DevelopmentSecurityLibrary - jadeDevelopmentUserInfo

[ConvertFromOldNGs]

by johnmunro >> Tue, 10 Aug 2004 17:30:51 GMT

I am trying to write a very simple DevelopmentSecurityLibrary for our dev system. What I want it to do is just verify that the username and password the user has typed into the Jade dialog is a valid user on the domain. It's a fair medium term solution to the authentication issue we currently have.

The problem is, everything I know about C++ can be written on the back of a very small stamp...

I've finally managed to get my dll to export the required functions, and Jade is able to use them (if I just put return 0 in the function it lets you in, return 1 and it doesn't). Obviously a dll that either lets everyone in or lets nobody in isn't much use (but you wouldn't believe how long it took to get here).

So after some research, I found out that the way to verify login credentials with Windows is to call LogonUser. If the credentials are valid, it gives you a handle for use with other API calls, which we don't need for anything, but need to release using CloseHandle. I've changed the jadeDevelopmentUserInfo function to use these as best I can, but it won't compile. My function looks like this:

extern "C" DllExport int JOMAPI jadeDevelopmentUserInfo(const Character *userName, const Character *password)
{
PHANDLE phToken;

if(LogonUser(userName, "mydomain", password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, phToken))
{
CloseHandle phToken;

return 0; // access granted
}
else
{
return 1; // access denied
}
}

It gets a compile error on the LogonUser line - 'LogonUserA' : cannot convert parameter 1 from 'const char *' to 'char *'

Now I have no idea what it means or how to fix it, but I tried taking the "const"s off of the function signature. I don't know if this will cause other problems further down the line, but it allowed the compiler to take another half-step before falling down.

Now the compile error is on the PHANDLE line - syntax error : missing ';' before identifier 'phToken'

I'm lost - if anyone out there is a C++ whiz and can help me out, that would be great...


John Munro

FileVision UK Ltd.
The Bioscience Innovation Centre
Cowley Road, Cambridge, UK
CB4 0DS

Telephone: +44 (0) 1223 478200
Fax: +44 (0) 1223 477969
Email: john.munro@filevision.com
Web: http://www.filevision.com

The contents of this communication are confidential and are only intended to be read by the addressee. We apologize if you receive this communication in error and ask that you contact FileVision UK Ltd. immediately to arrange for its return. The use of any information contained in this communication by an unauthorized person is strictly prohibited. FileVision UK Ltd. cannot accept responsibility for the accuracy or completeness of this communication as it is being transmitted over a public network. If you suspect this message may have been intercepted or amended, please inform FileVision UK Ltd.

[ConvertFromOldNGs]

by allistar >> Wed, 11 Aug 2004 11:38:05 GMT

Hi John,
The following compiles, but I haven't checked to see if it works as expected:

extern "C" DllExport int JOMAPI jadeDevelopmentUserInfo(const Character *userName, const Character *password)
{
HANDLE hToken;
if(LogonUser((char*)userName, "mydomain", (char*)password, LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, &hToken)) {
CloseHandle(hToken);
return 0;
} else {
return 1;
}
}

You should be able to cast the const char*'s to char* to keep the compiler happy. Also you missed the brackets in the CloseHandle function. I changed the type of the handle from PHANDLE to HANDLE, which you pass through the memory address of (hence the "&") in the LogonUser call.

Regards,
Allistar.
--
------------------------------------------------------------------
Allistar Melville
Software Developer, Analyst allistar@silvermoon.co.nz
Auckland, NEW ZEALAND

Silvermoon Software
Specialising in JADE development and consulting
Visit us at: http://www.silvermoon.co.nz
*NEW* Simple web access to Jade at: www.silvermoon.co.nz/jhp.html ------------------------------------------------------------------

[ConvertFromOldNGs]

by johnmunro >> Thu, 12 Aug 2004 9:40:21 GMT

thanks, that works!

out of curiosity, how many other people out there have created a dll for controlling access to the dev environment? do you maintain an external database of usernames/passwords/permissions or is that hardcoded or...? i'm just curious because I don't remember seeing this mentioned in the newsgroups before


John Munro

FileVision UK Ltd.
The Bioscience Innovation Centre
Cowley Road, Cambridge, UK
CB4 0DS

Telephone: +44 (0) 1223 478200
Fax: +44 (0) 1223 477969
Email: john.munro@filevision.com
Web: http://www.filevision.com

The contents of this communication are confidential and are only intended to be read by the addressee. We apologize if you receive this communication in error and ask that you contact FileVision UK Ltd. immediately to arrange for its return. The use of any information contained in this communication by an unauthorized person is strictly prohibited. FileVision UK Ltd. cannot accept responsibility for the accuracy or completeness of this communication as it is being transmitted over a public network. If you suspect this message may have been intercepted or amended, please inform FileVision UK Ltd.

[ConvertFromOldNGs]

by allistar >> Sat, 14 Aug 2004 0:47:59 GMT

Hi John,
One of my clients has a medium sized development team, spread over all three islands (NI, SI and Australia) of between 6 and 10 people and we don't bother with development environment security. It has never been a problem that we have needed to find a solution for. Access into our systems is done via Metaframe or a secure VPN.

Regards,
Allistar.

------------------------------------------------------------------
Allistar Melville
Software Developer, Analyst allistar@silvermoon.co.nz
Auckland, NEW ZEALAND

Silvermoon Software
Specialising in JADE development and consulting
Visit us at: http://www.silvermoon.co.nz
*NEW* Simple web access to Jade at: www.silvermoon.co.nz/jhp.html ------------------------------------------------------------------

[ConvertFromOldNGs]

by johnmunro >> Mon, 16 Aug 2004 14:25:12 GMT

Yes, I would have liked to have used VPN but we had some issues with it so we had to use SSL and deve env security



John Munro

FileVision UK Ltd.
The Bioscience Innovation Centre
Cowley Road, Cambridge, UK
CB4 0DS

Telephone: +44 (0) 1223 478200
Fax: +44 (0) 1223 477969
Email: john.munro@filevision.com
Web: http://www.filevision.com

The contents of this communication are confidential and are only intended to be read by the addressee. We apologize if you receive this communication in error and ask that you contact FileVision UK Ltd. immediately to arrange for its return. The use of any information contained in this communication by an unauthorized person is strictly prohibited. FileVision UK Ltd. cannot accept responsibility for the accuracy or completeness of this communication as it is being transmitted over a public network. If you suspect this message may have been intercepted or amended, please inform FileVision UK Ltd.

[ConvertFromOldNGs]

by Mike May >> Mon, 15 Nov 2004 16:14:03 GMT

Hi John,

I'm been looking at this all day but LogonUser() won't work for me as it fails if the user doesn't have Log On Locally authority at the server. This will be true for our development server as it just happens to be a DC (only admins can log on). Why do I need dev sec on my development databases? It's not just there - my live DBs also have the JDE available as, historically, our developers have always needed the ability to implement emergency code fixes, so the live DBs also need dev sec. So why dev sec generally, then? Because I have external client users connected to my network via dial-up, VPN and kilostream. All it takes is some techie at one of those external sites with some Jade knowledge (the base for which is growing steadily) and the ability to run a basic network host and port scan (easy-peasy) and we're potentially minutes away from going out of business. Unless I can secure JDE access, that is.

Something there for everyone to think about, I feel ...

Mike

[ConvertFromOldNGs]

by brian.mills >> Tue, 16 Nov 2004 1:52:43 GMT

I'm trying to implement the same functionality for Jade 6. However I'm getting the following error in the jommsg log.

2004/11/16 12:45:34 00b70-e28 JomLog: Library C:\Jade6\bin\jadeDevelopmentUserInfo.dll: get address jadeDevelopmentUserInfo failed - The specified procedure could not be found. (127)

You sound like you have got past this point Mike, do you have any tips?

Brian.

[ConvertFromOldNGs]

by jcampbell >> Tue, 16 Nov 2004 3:42:08 GMT

The demodll in the examples directory when Jade 6 installed with examples has the required stuff for an example.

You should be able to delete the not required stuff out of the demodll.cpp and demodll.def files for entrypoints you don't want and that should give you a good base for what is required.

Note: You may also have to implement a jadeDevelopmentPatchControl entrypoint as well, dependent on the patch control setting in your jade .ini file.

[ConvertFromOldNGs]

by brian.mills >> Sun, 21 Nov 2004 21:54:15 GMT

I'd love to get my hands on the demodll.cpp and demodll.dll, But my Jade 6 install doesnt seem to have an example directory. Do you know of where else I can obtain a copy of it?

Brian.

[ConvertFromOldNGs]

by jcampbell >> Sun, 21 Nov 2004 22:31:12 GMT

Brian,
I would have thought that unless you selected custom install on a clean jade6 install it would have installed this by default based on the Install/Admin guide.
You could try a custom install to see if it gives you examples as a choice otherwise I'd check with Jade support via the jade website re where these should be etc.