAX_PATH];
CHAR szRegPath[MAX_PATH];
DWORD dwType, dwError, cbBuf = MAX_PATH;
BOOL fRet = FALSE;
HKEY hHosts = (HKEY) INVALID_HANDLE_VALUE;
memcpy(szRegPath, DIGEST_HOSTS_REG_KEY, sizeof(DIGEST_HOSTS_REG_KEY) - 1);
memcpy(szRegPath + sizeof(DIGEST_HOSTS_REG_KEY) - 1, szCtx, strlen(szCtx) + 1);
if ((dwError = RegCreateKey(HKEY_CURRENT_USER, szRegPath, &hHosts)) == ERROR_SUCCESS)
{
if ((dwError = RegQueryValueEx(hHosts, szHost, NULL, &dwType, (LPBYTE) szBuf, &cbBuf)) == ERROR_SUCCESS)
{
fRet = TRUE;
}
}
if (hHosts != INVALID_HANDLE_VALUE)
RegCloseKey(hHosts);
return fRet;
}
//--------------------------------------------------------------------
// CCredCache::SetTrustedHostInfo
//--------------------------------------------------------------------
BOOL CCredCache::SetTrustedHostInfo(LPSTR szCtx, CParams *pParams)
{
CHAR szRegPath[MAX_PATH], *szUrlBuf = NULL, *szHostBuf = NULL;
DWORD dwZero = 0, dwError = ERROR_SUCCESS, cbUrlBuf, cbHostBuf;
BOOL fRet = FALSE;
HKEY hHosts = (HKEY) INVALID_HANDLE_VALUE;
// Form path to trusted host reg key.
memcpy(szRegPath, DIGEST_HOSTS_REG_KEY, sizeof(DIGEST_HOSTS_REG_KEY) - 1);
memcpy(szRegPath + sizeof(DIGEST_HOSTS_REG_KEY) - 1, szCtx, strlen(szCtx) + 1);
// Open top-level reg key.
if ((dwError = RegCreateKey(HKEY_CURRENT_USER, szRegPath, &hHosts)) != ERROR_SUCCESS)
goto exit;
// First set authenticating host in registry.
LPSTR szHost;
szHost = pParams->GetParam(CParams::HOST);
DIGEST_ASSERT(szHost);
if ((dwError = RegSetValueEx(hHosts, szHost, NULL, REG_DWORD,
(LPBYTE) &dwZero, sizeof(DWORD))) != ERROR_SUCCESS)
goto exit;
// Now check the domain header for any additional trusted hosts.
LPSTR szDomain, pszUrl;
DWORD cbDomain, cbUrl;
pszUrl = NULL;
pParams->GetParam(CParams::DOMAIN, &szDomain, &cbDomain);
if (!szDomain)
{
fRet = TRUE;
goto exit;
}
// Parse the domain header for urls. Crack each url to get the
// host and set the host value in the registry.
// First attempt to load shlwapi. If this fails then we simply do not have
// domain header support.
if (!g_hShlwapi)
{
g_hShlwapi = LoadLibrary(SHLWAPI_DLL_SZ);
if (!g_hShlwapi)
{
dwError = ERROR_DLL_INIT_FAILED;
goto exit;
}
}
// Attempt to get addresses of UrlUnescape and UrlGetPart
PFNURLUNESCAPE pfnUrlUnescape;
PFNURLGETPART pfnUrlGetPart;
pfnUrlUnescape = (PFNURLUNESCAPE) GetProcAddress(g_hShlwapi, "UrlUnescapeA");
pfnUrlGetPart = (PFNURLGETPART) GetProcAddress(g_hShlwapi, "UrlGetPartA");
if (!(pfnUrlUnescape && pfnUrlGetPart))
{
dwError = ERROR_INVALID_FUNCTION;
goto exit;
}
// Strtok through string to get each url (ws and tab delimiters)
pszUrl = NULL;
while (pszUrl = strtok((pszUrl ? NULL : szDomain), " \t"))
{
// Allocate a buffer for the url since we will first unescape it.
// Also allocate buffer for host which will be returned from
// call to shlwapi. Unescaped url and host buffer sizes are
// bounded by length of original url.
cbUrl = strlen(pszUrl) + 1;
cbUrlBuf = cbHostBuf = cbUrl;
szUrlBuf = new CHAR[cbUrlBuf];
szHostBuf = new CHAR[cbHostBuf];
if (!(szUrlBuf && szHostBuf))
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
// Copy strtoked url to buffer.
memcpy(szUrlBuf, pszUrl, cbUrl);
// Unescape the url
if (S_OK == pfnUrlUnescape(szUrlBuf, NULL, NULL, URL_UNESCAPE_INPLACE))
{
// If unescape is successful, parse host from url.
if (S_OK == pfnUrlGetPart(szUrlBuf, szHostBuf, &cbHostBuf, URL_PART_HOSTNAME, 0))
{
// If parse is successful, set host in registry.
if ((dwError = RegSetValueEx(hHosts, szHostBuf, NULL, REG_DWORD,
(LPBYTE) &dwZero, sizeof(DWORD))) != ERROR_SUCCESS)
goto exit;
}
}
delete [] szUrlBuf;
delete [] szHostBuf;
szUrlBuf = szHostBuf = NULL;
}
fRet = TRUE;
// Cleanup.
exit:
DIGEST_ASSERT(dwError == ERROR_SUCCESS);
if (hHosts != INVALID_HANDLE_VALUE)
RegCloseKey(hHosts);
if (szUrlBuf)
delete [] szUrlBuf;
if (szHostBuf)
delete [] szHostBuf;
return fRet;
}
//--------------------------------------------------------------------
// CCredCache::MapHandleToSession
//--------------------------------------------------------------------
// BUGBUG - don't walk the sessionlist, just obfuscate the ptr in handle.
CSess *CCredCache::MapHandleToSession(DWORD_PTR dwSess)
{
// BUGBUG - if locking fails, return error directly,
// no last error.
CSess *pSess = NULL;
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
_pSessList->Seek();
while (pSess = (CSess*) _pSessList->GetNext())
{
if ((CSess*) (dwSess + (DWORD_PTR) _pMMFile->GetMapPtr()) == pSess)
break;
}
Unlock();
exit:
return pSess;
}
//--------------------------------------------------------------------
// CCredCache::MapSessionToHandle
//--------------------------------------------------------------------
DWORD CCredCache::MapSessionToHandle(CSess* pSess)
{
DWORD dwSess = 0;
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
dwSess = (DWORD) ((DWORD_PTR) pSess - _pMMFile->GetMapPtr());
Unlock();
exit:
return dwSess;
}
// BUGBUG - init mutex issues.
//--------------------------------------------------------------------
// CCredCache::CCredCache
//--------------------------------------------------------------------
CCredCache::CCredCache()
{
Init();
}
//--------------------------------------------------------------------
// CCredCache::~CCredCache
//--------------------------------------------------------------------
CCredCache::~CCredCache()
{
DeInit();
}
//--------------------------------------------------------------------
// CCredCache::Init
//--------------------------------------------------------------------
DWORD CCredCache::Init()
{
BOOL fFirstProc;
CHAR szMutexName[MAX_PATH];
DWORD cbMutexName = MAX_PATH;
_dwSig = SIG_CACH;
// IE5# 89288
// Get mutex name based on user
if ((_dwStatus = CMMFile::MakeUserObjectName(szMutexName,
&cbMutexName, MAKE_MUTEX_NAME)) != ERROR_SUCCESS)
return _dwStatus;
// Create/Open mutex.
_hMutex = CreateMutex(NULL, FALSE, szMutexName);
// BUGBUG - this goes at a higher level.
// BUGBUG - also watch out for failure to create mutex
// and then unlocking it.
if (_hMutex)
{
// Created/opened mutex. Flag if we're first process.
fFirstProc = (GetLastError() != ERROR_ALREADY_EXISTS);
}
else
{
// Failed to create/open mutex.
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
// Acquire mutex.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
return _dwStatus;
}
// Open or create memory map.
_pMMFile = new CMMFile(CRED_CACHE_HEAP_SIZE,
CRED_CACHE_ENTRY_SIZE);
if (!_pMMFile)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
_dwStatus = _pMMFile->Init();
if (_dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
goto exit;
}
g_pHeap = GetHeapPtr();
// Initialize session list.
// BUGBUG - check return codes on failure.
_pSessList = new CList();
DIGEST_ASSERT(_pSessList);
_pSessList->Init(GetPtrToObject(CRED_CACHE_SESSION_LIST));
exit:
// Relase mutex.
Unlock();
return _dwStatus;
}
//--------------------------------------------------------------------
// CCredCache::DeInit
//--------------------------------------------------------------------
DWORD CCredCache::DeInit()
{
// bugbug - assert session list is null and destroy.
// bugbug - release lock before closing handle.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
delete _pMMFile;
_dwStatus = CloseHandle(_hMutex);
Unlock();
exit:
return _dwStatus;
}
//--------------------------------------------------------------------
// CCredCache::LogOnToCache
//--------------------------------------------------------------------
CSess *CCredCache::LogOnToCache(LPSTR szAppCtx, LPSTR szUserCtx, BOOL fHTTP)
{
CSess *pSessNew = NULL;
BOOL fLocked = FALSE;
// Obtain mutex.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
fLocked = TRUE;
// For non-http clients, find or create the single
// global session which all non-http clients use.
if (!fHTTP)
{
CSess * pSess;
pSess = NULL;
_pSessList->Seek();
while (pSess = (CSess*) _pSessList->GetNext())
{
if (!pSess->fHTTP)
{
// Found the session.
pSessNew = pSess;
_dwStatus = ERROR_SUCCESS;
goto exit;
}
}
if (!pSessNew)
{
// Create the non-http gobal session.
pSessNew = CSess::Create(_pMMFile, NULL, NULL, FALSE);
}
}
else
{
// Create a session context; add to list.
pSessNew = CSess::Create(_pMMFile, szAppCtx, szUserCtx, TRUE);
}
if (!pSessNew)
{
// This reflects running out of space in the memmap
// file. Shouldn't happen in practice.
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
// Push this session on to the session list.
_pSessList->Insert(pSessNew);
_dwStatus = ERROR_SUCCESS;
exit:
// Release mutex.
if(fLocked)
Unlock();
return pSessNew;
}
//--------------------------------------------------------------------
// CCredCache::LogOffFromCache
//--------------------------------------------------------------------
DWORD CCredCache::LogOffFromCache(CSess *pSess)
{
CList CredList;
CCred *pCred;
// Obtain mutex.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
if (pSess->fHTTP)
{
// Purge all credentials for this session.
// BUGBUG - not needed.
// CredList.Init((CEntry **) &pSess->pCred);
// Flush all credentials for this session
// This will also delete nonces.
FlushCreds(pSess, NULL);
// Finally, free the session.
_pSessList->DeLink(pSess);
CEntry::Free(_pMMFile, pSess);
}
_dwStatus = ERROR_SUCCESS;
// Release mutex.
Unlock();
exit:
return _dwStatus;
}
//--------------------------------------------------------------------
// CCredCache::CreateCred
//--------------------------------------------------------------------
CCred* CCredCache::CreateCred(CSess *pSess, CCredInfo *pInfo)
{
CCred* pCred = NULL, *pCredList;
CList CredList;
// Obtain mutex.
if (!Lock())
{
_dwStatus = GetLastError();
goto exit;
}
// First check to see if any credential in this session matches realm.
pCred = SearchCredList(pSess, NULL, pInfo->szRealm, NULL, FALSE);
if (pCred)
{
CredList.Init(&pSess->dwCred);
CredList.DeLink(pCred);
CCred::Free(_pMMFile, pSess, pCred);
}
// Create a credential.
// BUGBUG - this could fail, transact any cred update.
pCred = CCred::Create(_pMMFile, pInfo->szHost, pInfo->szRealm,
pInfo->szUser, pInfo->szPass, pInfo->szNonce, pInfo->szCNonce);
DIGEST_ASSERT(pCred);
// Insert into head of session's credential list.
if (!CSess::GetCred(pSess))
CSess::SetCred(pSess, pCred);
else
{
CredList.Init(&pSess->dwCred);
CredList.Insert(pCred);
}
_dwStatus = ERROR_SUCCESS;
// Relase mutex.
Unlock();
exit:
return pCred;
}
//--------------------------------------------------------------------
// CCredCache::FindCred
//--------------------------------------------------------------------
CCredInfo* CCredCache::FindCred(CSess *pSessIn, LPSTR szHost,
LPSTR szRealm, LPSTR szUser, LPSTR szNonce,
LPSTR szCNonce, DWORD dwFlags)
{
CCred *pCred;
CCredInfo *pInfo = NULL;
BOOL fLocked = FALSE;
// Obtain mutex.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
goto exit;
}
fLocked = TRUE;
// If finding a credential for preauthentication.
if (dwFlags & FIND_CRED_PREAUTH)
{
// First search this session's credential list for a match,
// filtering on the host field in available nonces.
pCred = SearchCredList(pSessIn, szHost, szRealm, szUser, TRUE);
// If a credential is found the nonce is also required.
// We do not attempt to search other sessions for a nonce
// because nonce counts must remain in sync. See note below.
if (pCred)
{
// Increment this credential's nonce count.
CNonce *pNonce;
pNonce = CCred::GetNonce(pCred, szHost, SERVER_NONCE);
if (pNonce)
{
pNonce->cCount++;
pInfo = new CCredInfo(pCred, szHost);
if (!pInfo || pInfo->dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
}
}
}
// Otherwise if finding a credential for response to challenge.
else if (dwFlags & FIND_CRED_AUTH)
{
// First search this session's credential list for a match,
// ignoring the host field in available nonces.
pCred = SearchCredList(pSessIn, NULL, szRealm, szUser, FALSE);
// If a credential was found.
if (pCred)
{
// Update the credential's nonce value if extant.
// SetNonce will update any existing nonce entry
// or create a new one if necessary.
CCred::SetNonce(_pMMFile, pCred, szHost, szNonce, SERVER_NONCE);
// BUGBUG - if credential contains a client nonce for a host,
// (for MD5-sess) and is challenged for MD5, we don't revert
// the credential's client nonce to null, so that on subsequent
// auths we will default to MD5. Fix is to delete client nonce
// in this case. Not serious problem though since we don't expect this.
if (szCNonce)
CCred::SetNonce(_pMMFile, pCred, szHost, szCNonce, CLIENT_NONCE);
// Increment this credential's nonce count.
CNonce *pNonce;
pNonce = CCred::GetNonce(pCred, szHost, SERVER_NONCE);
pNonce->cCount++;
// Create and return the found credential.
pInfo = new CCredInfo(pCred, szHost);
if (!pInfo || pInfo->dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
}
// If no credential was found and the username has been specified
// also search other sessions for the latest matching credential.
else if (szUser)
{
CSess* pSessCur;
_pSessList->Seek();
CCred* pMatch;
while (pSessCur = (CSess*) _pSessList->GetNext())
{
// We've already searched the session passed in.
if (pSessIn == pSessCur)
continue;
// Are this session's credentials shareable?
if (CSess::CtxMatch(pSessIn, pSessCur))
{
// Find latest credential based on time stamp.
CCred *pCredList;
pMatch = SearchCredList(pSessCur, NULL, szRealm, szUser, FALSE);
if (pMatch && ((!pCred || (pMatch->tStamp > pCred->tStamp))))
{
pCred = pMatch;
}
}
}
// If we found a credential in another session, duplicate it
// and add it to the passed in session's credential list.
// NOTE : WHEN CREATING THE CREDENTIAL DO NOT DUPLICATE
// THE NONCE, OTHERWISE NONCE COUNTS WILL BE INCORRECT.
// USE THE NONCE SUPPLIED IN THE CHALLENGE.
if (pCred)
{
// Create a cred info from the found credential
// and the nonce received from the challenge.
pInfo = new CCredInfo(szHost, CCred::GetRealm(pCred),
CCred::GetUser(pCred), CCred::GetPass(pCred),
szNonce, szCNonce);
if (!pInfo || pInfo->dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
// Create the credential in the session list.
pCred = CreateCred(pSessIn, pInfo);
// Increment this credential's nonce count
CNonce *pNonce;
pNonce = CCred::GetNonce(pCred, szHost, SERVER_NONCE);
pNonce->cCount++;
}
}
}
// Otherwise we are prompting for UI.
else if (dwFlags & FIND_CRED_UI)
{
// First search this session's credential list for a match,
// ignoring the host field in available nonces.
pCred = SearchCredList(pSessIn, NULL, szRealm, szUser, FALSE);
if (pCred)
{
// Create and return the found credential.
pInfo = new CCredInfo(szHost, CCred::GetRealm(pCred),
CCred::GetUser(pCred), CCred::GetPass(pCred),
szNonce, szCNonce);
if (!pInfo || pInfo->dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
}
else
{
// No credential found in this session's list. Search
// the credentials in other sessions and assemble a list
// of available credentials. If multiple credentials
// are found for a user, select the latest based on
// time stamp.
CSess* pSessCur;
_pSessList->Seek();
while (pSessCur = (CSess*) _pSessList->GetNext())
{
// We've already searched the session passed in.
if (pSessIn == pSessCur)
continue;
// Are this session's credentials shareable?
if (CSess::CtxMatch(pSessIn, pSessCur))
{
pCred = SearchCredList(pSessCur, NULL, szRealm, szUser, FALSE);
if (pCred)
{
// Found a valid credential.
CCredInfo *pNew;
pNew = new CCredInfo(szHost, CCred::GetRealm(pCred),
CCred::GetUser(pCred), CCred::GetPass(pCred),
szNonce, szCNonce);
if (!pNew || pNew->dwStatus != ERROR_SUCCESS)
{
DIGEST_ASSERT(FALSE);
_dwStatus = ERROR_NOT_ENOUGH_MEMORY;
goto exit;
}
// Update list based on timestamps.
pInfo = UpdateInfoList(pNew, pInfo);
}
}
}
}
}
_dwStatus = ERROR_SUCCESS;
exit:
// Clean up allocated cred infos if
// we failed for some reason.
// bugbug - clean this up.
if (_dwStatus != ERROR_SUCCESS)
{
CCredInfo *pNext;
while (pInfo)
{
pNext = pInfo->pNext;
delete pInfo;
pInfo = pNext;
}
pInfo = NULL;
}
// Relase mutex.
if(fLocked)
Unlock();
// Return any CCredInfo found, possibly a list or NULL.
return pInfo;
}
//--------------------------------------------------------------------
// CCredCache::FlushCreds
//--------------------------------------------------------------------
VOID CCredCache::FlushCreds(CSess *pSess, LPSTR szRealm)
{
CSess *pSessCur;
CCred *pCred;
CList CredList;
// Obtain mutex.
if (!Lock())
{
DIGEST_ASSERT(FALSE);
_dwStatus = GetLastError();
return;
}
// BUGBUG - don't scan through all sessions.
// BUGBUG - abstract cred deletion.
// Flush all credentials if no session specified
// or only the credentials of the indicated session.
_pSessList->Seek();
while (pSessCur = (CSess*) _pSessList->GetNext())
{
if (pSess && (pSessCur != pSess))
continue;
CredList.Init(&pSessCur->dwCred);
while (pCred = (CCred*) CredList.GetNext())
{
// If a realm is specified, only delete
// credentials with that realm.
if (!szRealm || (!strcmp(szRealm, CCred::GetRealm(pCred))))
CCred::Free(_pMMFile, pSessCur, pCred);
}
}
// Release mutex.
Unlock();
}
//--------------------------------------------------------------------
// CCredCache::GetStatus
//--------------------------------------------------------------------
DWORD CCredCache::GetStatus()
{
return _dwStatus;
}