geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Addressed issues found during the SuSE security review.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2007-02-02 23:02:43 +00:00
parent 77a151fa13
commit 791b0be583
14 changed files with 456 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CASA-auth-token/client/library/authmsg.c
View File

@ -92,8 +92,8 @@ BuildAuthenticateMsg(
// L2
//=======================================================================--
{
char *pMsg = NULL;
int bufferSize;
char *pMsg = NULL;
size_t bufferSize;
DbgTrace(1, "-BuildAuthenticateMsg- Start\n", 0);
@ -670,7 +670,7 @@ AuthRespEndElementHandler(
CasaStatus
CreateAuthenticateResp(
IN char *pRespMsg,
IN int respLen,
IN size_t respLen,
INOUT AuthenticateResp **ppAuthenticateResp)
//
// Arguments:

514
CASA-auth-token/client/library/cache.c
View File

@ -76,7 +76,8 @@ CreateAuthTokenCacheEntry(
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t tokenSize, wrapperEntrySize, entrySize, keySize;
uint32_t entrySize, keySize;
size_t tokenSize, wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
char *pKey;
@ -93,71 +94,91 @@ CreateAuthTokenCacheEntry(
}
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
// Verify that entrySize will not overflow
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX)
{
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
pEntry->token[tokenSize] = '\0';
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// Set the status
pEntry->status = status;
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(uint8_t *) pEntry,
(uint32_t*) &entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
if (pEntry->status == CASA_STATUS_SUCCESS)
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
memcpy(&pEntry->token[0], pToken, tokenSize);
}
free(pKey);
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
cacheKeyStrLen = strlen(pCacheKey);
groupOrHostNameStrLen = strlen(pGroupOrHostName);
// Verify that keySize will not overflow
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX)
{
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(uint8_t *) pEntry,
&entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
free(pKey);
}
else
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
}
}
else
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- keySize overflow prevented\n", 0);
}
}
else
{
@ -166,7 +187,7 @@ CreateAuthTokenCacheEntry(
}
else
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
DbgTrace(0, "-CreateAuthTokenCacheEntry- entrySize overflow prevented\n", 0);
}
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
@ -199,7 +220,8 @@ CreateSessionTokenCacheEntry(
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t tokenSize, wrapperEntrySize, entrySize;
uint32_t entrySize;
size_t tokenSize, wrapperEntrySize, cacheKeyStrLen;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
@ -215,64 +237,83 @@ CreateSessionTokenCacheEntry(
}
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
// Verify that entrySize will not overflow
if ((tokenSize + sizeof(AuthCacheEntry)) <= U32_MAX)
{
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
entrySize = tokenSize + sizeof(AuthCacheEntry);
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
pEntry->token[tokenSize] = '\0';
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// Set the status
pEntry->status = status;
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
cacheKeyStrLen = strlen(pCacheKey) + 1;
// Verify that the cacheKeyStrLen can be casted to a uint32_t
if (cacheKeyStrLen <= U32_MAX)
{
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) cacheKeyStrLen,
(uint8_t *) pEntry,
&entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
}
else
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- cacheKeyStrLen overflow prevented\n", 0);
}
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1,
(uint8_t *) pEntry,
(uint32_t*) &entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0);
}
}
else
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0);
DbgTrace(0, "-CreateSessionTokenCacheEntry- entrySize overflow prevented\n", 0);
}
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
@ -401,7 +442,8 @@ FindSessionTokenEntryInCache(
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t valueLength, wrapperEntrySize, bytesRequired;
uint32_t valueLength, bytesRequired;
size_t wrapperEntrySize, cacheKeyStrLen;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
@ -410,72 +452,82 @@ FindSessionTokenEntryInCache(
valueLength = 0;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1,
NULL,
(uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
cacheKeyStrLen = strlen(pCacheKey) + 1;
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
// Verify that the cacheKeyStrLen can be casted to a uint32_t
if (cacheKeyStrLen <= U32_MAX)
{
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
NULL,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1,
(uint8_t *) pEntry,
(uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
(uint8_t *) pEntry,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
{
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
else
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
else
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
else
{
DbgTrace(0, "-FindSessionTokenEntryInCache- cacheKeyStrLen overflow prevented\n", 0);
}
DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry);
@ -504,7 +556,8 @@ FindAuthTokenEntryInCache(
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t valueLength, wrapperEntrySize, bytesRequired, keySize;
uint32_t valueLength, bytesRequired, keySize;
size_t wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen;
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
char *pKey;
@ -512,85 +565,96 @@ FindAuthTokenEntryInCache(
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
keySize = (uint32_t)strlen(pCacheKey) + (uint32_t)strlen(pGroupOrHostName) + 2;
cacheKeyStrLen = strlen(pCacheKey);
groupOrHostNameStrLen = strlen(pGroupOrHostName);
pKey = malloc(keySize);
if (pKey)
// Verify that keySize will not overflow
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= U32_MAX)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
valueLength = 0;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
NULL,
(uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
pKey = malloc(keySize);
if (pKey)
{
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
valueLength = 0;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
NULL,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
{
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(uint8_t *) pEntry,
(uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(uint8_t *) pEntry,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
{
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
else
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
else
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
}
}
}
free(pKey);
free(pKey);
}
}
else
{
DbgTrace(0, "-FindAuthTokenEntryInCache- keySize overflow prevented\n", 0);
}
DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry);

10
CASA-auth-token/client/library/engine.c
View File

@ -83,7 +83,7 @@ ObtainSessionToken(
CASA_STATUS_UNSUCCESSFUL);
LIST_ENTRY *pListEntry;
AuthCacheEntry *pCacheEntry = NULL;
AuthContext *pAuthContext;
AuthContext *pAuthContext = NULL;
DbgTrace(1, "-ObtainSessionToken- Start\n", 0);
@ -137,9 +137,9 @@ ObtainSessionToken(
pCredStoreScope);
if (pCacheEntry == NULL)
{
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
char *pReqMsg = NULL;
char *pRespMsg = NULL;
size_t respLen;
// Get authentication mechanism token
retStatus = GetAuthMechToken(pAuthContext,
@ -328,7 +328,7 @@ ObtainAuthTokenFromServer(
{
char *pReqMsg = NULL;
char *pRespMsg = NULL;
int respLen;
size_t respLen;
AuthPolicy *pAuthPolicy = NULL;
GetAuthPolicyResp *pGetAuthPolicyResp = NULL;
GetAuthTokenResp *pGetAuthTokenResp = NULL;

4
CASA-auth-token/client/library/getpolicymsg.c
View File

@ -86,8 +86,8 @@ BuildGetAuthPolicyMsg(
// L2
//=======================================================================--
{
char *pMsg = NULL;
int bufferSize;
char *pMsg = NULL;
size_t bufferSize;
DbgTrace(1, "-BuildGetAuthPolicyMsg- Start\n", 0);

4
CASA-auth-token/client/library/gettokenmsg.c
View File

@ -88,8 +88,8 @@ BuildGetAuthTokenMsg(
// L2
//=======================================================================--
{
char *pMsg = NULL;
int bufferSize;
char *pMsg = NULL;
size_t bufferSize;
DbgTrace(1, "-BuildGetAuthTokenMsg- Start\n", 0);

19
CASA-auth-token/client/library/internal.h
View File

@ -39,6 +39,12 @@
//===[ Type definitions ]==================================================
#define MAX_RPC_REPLY_SZ (256 * 1024)
#ifndef U32_MAX
#define U32_MAX (~(uint32_t)0)
#endif
//
// Authentication Context structure
//
@ -179,6 +185,15 @@ void
RelGetAuthPolicyResp(
IN GetAuthPolicyResp *pGetAuthPolicyResp);
extern
int
InitializeLibrary(void);
extern
void
UnInitializeLibrary(void);
//
// Functions exported by authpolicy.c
//
@ -209,7 +224,7 @@ extern
CasaStatus
CreateAuthenticateResp(
IN char *pRespMsg,
IN int respLen,
IN size_t respLen,
INOUT AuthenticateResp **ppAuthenticateResp);
extern
@ -391,7 +406,7 @@ Rpc(
IN long flags,
IN char *pRequestData,
INOUT char **ppResponseData,
INOUT int *pResponseDataLen);
INOUT size_t *pResponseDataLen);
extern
CasaStatus

2
CASA-auth-token/client/library/invalidcert.c
View File

@ -77,8 +77,6 @@ AllowInvalidCertsFromHost(
// L0
//=======================================================================--
{
bool retStatus = true;
DbgTrace(2, "-AllowInvalidCertsFromHost- Start\n", 0);
// tbd

6
CASA-auth-token/client/library/linux/platform.c
View File

@ -36,7 +36,7 @@ typedef struct _NormalizedHostNameCacheEntry
LIST_ENTRY listEntry;
char *pHostName;
char *pNormalizedHostName;
int buffLengthRequired;
size_t buffLengthRequired;
} NormalizedHostNameCacheEntry, *PNormalizedHostNameCacheEntry;
@ -720,7 +720,7 @@ NormalizeHostName(
NI_NAMEREQD) == 0)
{
// We resolved the address to a DNS name, use it as the normalized name.
pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1;
pEntry->buffLengthRequired = strlen(pDnsHostName) + 1;
pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
if (pEntry->pNormalizedHostName)
{
@ -738,7 +738,7 @@ NormalizeHostName(
// Not able to resolve the name in DNS, just use the host name as
// the normalized name.
pEntry->buffLengthRequired = (int) strlen(pHostName) + 1;
pEntry->buffLengthRequired = strlen(pHostName) + 1;
pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
if (pEntry->pNormalizedHostName)
{

6
CASA-auth-token/client/library/linux/platform.h
View File

@ -83,12 +83,12 @@ typedef struct _RpcSession
{
CURL *hCurl;
char *pPartialHttpUrl;
int partialHttpUrlLen;
size_t partialHttpUrlLen;
char *pPartialHttpsUrl;
int partialHttpsUrlLen;
size_t partialHttpsUrlLen;
struct curl_slist *headers;
char *pRecvData;
int recvDataLen;
size_t recvDataLen;
} RpcSession, *PRpcSession;

56
CASA-auth-token/client/library/linux/rpc.c
View File

@ -79,34 +79,56 @@ CurlWriteCallback(
if (pSession->pRecvData == NULL)
{
// We have not yet consumed receive data for the current Rpc
pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz);
if (pSession->pRecvData)
// if the data does not exceed our maximum Rpc reply size.
if ((numDataItems * dataItemSz) <= MAX_RPC_REPLY_SZ)
{
// Consume the data
memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz);
pSession->recvDataLen = numDataItems * dataItemSz;
pSession->pRecvData = (char*) malloc(numDataItems * dataItemSz);
if (pSession->pRecvData)
{
// Consume the data
memcpy(pSession->pRecvData, pData, numDataItems * dataItemSz);
pSession->recvDataLen = numDataItems * dataItemSz;
}
else
{
DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
}
}
else
{
DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0);
dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
}
}
else
{
// We have already consumed receive data for the current Rpc, append the new data to it.
char *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz));
if (pNewRecvDataBuf)
// We have already consumed receive data for the current Rpc, append the new data to it
// if the data does not exceed our maximum Rpc reply size.
if ((pSession->recvDataLen + (numDataItems * dataItemSz)) <= MAX_RPC_REPLY_SZ)
{
memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen);
memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz);
pSession->recvDataLen += numDataItems * dataItemSz;
free(pSession->pRecvData);
pSession->pRecvData = pNewRecvDataBuf;
char *pNewRecvDataBuf = (char*) malloc(pSession->recvDataLen + (numDataItems * dataItemSz));
if (pNewRecvDataBuf)
{
memcpy(pNewRecvDataBuf, pSession->pRecvData, pSession->recvDataLen);
memcpy(pNewRecvDataBuf + pSession->recvDataLen, pData, numDataItems * dataItemSz);
pSession->recvDataLen += numDataItems * dataItemSz;
free(pSession->pRecvData);
pSession->pRecvData = pNewRecvDataBuf;
}
else
{
DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
// Forget about already consumed data
free(pSession->pRecvData);
pSession->pRecvData = NULL;
}
}
else
{
DbgTrace(0, "-CurlWriteCallback- Buffer allocation error\n", 0);
DbgTrace(0, "-CurlWriteCallback- Max Rpc reply size exceeded\n", 0);
dataConsumed = CURLE_WRITE_ERROR; // To abort RPC
// Forget about already consumed data
@ -308,7 +330,7 @@ InternalRpc(
IN long flags,
IN char *pRequestData,
INOUT char **ppResponseData,
INOUT int *pResponseDataLen)
INOUT size_t *pResponseDataLen)
//
// Arguments:
//
@ -494,7 +516,7 @@ Rpc(
IN long flags,
IN char *pRequestData,
INOUT char **ppResponseData,
INOUT int *pResponseDataLen)
INOUT size_t *pResponseDataLen)
//
// Arguments:
//

80
CASA-auth-token/client/library/mechanisms/pwd/get.c
View File

@ -76,6 +76,7 @@ GetUserCredentials(
uint32_t credtype = SSCS_CRED_TYPE_BASIC_F;
SSCS_BASIC_CREDENTIAL credential = {0};
SSCS_SECRET_ID_T secretId = {0};
size_t secretIdLen;
DbgTrace(1, "-GetUserCredentials- Start\n", 0);
@ -85,45 +86,56 @@ GetUserCredentials(
// Get the length of the realm string into the secret id structure
// and verify thatr it is not too long.
secretId.len = sscs_Utf8Strlen(pRealm) + 1;
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
secretIdLen = sscs_Utf8Strlen(pRealm) + 1;
if (secretIdLen <= U32_MAX)
{
// Set the secret id in the structure
sscs_Utf8Strcpy((char*) secretId.id, pRealm);
// Specify that we want the common name
credential.unFlags = USERNAME_TYPE_CN_F;
// Now try to get the credentials
rcode = miCASAGetCredential(0,
&secretId,
NULL,
&credtype,
&credential,
(SSCS_EXT_T*) pCredStoreScope);
if (rcode != NSSCS_SUCCESS)
secretId.len = secretIdLen;
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
{
// There were no credentials for the realm, now try to obtain the
// desktop credentials.
secretId.len = sscs_Utf8Strlen("Desktop") + 1;
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
// Set the secret id in the structure
sscs_Utf8Strcpy((char*) secretId.id, pRealm);
// Specify that we want the common name
credential.unFlags = USERNAME_TYPE_CN_F;
// Now try to get the credentials
rcode = miCASAGetCredential(0,
&secretId,
NULL,
&credtype,
&credential,
(SSCS_EXT_T*) pCredStoreScope);
if (rcode != NSSCS_SUCCESS)
{
sscs_Utf8Strcpy((char*) secretId.id, "Desktop");
rcode = miCASAGetCredential(0,
&secretId,
NULL,
&credtype,
&credential,
(SSCS_EXT_T*) pCredStoreScope);
}
else
{
DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN,
CASA_STATUS_UNSUCCESSFUL);
// There were no credentials for the realm, now try to obtain the
// desktop credentials.
secretId.len = sscs_Utf8Strlen("Desktop") + 1;
if (secretId.len <= NSSCS_MAX_SECRET_ID_LEN)
{
sscs_Utf8Strcpy((char*) secretId.id, "Desktop");
rcode = miCASAGetCredential(0,
&secretId,
NULL,
&credtype,
&credential,
(SSCS_EXT_T*) pCredStoreScope);
}
else
{
DbgTrace(0, "-GetUserCredentials- Desktop name too long\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
}
else
{
DbgTrace(0, "-GetUserCredentials- Realm name too long\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_PWTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
}
else
{

4
CASA-auth-token/client/library/mechanisms/pwd/internal.h
View File

@ -37,6 +37,10 @@
//===[ Type definitions ]==================================================
#ifndef U32_MAX
#define U32_MAX (~(uint32_t)0)
#endif
//===[ Inlines functions ]===============================================
//===[ Function prototypes ]===============================================

6
CASA-auth-token/client/library/windows/platform.c
View File

@ -36,7 +36,7 @@ typedef struct _NormalizedHostNameCacheEntry
LIST_ENTRY listEntry;
char *pHostName;
char *pNormalizedHostName;
int buffLengthRequired;
size_t buffLengthRequired;
} NormalizedHostNameCacheEntry, *PNormalizedHostNameCacheEntry;
@ -458,7 +458,7 @@ NormalizeHostName(
NI_NAMEREQD) == 0)
{
// We resolved the address to a DNS name, use it as the normalized name.
pEntry->buffLengthRequired = (int) strlen(pDnsHostName) + 1;
pEntry->buffLengthRequired = strlen(pDnsHostName) + 1;
pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
if (pEntry->pNormalizedHostName)
{
@ -476,7 +476,7 @@ NormalizeHostName(
// Not able to resolve the name in DNS, just use the host name as
// the normalized name.
pEntry->buffLengthRequired = (int) strlen(pHostName) + 1;
pEntry->buffLengthRequired = strlen(pHostName) + 1;
pEntry->pNormalizedHostName = (char*) malloc(pEntry->buffLengthRequired);
if (pEntry->pNormalizedHostName)
{

51
CASA-auth-token/client/library/windows/rpc.c
View File

@ -343,7 +343,7 @@ InternalRpc(
IN long flags,
IN char *pRequestData,
INOUT char **ppResponseData,
INOUT int *pResponseDataLen)
INOUT size_t *pResponseDataLen)
//
// Arguments:
//
@ -467,9 +467,9 @@ InternalRpc(
// Check that the request completed successfully
if (memcmp(httpCompStatus, L"200", sizeof(httpCompStatus)) == 0)
{
char *pResponseData;
int responseDataBufSize = INITIAL_RESPONSE_DATA_BUF_SIZE;
int responseDataRead = 0;
char *pResponseData;
size_t responseDataBufSize = INITIAL_RESPONSE_DATA_BUF_SIZE;
size_t responseDataRead = 0;
// Now read the response data, to do so we need to allocate a buffer.
pResponseData = (char*) malloc(INITIAL_RESPONSE_DATA_BUF_SIZE);
@ -494,22 +494,43 @@ InternalRpc(
{
char *pTmpBuf;
// We need to upgrade the receive buffer
pTmpBuf = (char*) malloc(responseDataBufSize + INCREMENT_RESPONSE_DATA_BUF_SIZE);
if (pTmpBuf)
// We need to upgrade the receive buffer.
//
// Do not allow the reply to exceed our maximum
if (responseDataBufSize < MAX_RPC_REPLY_SZ)
{
memcpy(pTmpBuf, pResponseData, responseDataBufSize);
free(pResponseData);
pResponseData = pTmpBuf;
pCurrLocation = pResponseData + responseDataBufSize;
responseDataBufSize += INCREMENT_RESPONSE_DATA_BUF_SIZE;
size_t incrementSz;
// Determine the buffer size imcrement so that the maximum rpc reply
// size is not exceeded.
if ((responseDataBufSize + INCREMENT_RESPONSE_DATA_BUF_SIZE) <= MAX_RPC_REPLY_SZ)
incrementSz = INCREMENT_RESPONSE_DATA_BUF_SIZE;
else
incrementSz = MAX_RPC_REPLY_SZ - responseDataBufSize;
pTmpBuf = (char*) malloc(responseDataBufSize + incrementSz);
if (pTmpBuf)
{
memcpy(pTmpBuf, pResponseData, responseDataBufSize);
free(pResponseData);
pResponseData = pTmpBuf;
pCurrLocation = pResponseData + responseDataBufSize;
responseDataBufSize += incrementSz;
}
else
{
DbgTrace(0, "-InternalRpc- Buffer allocation failure\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
}
}
else
{
DbgTrace(0, "-InternalRpc- Buffer allocation failure\n", 0);
DbgTrace(0, "-InternalRpc- Reply maximum exceeded\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
CASA_STATUS_UNSUCCESSFUL);
}
}
}
@ -743,7 +764,7 @@ Rpc(
IN long flags,
IN char *pRequestData,
INOUT char **ppResponseData,
INOUT int *pResponseDataLen)
INOUT size_t *pResponseDataLen)
//
// Arguments:
//