000022499 - How to use RSACookieAPI from a non-web server process

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022499
Applies ToRSA Authentication Agent 5.3 for Web for Microsoft IIS
RSACookieAPI
Microsoft Windows 2000 Server SP4
IssueHow to use RSACookieAPI from a non-web server process
Leaving RSAGetUserName, return code: 100
Settings have not been initialized
CauseA secondary process running on the same machine as Microsoft Internet Information Services (IIS) has been passed all of the HTTP headers. The error is generated because as the RSACookieAPI is initialized, it detects that a required cookie value is not present. These two statements might seem to be at odds with one another, but a deeper inspection of what is occurring identifies why the problem occurs.

Care must be taken over how the HTTP header data is passed into the subsequent program. The requirement is that the CGI variables (including the cookie data) is present as environment values; however, these values must not have been set using the putenv() function. The Microsoft documentation describes the use of putenv as follows:

 "_putenv and _wputenv affect only the environment that is local to the current process; you cannot use them to modify the command-level environment. That is, these functions operate only on data structures accessible to the run-time library and not on the environment "segment" created for a process by the operating system."

Care must also be taken to ensure that the CGI data values are placed in the command-level environment, and this does not occur when you use putenv() (or _putenv()). What this means in practice is that if you use putenv() in your main program then when you try to use getenv() from within a DLL (e.g.  e rsacookieapi.dll), it reads the command-level environment and not the segment of the running process. 
Resolution

The following example show what is occurring.

Example1: This sets the required variable at the program level and then tries to read it inside rsacookieapi.dll - it fails.

Create a command file called runsample1.cmd with the following:

setlocal
cookiedemo1.exe
endlocal

Then create a C++ program which contains the following code:

// cookiedemo1.cpp : Defines the entry point for the console application.

//

 

#include "stdafx.h"

#include <stdlib.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <windows.h>

#include <malloc.h>

#include <time.h>

#include <winbase.h>

#include <winuser.h>

#include <httpfilt.h>

#define COOKIE_API_NOISAPI

#include "rsacookieapi.h"

using namespace std;

 

#define httpcookieapi "HTTP_COOKIEAPI=AgAAAAAAA2qgKAGh6PaXQdexnHHOYfiPZdCk6BjRAl" \

"vWElT+NWDT4SGyXtuz97rzG7wxEU0+9Tjubeogu5LvGCccqtF9sG0ZeOTzWEvNTx1z8dm30ElrvxRLJz" \

"cR8/zx/KwLbsS1ER/RS04zyZl0/2ioBcZnKCRZbY5Jp3sShuXXAZWTj5Bsd7VcqCkufGIbPxqPKxcQJk" \

"mOkY1coJLJ42QOgC24f+KV/fARWN1MBbBhBzjHfKzeILxKfivngAsNjzSyDVk0VLbszaTQ9M3wzXbd51" \

"O2jvgRbv6/xdtoiCVp9hJP0OnPpMKILriBDg5OHR73SnER2n0qIQPjWBfUyu8DtU5P3w3J4k/uPcKmm0" \

"aC3eWw7emV5zPUhvJqOA4v6GOaw3B1vKV8ArOQn6eUD8a8eCTtatjGp8LRsyrxB0NtKuHmrpmhgK8lGm" \

"75z+q0CrCEkmagnB5TnGdNtz4pgyzFbIAqAO3ugKrn9oq5Ksc34g93BQNQ6ywCm3xpOF8PNnWel2J0h6" \

"9h1dysNvgajAHwmVWjgSxa5FupHHdqpidsTWD0uBxF7BQ8mzX50MxwvBf75BQVDe2T5egIyVBcjcNLw+" \

"YMmwTCzHoCJLH+Q72vTeuPTgk3ktmWVJ07Yd0ir/OsxvFJD5952UEYIOc6u3ScvKrkuJYkcFGYDiVDHP" \

"nJ0CWxL2r0iypBvvWzbMqkZZdzuQWV1kn5wzYmYo5bUrW0pCY4VYK+fhfmvMs5AzhYvc0OtKi06/FiND" \

"Vd4Qlx/8CikK2BfN42CRDdXmrP/sya9m6+gMb0UsW60GbVgW7xEPVmZvIOnkrhOPboDos0upQdbXPDcV" \

"9Bm6JKzZnxOmCMC4/MtUhUKAXTdeZPw8zfof29qsmHGwg6VwoxkakNPCmuKIoHXH6qXnPbmdFp+7E0Vs" \

"Fg9v0ZbkXevhe1QCZdJLarU8bndcwtMwdjwFFu1Nxz+mnHfZ34lLAd6/6sXgwj+XVb5KSz2E+nA80BlS" \

"DfUcSJ3nzsj4jhZZgxEMMVmnTv0peph8OiQhPcCiUhPs/K4aAxCoeO8Y4MLqdFjSmbZGQqJc0n/Wj8ke" \

"0FIThg9mRg6d4+DHjMLrlEDBT4UN6N5t3SYBDOVjtFYoKPsJbMjBeBqs3sxqIRsZZIn0xI80qck3Qnuw" \

"Wh1gAAAAAAAAAAAAAAAAAAAAAAAA=="

 

 

int _tmain(int argc, _TCHAR* argv[])

{

            _putenv ( httpcookieapi );

 

            cout << "HTTP_COOKIEAPI=" << getenv("HTTP_COOKIEAPI") <<endl;

 

            // Now do pure test like inside the function

            LPSTR settings = getenv("HTTP_COOKIEAPI");

            if(settings == NULL)

            {

                        printf("\nMJB result code: RSACOOKIE_ERROR_CANNOT_ACCESS_SETTINGS\n\n");

                        return 1;

            } else {

                        printf("\nMJB result code: 0\n\n");

            }

 

            RSACookieInitializeCGI();

            return 0;

}

This is just a simple example were values are assigned to the required environment value (although the actual values are nonsense) however when you run the command file it will give an error saying that it has not found the environment value that has been set with the _putenv() function - even though in the same program a getenv() function confirms that the value seems to have been set.  The problem is that the _putenv() function does not affect the command level environment.

Example 2 :  This set the required variable at the command-level and then tries to read it from within rsacookieapi.dll         - it works.

Create a command file called runsample2.cmd with the following:

setlocal
set HTTP_COOKIEAPI=MyCookieValueIsNoGoodButGetsPastTheFirstPartOfTheInitialization
cookiedemo2.exe
endlocal

Then create a C++ program which ahs the following code:

// cookiedemo2.cpp : Defines the entry point for the console application.

//

 

#include "stdafx.h"

#include <stdlib.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <windows.h>

#include <malloc.h>

#include <time.h>

#include <winbase.h>

#include <winuser.h>

#include <httpfilt.h>

#define COOKIE_API_NOISAPI

#include "rsacookieapi.h"

using namespace std;

 

int _tmain(int argc, _TCHAR* argv[])

{

            cout << "HTTP_COOKIEAPI=" << getenv("HTTP_COOKIEAPI") <<endl;

 

            // Now do pure test like inside the function

            LPSTR settings = getenv("HTTP_COOKIEAPI");

            if(settings == NULL)

            {

                        printf("\nMJB result code: RSACOOKIE_ERROR_CANNOT_ACCESS_SETTINGS\n\n");

                        return 1;

            } else {

                        printf("\nMJB result code: 0\n\n");

            }

 

            RSACookieInitializeCGI();

            return 0;

}

 

In this example, the command file we run sets a value for in the command-level environment (again, this is just a dummy value to demonstrate the process). This means the DLL that is used to handle the RSACookieInitializeCGI() value will be able to read the command-level environment value and run correctly.

Legacy Article IDa28824

Attachments

    Outcomes