Changeset 8823

Timestamp:

05/03/11 10:54:48 (2 years ago)

Author:

sampson

Message:

Coding Windows certificates

Location:

branches/windows-client

Files:

• projects/OrangeFS/client-service/client-service.vcxproj (modified) (1 diff)
• src/client/windows/client-service/cert.c (modified) (5 diffs)
• src/client/windows/client-service/client-service.h (modified) (1 diff)
• src/client/windows/client-service/config.c (modified) (4 diffs)
• src/client/windows/client-service/dokan-interface.c (modified) (1 diff)

branches/windows-client/projects/OrangeFS/client-service/client-service.vcxproj

@@ -27 +27 @@
   </ItemGroup>
   <ItemGroup>
+    <ClInclude Include="..\..\..\src\client\windows\client-service\cert.h" />
     <ClInclude Include="..\..\..\src\client\windows\client-service\client-service.h" />
     <ClInclude Include="..\..\..\src\client\windows\client-service\config.h" />

branches/windows-client/src/client/windows/client-service/cert.c

@@ -3 +3 @@
 
 #include <Windows.h>
+#include <LM.h>
 #include <stdio.h>
 
@@ -12 +13 @@
 #include <openssl/x509_vfy.h>
 
+#include "pvfs2.h"
+
+extern char *convert_wstring(const wchar_t *);
+extern wchar_t *convert_mbstring(const char *);
+
 /* initialize OpenSSL */
 static void openssl_init()
 {
+    SSL_library_init();
     SSL_load_error_strings();
     ERR_load_BIO_strings();
@@ -29 +36 @@
 
 /* load certificate from file (PEM format) */
-static unsigned long load_cert_from_file(char *path, X509 **cert)
+static unsigned long load_cert_from_file(char *path, 
+                                         X509 **cert)
 {
     FILE *f;
@@ -48 +56 @@
 
 /* verify certificate */
-static unsigned long verify_cert(X509 *cert, X509 *ca_cert)
+static unsigned long verify_cert(X509 *cert, 
+                                 X509 *ca_cert)
 {
     X509_STORE *trust_store;
@@ -93 +102 @@
     return err;
 }
+
+/* get user profile directory */
+static unsigned int get_profile_dir(char *userid, 
+                                    char *profile_dir)
+{
+    USER_INFO_4 user_info;
+    LPCWSTR wuserid;
+    int ret;
+    char *mbstr;
+
+    /* convert to unicode */
+    wuserid = convert_mbstring(userid);
+    if (wuserid == NULL)
+        return -1;
+
+    /* get user information */
+    ret = NetUserGetInfo(NULL, wuserid, 4, &user_info);
+
+    if (ret == 0)
+    {
+        mbstr = convert_wstring(user_info.usri4_profile);
+        if (mbstr == NULL) 
+        {
+            free(wuserid);
+            return -1;
+        }
+        
+        strcpy(profile_dir, mbstr);
+
+        free(mbstr);
+    }
+
+    free(wuserid);
+
+    return ret;
+}
+
+/* retrieve OrangeFS credentials from cert */
+static unsigned int get_cert_credentials(char *userid,
+                                         char *cert_dir_prefix,
+                                         char *ca_path,
+                                         PVFS_credentials *credentials)
+{
+    char cert_path[MAX_PATH];
+    char *temp;
+    X509 *cert, *ca_cert;
+    int ret;
+
+    if (userid == NULL || credentials == NULL ||
+        ca_path)
+        return -1;
+
+    /* checked for cached credentials */
+    ret = get_cached_credentials(userid, credentials);
+    if (ret == 0)
+    {
+        /* cache hit */
+        return 0;
+    }
+    else if (ret != 1)
+    {
+        /* error */
+        return ret;
+    }
+
+    /* credentials not in cache... */
+
+    /* locate the certificate and CA */
+    if (cert_dir_prefix != NULL)
+    {
+        if ((strlen(cert_dir_prefix) + strlen(userid) + 10) > MAX_PATH)
+        {
+            DbgPrint("User %s: path to cert too long\n", userid);
+            return -1;
+        }
+
+        /* cert file is cert.pem in directory of user name */
+        strcpy(cert_path, cert_dir_prefix);
+        strcat(cert_path, userid);
+        strcat(cert_path, "\\cert.pem");
+    }
+    else
+    {
+        /* get profile directory */
+        ret = get_profile_dir(userid, cert_path);
+        if (ret != 0)
+        {
+            DbgPrint("User %s: could not locate profile dir: %d\n", userid,
+                ret);
+            return ret;
+        }
+        
+        if (strlen(cert_path) + 9 >= MAX_PATH)
+        {
+            DbgPrint("User %s: profile dir too long\n", userid);
+            return -1;
+        }
+
+        strcat(cert_path, "\\cert.pem");
+    }
+
+    /* verify the certificate */
+    ret = load_cert_from_file(cert_path, &cert);
+    if (ret != 0)
+        return ret;
+
+    ret = load_cert_from_file(ca_path, &ca_cert);
+    if (ret != 0)
+    {
+        X509_free(cert);
+        return ret;
+    }
+    
+    /* read and cache credentials from certificate */
+
+}

branches/windows-client/src/client/windows/client-service/client-service.h

@@ -10 +10 @@
 {
     char mount_point[MAX_PATH];
+    char cert_dir_prefix[MAX_PATH];
+    char ca_path[MAX_PATH];
     int threads;
     int debug;

branches/windows-client/src/client/windows/client-service/config.c

@@ -32 +32 @@
             file_name = (char *) malloc(MAX_PATH);
             malloc_flag = TRUE;
-            strcpy(file_name, exe_path);
+            strncpy(file_name, exe_path, MAX_PATH-14);
             strcat(file_name, "\\orangefs.cfg");
 
@@ -172 +172 @@
                 continue;
 
-            if (!stricmp(token, "-mount") ||
-                !stricmp(token, "mount"))
+            if (!stricmp(token, "mount"))
             {
                 /* copy the remaining portion of the line 
@@ -186 +185 @@
                 strncpy(options->mount_point, token, MAX_PATH);
             }
-            else if (!stricmp(token, "-threads") ||
-                     !stricmp(token, "threads"))
+            else if (!stricmp(token, "threads"))
             {
                 /*
@@ -198 +196 @@
                 options->threads = atoi(token);
             }
-            else if (!stricmp(token, "-user") ||
-                     !stricmp(token, "user")) 
+            else if (!stricmp(token, "user")) 
             {
                 if (parse_user() != 0)
                 {
-                    fprintf(stderr, "-user option: parse error\n");
+                    fprintf(stderr, "user option: parse error\n");
                     close_config_file(config_file);
                     return 1;
                 }
             }
-            else if (!stricmp(token, "-debug") ||
-                     !stricmp(token, "debug"))
+            else if (!stricmp(token, "cert-dir-prefix"))
+            {
+                if (strlen(line) > 16)
+                {
+                    strncpy(options->cert_dir_prefix, line + 16, MAX_PATH-2);
+                    options->cert_dir_prefix[MAX_PATH-2] = '\0';
+                    if (options->cert_dir_prefix[strlen(options->cert_dir_prefix)-1] != '\\')
+                        strcat(options->cert_dir_prefix, "\\");
+                }
+                else
+                {
+                    fprintf(stderr, "cert-dir-prefix option: parse error\n");
+                }
+            }
+            else if (!stricmp(token, "ca-path"))
+            {
+                if (strlen(line) > 8)
+                {
+                    strncpy(options->ca_path, line + 8, MAX_PATH-2);
+                    options->ca_path[MAX_PATH-2] = '\0';
+                    if (options->ca_path[strlen(options->ca_path)-1] != '\\')
+                        strcat(options->ca_path, "\\");
+                }
+                else
+                {
+                    fprintf(stderr, "ca-path option: parse error\n");
+                }
+            }
+            else if (!stricmp(token, "debug"))
             {
                 options->debug = TRUE;

branches/windows-client/src/client/windows/client-service/dokan-interface.c

@@ -413 +413 @@
         err = GetLastError();
         DbgPrint("   LookupAccountSid failed: %u\n", err);
+        return err * -1;
     }