Apq
/
389-ds-base
mirror of https://github.com/389ds/389-ds-base.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214
							/** BEGIN COPYRIGHT BLOCK
 * This Program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU General Public License as published by the Free Software
 * Foundation; version 2 of the License.
 * 
 * This Program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with
 * this Program; if not, write to the Free Software Foundation, Inc., 59 Temple
 * Place, Suite 330, Boston, MA 02111-1307 USA.
 * 
 * In addition, as a special exception, Red Hat, Inc. gives You the additional
 * right to link the code of this Program with code not covered under the GNU
 * General Public License ("Non-GPL Code") and to distribute linked combinations
 * including the two, subject to the limitations in this paragraph. Non-GPL Code
 * permitted under this exception must only link to the code of this Program
 * through those well defined interfaces identified in the file named EXCEPTION
 * found in the source code files (the "Approved Interfaces"). The files of
 * Non-GPL Code may instantiate templates or use macros or inline functions from
 * the Approved Interfaces without causing the resulting work to be covered by
 * the GNU General Public License. Only Red Hat, Inc. may make changes or
 * additions to the list of Approved Interfaces. You must obey the GNU General
 * Public License in all respects for all of the Program code and other code used
 * in conjunction with the Program except the Non-GPL Code covered by this
 * exception. If you modify this file, you may extend this exception to your
 * version of the file, but you are not obligated to do so. If you do not wish to
 * provide this exception without modification, you must delete this exception
 * statement from your version and license this file solely under the GPL without
 * exception. 
 * 
 * 
 * Copyright (C) 2001 Sun Microsystems, Inc. Used by permission.
 * Copyright (C) 2005 Red Hat, Inc.
 * All rights reserved.
 * END COPYRIGHT BLOCK **/

#ifdef HAVE_CONFIG_H
#  include <config.h>
#endif

/******************************************************
 *
 *  ntuserpin.c - Prompts for the key
 *  database passphrase.
 *
 ******************************************************/

#if defined( _WIN32 )

#include <windows.h>
#include "ntwatchdog.h"
#include "slapi-plugin.h"
#include "fe.h"

#undef Debug
#undef OFF
#undef LITTLE_ENDIAN

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include "slap.h"
#include "fe.h"

static int i=0;
static int cbRemotePassword = 0;

extern char* NT_PromptForPin(const char *tokenName);

static const char nt_retryWarning[] =
"Warning: You entered an incorrect PIN. Incorrect PIN may result in disabling the token";

struct SVRCORENTUserPinObj
{
  SVRCOREPinObj base;
};
static const struct SVRCOREPinMethods vtable;

/* ------------------------------------------------------------ */
SVRCOREError
SVRCORE_CreateNTUserPinObj(SVRCORENTUserPinObj **out)
{
  SVRCOREError err = 0;
  SVRCORENTUserPinObj *obj = 0;

  do {
    obj = (SVRCORENTUserPinObj*)malloc(sizeof (SVRCORENTUserPinObj));
    if (!obj) { err = 1; break; }

    obj->base.methods = &vtable;

  } while(0);

  if (err)
  {
    SVRCORE_DestroyNTUserPinObj(obj);
    obj = 0;
  }

  *out = obj;
  return err;
}

void
SVRCORE_DestroyNTUserPinObj(SVRCORENTUserPinObj *obj)
{
  if (obj) free(obj);
}

static void destroyObject(SVRCOREPinObj *obj)
{
  SVRCORE_DestroyNTUserPinObj((SVRCORENTUserPinObj*)obj);
}

/* First try to retrieve the password from the watchdog,
   if this is not available, prompt for the passphrase. */

static char *getPin(SVRCOREPinObj *obj, const char *tokenName, PRBool retry)
{
    HWND hwndRemote;
    char *szRemotePassword = NULL;
    HANDLE hRemoteProcess;
    DWORD dwNumberOfBytesRead=0;
    DWORD dwNumberOfBytesWritten=0;
    PK11_PIN *buf= NULL;
    char *password = NULL;
    char pin[MAX_PASSWORD];
    BOOL ret;
    DWORD err = 0;

    // Find Watchdog application window
    if( pszServerName && (hwndRemote = FindWindow("slapd", pszServerName)) && 
	(hRemoteProcess = (HANDLE)GetWindowLong( hwndRemote, 
	GWL_PROCESS_HANDLE)))
    {
	cbRemotePassword = GetWindowLong(hwndRemote, GWL_PASSWORD_LENGTH);
	szRemotePassword = (HANDLE)GetWindowLong(hwndRemote, GWL_PASSWORD_ADDR);
	
	// if retry, don't get the pin from watchdog 
    	if (retry)
    	{
            MessageBox(GetDesktopWindow(), nt_retryWarning,
                        "Fedora Server", MB_ICONEXCLAMATION | MB_OK);
	} else {
	    if((cbRemotePassword != 0) && (szRemotePassword != 0))
	    {
	        buf = (PK11_PIN *)slapi_ch_malloc(sizeof
		    (PK11_PIN)*cbRemotePassword);
	    	if(ReadProcessMemory(hRemoteProcess, szRemotePassword, 
		    (LPVOID)buf,sizeof(PK11_PIN)*cbRemotePassword , 
		    &dwNumberOfBytesRead))
	        {

		    for (i=0; i < cbRemotePassword; i++) {
		        if (strncmp (tokenName, buf[i].TokenName,
				buf[i].TokenLength)==0) 
			{
			    memset(pin, '\0', MAX_PASSWORD);
		    	    PL_strncpyz (pin, buf[i].Password, sizeof(pin));
	    		    slapi_ch_free ((void **) &buf);
			    return slapi_ch_strdup(pin);
		        }
		    }
	        }
	    }
        }
    }

   /* Didn't get the password from Watchdog, or this is a retry,
    prompt the user. */

   password = NT_PromptForPin(tokenName);

   /* Store the password back to nt watchdog */
    if (password != NULL && hwndRemote && hRemoteProcess) 
    {
	slapi_ch_free ((void **) &buf);
	buf = (PK11_PIN *)slapi_ch_malloc(sizeof(PK11_PIN));
	PL_strncpyz (buf[0].TokenName, tokenName, sizeof(buf[0].TokenName));
	buf[0].TokenLength=strlen(buf[0].TokenName);
	PL_strncpyz (buf[0].Password, password, sizeof(buf[0].Password));
	buf[0].PasswordLength=strlen(buf[0].Password);
	if (i== cbRemotePassword)
    	{
	    /* Add a new token and password to the end of the table.*/

	    SetWindowLong(hwndRemote, GWL_PASSWORD_LENGTH, 
	    (LONG)cbRemotePassword+1);
	    ret = WriteProcessMemory(hRemoteProcess, 
	    szRemotePassword+cbRemotePassword*sizeof(PK11_PIN),
	    (LPVOID)buf, sizeof(PK11_PIN), &dwNumberOfBytesWritten);
	    if( !ret )
		err = GetLastError();
	} else {
	    /* This is a retry due to a wrong password stored in watchdog. */
	    ret  = WriteProcessMemory(hRemoteProcess, 
		szRemotePassword+i*sizeof(PK11_PIN),(LPVOID)buf,
        	sizeof(PK11_PIN), &dwNumberOfBytesWritten);
	    if( !ret )
		err = GetLastError();
	}
    }
    slapi_ch_free ((void **) &buf);
    return (password);
}

/*
 * VTable
 */
static const SVRCOREPinMethods vtable =
{ 0, 0, destroyObject, getPin };
#endif /* defined( _WIN32 ) */