From d47212b28d66324e7c274db7d5e4ccf14ac0bb4a Mon Sep 17 00:00:00 2001 From: Jim Norman Date: Mon, 17 Apr 2006 21:53:18 +0000 Subject: [PATCH] Security Audit. Checkpoint changes thus far to c code. --- CASA.changes | 4 + LoginCapture/windows/micasa.h | 495 ----------- LoginCapture/windows/micasa_mgmd.h | 452 ---------- LoginCapture/windows/nsscs_mgmd_idk.h | 447 ---------- LoginCapture/windows/windows.vcproj | 5 +- c_common/sscs_ll.c | 2 +- c_micasacache/Makefile.am | 36 - c_micasacache/sscs_unx_cache.c | 23 +- c_micasacache/sscs_unx_ipc_client.c | 158 ++-- c_micasadk/sscs_ndk.c | 1096 +++++++++++++++---------- include/micasa.h | 38 +- include/micasa_mgmd.h | 24 +- include/sscs_ipc.h | 5 + include/sscs_utf8.h | 18 +- 14 files changed, 785 insertions(+), 2018 deletions(-) delete mode 100644 LoginCapture/windows/micasa.h delete mode 100644 LoginCapture/windows/micasa_mgmd.h delete mode 100644 LoginCapture/windows/nsscs_mgmd_idk.h delete mode 100644 c_micasacache/Makefile.am diff --git a/CASA.changes b/CASA.changes index 4be41559..12315810 100644 --- a/CASA.changes +++ b/CASA.changes @@ -1,3 +1,7 @@ +------------------------------------------------------------------- +Mon Apr 17 15:47:10 MST 2006 - jnorman@novell.com +- Security Audit. Checkpoint changes thus far to c code. + ------------------------------------------------------------------- Fri Apr 14 14:10:11 MST 2006 - cmashayekh@novell.com - CASA.spec, casacfgpam, and casaucfgpam scripts were diff --git a/LoginCapture/windows/micasa.h b/LoginCapture/windows/micasa.h deleted file mode 100644 index 6dcf1975..00000000 --- a/LoginCapture/windows/micasa.h +++ /dev/null @@ -1,495 +0,0 @@ -/*********************************************************************** - * - * Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; version 2.1 - * of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, Novell, Inc. - * - * To contact Novell about this file by physical or electronic mail, - * you may find current contact information at www.novell.com. - * - ***********************************************************************/ - -#ifndef _MICASA_H_ -#define _MICASA_H_ - -#if defined(__cplusplus) || defined(c_plusplus) -extern "C" -{ -#endif - -#include "micasa_mgmd.h" - - - - - -/*************************************************************************** -*** All strings are length preceeded and the lengths include the NULL. -***************************************************************************/ - - -/*************************************************************************** -*** most apis use a parameter called ssFlags, defined here -***************************************************************************/ -#define SSFLAG_DESTROY_SESSION_F 0x00000001L // used with miCASACloseSecretStoreCache - - -#define SSCS_SESSION_KEY_CHAIN_F 0x00000002L -#define SSCS_LOCAL_KEY_CHAIN_F 0x00000004L -#define SSCS_REMOTE_KEY_CHAIN_F 0x00000008L - - -// ######################### FIRST RELEASE ############################ -// Session key chain is maintained only in only in cache during the usr session */ -/* FLAGS: (SSCS_SESSION_KEY_CHAIN_F) */ -#define SSCS_S_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F) -#define SSCS_S_KC_ID_CHARS 26 -static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"}; -// {'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0}; -// ######################### FIRST RELEASE ############################ - -// ######################### FUTURE RELEASE ############################ -// Persistent Private Keychain: -// A Local keychain that is cached and is persistent */ -#define SSCS_PPV_KC_ID_F SSCS_SL_KC_ID_F -#define SSCS_PPV_KC_CHARS 24 -#define SSCS_PERSISTENT_PRIVATE_KEYCHAIN_ID SSCS_LOCAL_KEY_CHAIN_ID - - -// Public Keychain: -// A Remote keychain that is cached locally only for the user session -#define SSCS_PB_KC_F SSCS_SR_KC_ID_F -#define SSCS_PB_KC_ID_CHARS 25 -#define SSCS_PUBLIC_KEYCHAIN_ID SSCS_REMOTE_KEY_CHAIN_ID - - -// Persistent Public Keychain: -// A Remote keychain that is cached locally and is persistent */ -#define SSCS_PPB_KC_F SSCS_SLR_KC_ID_F -#define SSCS_PPB_KC_ID_CHARS 31 -#define SSCS_PERSISTENT_PUBLIC_KEYCHAIN_ID SSCS_LOCAL_REMOTE_KEY_CHAIN_ID -// ######################### FUTURE RELEASE ############################ - -// Default SecretID -static SS_UTF8_T SECRET_ID_DEFAULT[] = {"Default_Credential"}; -#define SECRET_ID_DEFAULT_LEN 19 - -// Known keys for Shared Secret format -// =============================================== -static SS_UTF8_T SHS_PASSWORD[] = {"Password"}; -// {'P','a','s','s','s','w','o','r','d','=',0}; -#define SHS_PASSWORD_LEN 9 - -static SS_UTF8_T SHS_USERNAME[] = {"Username"}; -// {'U','s','e','r','n','a','m','e','=',0}; -#define SHS_USER_NAME_LEN 9 - -static SS_UTF8_T SHS_OTHER[] = {"Other"}; -//{'O','t','h','e','r','=',0}; -#define SHS_OTHER_LEN 6 - -static SS_UTF8_T SHS_BINARY[] = {"Binary"}; -//{'B','i','n','a','r','y','=',0}; -#define SHS_BINARY_LEN 7 - -// Common Name -static SS_UTF8_T SHS_CN[] = {"CN"}; -//{'C','N','=',0}; -#define SHS_CN_LEN 3 - -// LDAP DN -static SS_UTF8_T SHS_DN_LDAP[] = {"DN_LDAP"}; -//{'D','N','L','D','A','P','=',0}; -#define SHS_DNLDAP_LEN 8 - -// NDAP DN -static SS_UTF8_T SHS_DN_NDAP[] = {"DN_NDAP"}; -//{'D','N','N','D','A','P','=',0}; -#define SHS_DNNDAP_LEN 8 - -// EMAIL NAME -static SS_UTF8_T SHS_EMAIL[] = {"EMAIL"}; -//{'E','M','A','I','L','=',0}; -#define SHS_EMAIL_LEN 6 - - - -/* STANDARD KEYCHAIN IDs */ - -/* Persistent local keychain that is cached */ -/* FLAGS: (SSCS_SESSION_KEY_CHAIN_F | SSCS_LOCAL_KEY_CHAIN_F) */ -#define SSCS_SL_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F | SSCS_LOCAL_KEY_CHAIN_F) -#define SSCS_SL_KC_ID_CHARS 24 -// #define SSCS_SL_KC_LEN 48 -static SS_UTF8_T SSCS_LOCAL_KEY_CHAIN_ID[] = {"SSCS_LOCAL_KEY_CHAIN_ID"}; -// {'S','S','C','S','_','L','O','C','A','L','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0}; -// -/* A Remote keychain that is cached locally only for the user session -/* FLAGS: (SSCS_SESSION_KEY_CHAIN_F | SSCS_REMOTE_KEY_CHAIN_F) */ -#define SSCS_SR_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F | SSCS_REMOTE_KEY_CHAIN_F) -#define SSCS_SR_KC_ID_CHARS 25 -// #define SSCS_SR_KC_ID_LEN 50 -static SS_UTF8_T SSCS_REMOTE_KEY_CHAIN_ID[] = {"SSCS_REMOTE_KEY_CHAIN_ID"}; -// {'S','S','C','S','_','R','E','M','O','T','E','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0}; - -/* A Remote keychain that is cached locally and is persistent */ -/* FLAGS: (SSCS_SESSION_KEY_CHAIN_F | SSCS_REMOTE_KEY_CHAIN_F | SSCS_LOCAL_KEY_CHAIN_F) */ -#define SSCS_SLR_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F | SSCS_REMOTE_KEY_CHAIN_F | SSCS_LOCAL_KEY_CHAIN_F) -#define SSCS_SLR_KC_ID_CHARS 31 -// #define SSCS_SLR_KC_ID_LEN 62 -static SS_UTF8_T SSCS_LOCAL_REMOTE_KEY_CHAIN_ID[] = {"SSCS_LOCAL_REMOTE_KEY_CHAIN_ID"}; -// {'S','S','C','S','_','L','O','C','A','L','_','R','E','M','O','T','E','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0}; - - -#define NSSCS_VERSION_NUMBER 0x00040000L // client version Major 04 Minor 00 Revision 01 - // the final release will be 4.0.0 - - -#define NSSCS_MIN_SECRET_BUF_LEN 3968 //* (4K-128)to match server -#define NSSCS_MID_SECRET_BUF_LEN 32768 //* (4K-128)to match server -#define NSSCS_MAX_SECRET_BUF_LEN 60416 //* (59K)to match server -#define NSSCS_MAX_PWORD_HINT_LEN 128 //* maximum hint (bytes) - - -#define NSSCS_MAX_KEYCHAIN_ID_LEN 256 //* in bytes including NULL - -#define NSSCS_MAX_NUM_OF_DEFAULT_KEYCHAINS 6 - -#define NSSCS_MIN_IDLIST_BUF_LEN 16384 //* (16K) -#define NSSCS_MID_IDLIST_BUF_LEN 32768 //* (32K) -#define NSSCS_MAX_IDLIST_BUF_LEN 65536 //* (64kK) -#define NSSCS_JUMBO_IDLIST_BUF_LEN 131072 //* (128K) -#define NSSCS_JUMBO_ENUM_BUF_LEN 131072 //* (128K) -#define NSSCS_ENUM_BUFFER_GUESS 32768 //* (32K) -#define NSSCS_ENUM_DELIM ((SS_UTF8_T)'*') //* immutable -#define NSSCS_MAX_SRCH_KEY_LEN 128 //* maximum hint (bytes) - -#define SSCS_APPLICATION_TYPE_F 0x00000001L -#define SSCS_CREDENTIAL_TYPE_F 0x00000002L - - - -static SS_UTF8_T SSCS_DEFAULT_SECRETSTORE_ID[] = {"SecretStore"}; -//{'S','e','c','r','e','t','S','t','o','r','e', 0}; -#define SSCS_DEFAULT_SECRETSTORE_ID_LEN 12 - - -static SS_UTF8_T SSCS_CRED_SET[] = {"SS_CredSet"}; -//{'S','S','_','C','r','e','d','S','e','t', 0}; -#define SSCS_CRED_SET_LEN 10 - -static SS_UTF8_T SSCS_BINARY_SECRET[] = {"SS_Binary"}; -//{'S','S','_','B','i','n','a','r','y', 0}; -#define SSCS_BINARY_CHARS 9 - -static SS_UTF8_T APP_DELIMITER[] = {":"}; -#define APP_DELIMITER_LEN 2 - -static SS_UTF8_T CREDSET_DELIMITER[] = {"="}; -#define CREDSET_DELIMITER_LEN 2 - -static SS_UTF8_T BINARY_DELIMITER[] = {"="}; -#define BINARY_DELIMITER_LEN 2 - - -#define SSCS_MASTER_PASSWORD 1 -#define SSCS_ENHANCED_PROTECTION_PASSWORD 2 -#define SSCS_DIRECTORY_PASSWORD 1 - - -typedef struct _sscs_password -{ - unsigned long pwordType; - unsigned long pwordLen; // enhanced protection len & pword to set - SS_UTF8_T pword[NSSCS_MAX_PWORD_LEN]; // * should be passed in # of chars -} SSCS_PASSWORD_T; - - -typedef struct _sscs_sh_secret_id -{ - int type; // The shared secret type i.e. SS_App or SS_CredSet - int len; // except that it excludes the header and is not escaped. - SS_UTF8_T name[NSSCS_MAX_SECRET_ID_LEN]; // The shared secret name. This is the same as the identifier -} SSCS_SH_SECRET_ID_T; - - -typedef struct _sscs_passcode -{ - int passcodeType; - void *passcodeHandle; // can be password structure or other types of structures. -} SSCS_PASSCODE_T; - - -typedef struct _sscs_secretstore -{ - unsigned int version; - SS_UTF8_T ssName[NSSCS_MAX_SECRET_ID_LEN]; -} SSCS_SECRETSTORE_T; - -typedef struct _ssscs_read_extension -{ - unsigned long statFlags; //* OUT - return flags on the secret - unsigned long crtStamp; //* OUT - secret creation time stamp - unsigned long latStamp; //* OUT - last accessed time stamp (optional) - unsigned long lmtStamp; //* OUT - last modified time stamp -} SSCS_READEXT_T; - -typedef struct _sscs_hint -{ - unsigned long hintLen; - SS_UTF8_T hint[NSSCS_MAX_PWORD_HINT_LEN]; //* should be passed in # of chars -} SSCS_HINT_T; - - -typedef struct _sscs_secretstore_info -{ - unsigned int numKeyChains; - unsigned int enumBufsize; -} SSCS_SECRETSTORE_INFO_T; - -typedef struct _sscs_srch_key -{ - unsigned long srchKeyLen; - SS_UTF8_T srchKey[NSSCS_MAX_SRCH_KEY_LEN]; //* should be passed in # of chars -} SSCS_SRCH_KEY_T; - - -typedef struct _sscs_sh_secret_ID_List -{ - unsigned long enumHandle; // set to 0 to begin with - unsigned long returnedIDs; // to be initialized by the caller to the array size - SSCS_SH_SECRET_ID_T *secIDList; //* an array of secret IDs structures. -} SSCS_SH_SECRET_ID_LIST_T; - -typedef struct _sscs_keychain_id -{ - unsigned long len; - SS_UTF8_T keychainID[NSSCS_MAX_SECRET_ID_LEN]; -} SSCS_KEYCHAIN_ID_T; - -typedef struct _sscs_keychain_id_list -{ - unsigned long enumHandle; // set to 0 to begin with - unsigned long returnedIDs; // to be initialized by the caller to the array size - SSCS_KEYCHAIN_ID_T *keyChainIDList; //* an array of keychainID structures -} SSCS_KEYCHAIN_ID_LIST_T; - - - - -// ************************************************************** -// * The following functions will be exposed as exported API: -// ************************************************************** -// * SSCS APIs below export the interface for applications. -// * Support APIs are needed for populating or extracting data -// * from a Shared Secret. -// ************************************************************** - -SSCS_EXTERN_LIBCALL_PTR(void) -miCASAOpenSecretStoreCache -( - SSCS_SECRETSTORE_T * ssid, - unsigned long ssFlags, - SSCS_EXT_T * ext -); - - -SSCS_EXTERN_LIBCALL(int) -miCASACloseSecretStoreCache -( - void * context, - unsigned long ssFlags, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAReadSecret -( - void * context, - SSCS_KEYCHAIN_ID_T * keyChainID, - unsigned long ssFlags, - void * secretHandle, - SSCS_SH_SECRET_ID_T * sharedSecretID, - SSCS_PASSWORD_T * epPassword, - SSCS_READEXT_T * readData, - SSCS_EXT_T * ext -); - - -SSCS_EXTERN_LIBCALL(int) -miCASARemoveSecret -( - void * context, - SSCS_KEYCHAIN_ID_T * keyChainID, - unsigned long ssFlags, - SSCS_SH_SECRET_ID_T * sharedSecretID, - SSCS_PASSWORD_T * epPassword, - SSCS_EXT_T * ext -); - - -SSCS_EXTERN_LIBCALL(int) -miCASAWriteSecret -( - void * context, - SSCS_KEYCHAIN_ID_T * keyChainID, - unsigned long ssFlags, - void * secretHandle, - SSCS_SH_SECRET_ID_T * sharedSecretID, - SSCS_PASSWORD_T * epPassword, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAGetStoreInformation -( - void * context, - unsigned long ssFlags, - SSCS_SECRETSTORE_INFO_T * ssInfo, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAEnumerateSecretIDs -( - void * context, - SSCS_KEYCHAIN_ID_T * keyChainID, - unsigned long ssFlags, - SSCS_SRCH_KEY_T * searchKey, - SSCS_SH_SECRET_ID_LIST_T * secretIDList, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASARemoveSecretStore -( - void * context, - unsigned long ssFlags, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASASetMasterPassword -( - void * context, - unsigned long ssFlags, - SSCS_PASSWORD_T * password, - SSCS_HINT_T * hint, - SSCS_EXT_T * ext -); - - -SSCS_EXTERN_LIBCALL(int) -miCASAUnlockSecrets -( - void * context, - unsigned long ssFlags, - SSCS_PASSWORD_T * password, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASALockStore -( - void * context, - unsigned long ssFlags, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAUnlockStore -( - void * context, - unsigned long ssFlags, - SSCS_PASSCODE_T * passcode, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAEnumerateKeyChainIDs -( - void * context, - unsigned long ssFlags, - SSCS_SRCH_KEY_T * searchKey, - SSCS_KEYCHAIN_ID_LIST_T * kcIDList, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASAAddKeyChain -( - void * context, - unsigned long ssFlags, - SSCS_KEYCHAIN_ID_T * keyChainID, - SSCS_EXT_T * ext -); - -SSCS_EXTERN_LIBCALL(int) -miCASARemoveKeyChain -( - void * context, - unsigned long ssFlags, - SSCS_KEYCHAIN_ID_T * keyChainID, - SSCS_EXT_T * ext -); - - -//************************************************************** -//* Support Functions for processing (populating or extracting) -//* data components from Shared Secrets -//************************************************************** -SSCS_EXTERN_LIBCALL_PTR(void) -miCASA_CreateSHSHandle(); - -SSCS_EXTERN_LIBCALL(int) -miCASA_DestroySHSHandle(void *secretHandle); // in - - -SSCS_EXTERN_LIBCALL(int) -miCASA_GetNextSHSEntry -( - int restart, - void *secretHandle, - unsigned long *keyLen, - SS_UTF8_T *key, - unsigned long *valLen, - unsigned char *value -); - -SSCS_EXTERN_LIBCALL(int) -miCASA_AddSHSEntry -( - void *secretHandle, - SS_UTF8_T *key, - unsigned long valueLen, - unsigned char *value -); - -SSCS_EXTERN_LIBCALL(int) -miCASA_RemoveSHSEntry -( - void *secretHandle, - SS_UTF8_T *key, - unsigned long valueLen, - unsigned char *value -); - - - - -#if defined(__cplusplus) || defined(c_plusplus) -} -#endif - -#endif /* _miCASA_H */ diff --git a/LoginCapture/windows/micasa_mgmd.h b/LoginCapture/windows/micasa_mgmd.h deleted file mode 100644 index d068d532..00000000 --- a/LoginCapture/windows/micasa_mgmd.h +++ /dev/null @@ -1,452 +0,0 @@ -/*********************************************************************** - * - * Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; version 2.1 - * of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, Novell, Inc. - * - * To contact Novell about this file by physical or electronic mail, - * you may find current contact information at www.novell.com. - * - ***********************************************************************/ - -#ifndef _MICASA_MANAGED_H_ -#define _MICASA_MANAGED_H_ - -#if defined(__cplusplus) || defined(c_plusplus) -extern "C" -{ -#endif - -/*************************************************************************** -*** All strings are length preceeded and the lengths include the NULL. -***************************************************************************/ - - - -#if defined(WIN32) - - #define SSCS_GLOBAL_LIBCALL_PTR(RET) RET * __stdcall - #define SSCS_GLOBAL_LIBCALL(RET) RET __stdcall - #define SSCS_EXTERN_LIBCALL_PTR(RET) extern RET * __stdcall - #define SSCS_EXTERN_LIBCALL(RET) extern RET __stdcall - #define SSCS_TYPEDEF_LIBCALL_PTR(RET, PTR) typedef RET * (__stdcall *PTR) - #define SSCS_TYPEDEF_LIBCALL(RET, PTR) typedef RET (__stdcall *PTR) - -#else - - #define SSCS_GLOBAL_LIBCALL_PTR(RET) RET * - #define SSCS_GLOBAL_LIBCALL(RET) RET - #define SSCS_EXTERN_LIBCALL_PTR(RET) extern RET * - #define SSCS_EXTERN_LIBCALL(RET) extern RET - #define SSCS_TYPEDEF_LIBCALL_PTR(RET, PTR) typedef RET * (*PTR) - #define SSCS_TYPEDEF_LIBCALL(RET, PTR) typedef RET (*PTR) - -#endif /* WIN32 */ - - -#ifndef _MICASA_TYPES_H_ -#define _MICASA_TYPES_H_ - -#if defined(WIN32) -#include - - typedef unsigned __int64 uint64_t; - typedef signed __int64 int64_t; - typedef unsigned int uint32_t; - typedef signed int int32_t; - typedef unsigned short uint16_t; - typedef signed short int16_t; - typedef unsigned char uint8_t; - typedef signed char int_t; - -#else - -#include -#include -#endif - - -#ifndef _SSUTF8_H_ -/* defining the utf8 for SSCS */ -typedef unsigned char SS_UTF8_T; -#endif - -#define NSSCS_MAX_USERID_LEN 256 //* max username (bytes) -#define NSSCS_MAX_PWORD_LEN 128 //* max password (bytes) -#define NSSCS_MAX_SECRET_ID_LEN 512 //* in bytes including NULL - -// used to denote what structure is being used for the credentials -#define SSCS_CRED_TYPE_BASIC_F 0x00000001L - -// used to denote the type of username being requested or set -#define USERNAME_TYPE_CN_F 0x00000000L // default behavior -#define USERNAME_TYPE_NDS_DN_F 0x00000001L -#define USERNAME_TYPE_NDS_FDN_F 0x00000002L -#define USERNAME_TYPE_LDAP_DN_F 0x00000004L -#define USERNAME_TYPE_EMAIL_F 0x00000008L -#define USERNAME_TYPE_OTHER_F 0x00000010L - -typedef struct _sscs_secret_id -{ - uint32_t len; // max id len in bytes - SS_UTF8_T id[NSSCS_MAX_SECRET_ID_LEN]; // * should be passed in # of chars -} SSCS_SECRET_ID_T; - - -typedef struct _sscs_basic_credential -{ - uint32_t unFlags; - uint32_t unLen; - SS_UTF8_T username[NSSCS_MAX_USERID_LEN]; - uint32_t pwordLen; - SS_UTF8_T password[NSSCS_MAX_PWORD_LEN]; -} SSCS_BASIC_CREDENTIAL; - - -typedef struct _sscs_ext_t -{ - int32_t extID; // defined to identify the extension - int32_t version; // defined as the version of the specified extension - void *ext; // points to the actual extension -} SSCS_EXT_T; - - /* ####################################################################### */ - /* ############################## ERROR CODES ############################ */ - /* ####################################################################### */ - -#define NSSCS_SUCCESS 0x00000000 /* 0 */ -#define NSSCS_E_OBJECT_NOT_FOUND 0xFFFFFCE0 /* -800 */ -#define NSSCS_E_NICI_FAILURE 0xFFFFFCDF /* -801 */ -#define NSSCS_E_INVALID_SECRET_ID 0xFFFFFCDE /* -802 */ -#define NSSCS_E_SYSTEM_FAILURE 0xFFFFFCDD /* -803 */ -#define NSSCS_E_ACCESS_DENIED 0xFFFFFCDC /* -804 */ -#define NSSCS_E_NDS_INTERNAL_FAILURE 0xFFFFFCDB /* -805 */ -#define NSSCS_E_SECRET_UNINITIALIZED 0xFFFFFCDA /* -806 */ -#define NSSCS_E_BUFFER_LEN 0xFFFFFCD9 /* -807 */ -#define NSSCS_E_INCOMPATIBLE_VERSION 0xFFFFFCD8 /* -808 */ -#define NSSCS_E_CORRUPTED_STORE 0xFFFFFCD7 /* -809 */ -#define NSSCS_E_SECRET_ID_EXISTS 0xFFFFFCD6 /* -810 */ -#define NSSCS_E_NDS_PWORD_CHANGED 0xFFFFFCD5 /* -811 */ -#define NSSCS_E_INVALID_TARGET_OBJECT 0xFFFFFCD4 /* -812 */ -#define NSSCS_E_STORE_NOT_FOUND 0xFFFFFCD3 /* -813 */ -#define NSSCS_E_SERVICE_NOT_FOUND 0xFFFFFCD2 /* -814 */ -#define NSSCS_E_SECRET_ID_TOO_LONG 0xFFFFFCD1 /* -815 */ -#define NSSCS_E_ENUM_BUFF_TOO_SHORT 0xFFFFFCD0 /* -816 */ -#define NSSCS_E_NOT_AUTHENTICATED 0xFFFFFCCF /* -817 */ -#define NSSCS_E_NOT_SUPPORTED 0xFFFFFCCE /* -818 */ -#define NSSCS_E_NDS_PWORD_INVALID 0xFFFFFCCD /* -819 */ -#define NSSCS_E_NICI_OUTOF_SYNC 0xFFFFFCCC /* -820 */ -#define NSSCS_E_SERVICE_NOT_SUPPORTED 0xFFFFFCCB /* -821 */ -#define NSSCS_E_TOKEN_NOT_SUPPORTED 0xFFFFFCCA /* -822 */ -#define NSSCS_E_UNICODE_OP_FAILURE 0xFFFFFCC9 /* -823 */ -#define NSSCS_E_TRANSPORT_FAILURE 0xFFFFFCC8 /* -824 */ -#define NSSCS_E_CRYPTO_OP_FAILURE 0xFFFFFCC7 /* -825 */ -#define NSSCS_E_SERVER_CONN_FAILURE 0xFFFFFCC6 /* -826 */ -#define NSSCS_E_CONN_ACCESS_FAILURE 0xFFFFFCC5 /* -827 */ -#define NSSCS_E_ENUM_BUFF_TOO_LONG 0xFFFFFCC4 /* -828 */ -#define NSSCS_E_SECRET_BUFF_TOO_LONG 0xFFFFFCC3 /* -829 */ -#define NSSCS_E_SECRET_ID_TOO_SHORT 0xFFFFFCC2 /* -830 */ -#define NSSCS_E_CORRUPTED_PACKET_DATA 0xFFFFFCC1 /* -831 */ -#define NSSCS_E_EP_ACCESS_DENIED 0xFFFFFCC0 /* -832 */ -#define NSSCS_E_SCHEMA_NOT_EXTENDED 0xFFFFFCBF /* -833 */ -#define NSSCS_E_ATTR_NOT_FOUND 0xFFFFFCBE /* -834 */ -#define NSSCS_E_MIGRATION_NEEDED 0xFFFFFCBD /* -835 */ -#define NSSCS_E_MP_PWORD_INVALID 0xFFFFFCBC /* -836 */ -#define NSSCS_E_MP_PWORD_NOT_SET 0xFFFFFCBB /* -837 */ -#define NSSCS_E_MP_PWORD_NOT_ALLOWED 0xFFFFFCBA /* -838 */ -#define NSSCS_E_WRONG_REPLICA_TYPE 0xFFFFFCB9 /* -839 */ -#define NSSCS_E_ATTR_VAL_NOT_FOUND 0xFFFFFCB8 /* -840 */ -#define NSSCS_E_INVALID_PARAM 0xFFFFFCB7 /* -841 */ -#define NSSCS_E_NEED_SECURE_CHANNEL 0xFFFFFCB6 /* -842 */ -#define NSSCS_E_CONFIG_NOT_SUPPORTED 0xFFFFFCB5 /* -843 */ -#define NSSCS_E_STORE_NOT_LOCKED 0xFFFFFCB4 /* -844 */ -#define NSSCS_E_TIME_OUT_OF_SYNC 0xFFFFFCB3 /* -845 */ -#define NSSCS_E_VERSION_MISMATCH 0xFFFFFCB2 /* -846 */ -#define NSSCS_E_SECRET_BUFF_TOO_SHORT 0xFFFFFCB1 /* -847 */ -#define NSSCS_E_SH_SECRET_FAILURE 0xFFFFFCB0 /* -848 */ -#define NSSCS_E_PARSER_FAILURE 0xFFFFFCAF /* -849 */ -#define NSSCS_E_UTF8_OP_FAILURE 0xFFFFFCAE /* -850 */ -#define NSSCS_E_CTX_LESS_CN_NOT_UNIQUE 0xFFFFFCAD /* -851 */ -#define NSSCS_E_UNSUPPORTED_BIND_CRED 0xFFFFFCAC /* -852 */ -#define NSSCS_E_CERTIFICATE_NOT_FOUND 0xFFFFFCAB /* -853 */ -#define NSSCS_E_CANT_OPEN_CLIENT_CACHE 0xFFFFFCAA /* -854 */ -#define NSSCS_E_WRONG_SH_SEC_TYPE 0xFFFFFCA9 /* -855 */ - -#define NSSCS_E_NOT_IMPLEMENTED 0xFFFFFC88 /* -888 */ -#define NSSCS_E_BETA_EXPIRED 0xFFFFFC7D /* -899 */ - - - /* ######################################################################### - ########################### ERROR DESCRIPTIONS ########################## - ######################################################################### - - NSSCS_E_OBJECT_NOT_FOUND -800 - Description: Can't find the target object DN in NDS. (Resolve name failed.) - - NSSCS_E_NICI_FAILURE -801 - Description: NICI operations have failed. - - NSSCS_E_INVALID_SECRET_ID -802 - Description: Secret ID is not in the User Secret Store. - - NSSCS_E_SYSTEM_FAILURE -803 - Description: Some internal operating system services have not been available. - - NSSCS_E_ACCESS_DENIED -804 - Description: Access to the target Secret Store has been denied! - - NSSCS_E_NDS_INTERNAL_FAILURE -805 - Description: Some internal NDS services have not been available. - - NSSCS_E_SECRET_UNINITIALIZED -806 - Description: Secret has not been initialized with a write. - - NSSCS_E_BUFFER_LEN -807 - Description: Size of the buffer is not in a nominal range between minimum and maximum. - - NSSCS_E_INCOMPATIBLE_VERSION -808 - Description: Client and server components are not of the compatible versions. - - NSSCS_E_CORRUPTED_STORE -809 - Description: Secret Store data on the server has been corrupted. - - NSSCS_E_SECRET_ID_EXISTS -810 - Description: Secret ID already exists in the Secret Store. - - NSSCS_E_NDS_PWORD_CHANGED -811 - Description: User NDS password has been changed by the administrator. - - NSSCS_E_INVALID_TARGET_OBJECT -812 - Description: Target NDS User object not found. - - NSSCS_E_STORE_NOT_FOUND -813 - Description: Target NDS User object does not have a Secret Store. - - NSSCS_E_SERVICE_NOT_FOUND -814 - Description: Secret Store not on the Network. - - NSSCS_E_SECRET_ID_TOO_LONG -815 - Description: Lenght of the Secret ID buffer exceeds the limit. - - NSSCS_E_ENUM_BUFF_TOO_SHORT -816 - Description: Lenght of the Enumeration buffer too short. - - NSSCS_E_NOT_AUTHENTICATED -817 - Description: User not authenticated. - - NSSCS_E_NOT_SUPPORTED -818 - Description: Not supported operations. - - NSSCS_E_NDS_PWORD_INVALID -819 - Description: Typed in NDS password not valid. - - NSSCS_E_NICI_OUTOF_SYNC -820 - Description: Session keys of the client and server NICI are out of sync. - - NSSCS_E_SERVICE_NOT_SUPPORTED -821 - Description: Requested service not supported yet. - - NSSCS_E_TOKEN_NOT_SUPPORTED -822 - Description: NDS authentication type not supported. - - NSSCS_E_UNICODE_OP_FAILURE -823 - Description: Unicode text conversion operation failed. - - NSSCS_E_TRANSPORT_FAILURE -824 - Description: Connection to server is lost. - - NSSCS_E_CRYPTO_OP_FAILURE -825 - Description: Cryptographic operation failed. - - NSSCS_E_SERVER_CONN_FAILURE -826 - Description: Opening a connection to the server failed. - - NSSCS_E_CONN_ACCESS_FAILURE -827 - Description: Access to server connection failed. - - NSSCS_E_ENUM_BUFF_TOO_LONG -828 - Description: Size of the enumeration buffer exceeds the limit. - - NSSCS_E_SECRET_BUFF_TOO_LONG -829 - Description: Size of the Secret buffer exceeds the limit. - - NSSCS_E_SECRET_ID_TOO_SHORT -830 - Description: Lenght of the Secret ID should be greater than zero. - - NSSCS_E_CORRUPTED_PACKET_DATA -831 - Description: Protocol data corrupted on the wire. - - NSSCS_E_EP_ACCESS_DENIED -832 - Description: EP password validation failed. Access to the secret denied! - - NSSCS_E_SCHEMA_NOT_EXTENDED -833 - Description: Schema is not extended to support SecreStore on the target tree. - - NSSCS_E_ATTR_NOT_FOUND -834 - Description: One of the optional service attributes is not instantiated. - - NSSCS_E_MIGRATION_NEEDED -835 - Description: Server has been upgraded and user SecretStore should be updated. - - NSSCS_E_MP_PWORD_INVALID -836 - Description: Master passwrod could not be verified to read or unlock the secrets. - - NSSCS_E_MP_PWORD_NOT_SET -837 - Description: Master password has not been set on the SecretStore. - - NSSCS_E_MP_PWORD_NOT_ALLOWED -838 - Description: Ability to use master password has been disabled. - - NSSCS_E_WRONG_REPLICA_TYPE -839 - Description: Not a writeable replica of NDS. - - NSSCS_E_ATTR_VAL_NOT_FOUND -840 - Description: Target attrbute is not instantiated in NDS. - - NSSCS_E_INVALID_PARAM -841 - Description: API parameter is not initialized. - - NSSCS_E_NEED_SECURE_CHANNEL -842 - Description: Connection to the SecretStore needs to be over SSL. - - NSSCS_E_CONFIG_NOT_SUPPORTED -843 - Description: No server to support the given override configuration is found. - - NSSCS_E_STORE_NOT_LOCKED -844 - Description: Attempt to unlock SecretStore failed because the store is not locked. - - NSSCS_E_TIME_OUT_OF_SYNC -845 - Description: NDS Replica on the server that holds SecretStore is out of sync with the replica ring. - - NSSCS_E_VERSION_MISMATCH -846 - Description: Versions of the client dlls don't match. - - NSSCS_E_SECRET_BUFF_TOO_SHORT -847 - Description: Buffer supplied for the secret is too short (minimum NSSCS_MIN_IDLIST_BUF_LEN). - - NSSCS_E_SH_SECRET_FAILURE -848 - Description: Shared Secret processing and operations failed. - - NSSCS_E_PARSER_FAILURE -849 - Description: Shared Secret parser operations failed. - - NSSCS_E_UTF8_OP_FAILURE -850 - Description: Utf8 string operations failed. - - NSSCS_E_CTX_LESS_CN_NOT_UNIQUE -851 - Description: Contextless name for LDAP bind does not resolve to a unique DN - - NSSCS_E_UNSUPPORTED_BIND_CRED -852 - Description: login credential for advanced bind is not supported - - NSSCS_E_CERTIFICATE_NOT_FOUND -853 - Description: LDAP Root Cert required for Bind operations not found - - NSSCS_E_WRONG_SH_SEC_TYPE -855 - Description: Unrecognized or unknown shared secret tag. - - - NSSCS_E_NOT_IMPLEMENTED -888 - Description: Feature not implemented yet. - - NSSCS_E_BETA_EXPIRED -899 - Description: Product's BETA life has expired! Official release copy should be - purchased. - - - - ########################### END OFERROR CODES ########################## */ - -#endif // _SSCS_SDK_H_ - - - // * The following functions will be exposed as exported API: - // ************************************************************** - // * These function calls will utilize the Support Functions for - // * populating or extracting data from a Shared Secret. - // ************************************************************** - - // General API Info: - // All strings passed through the API need to be NULL terminated. - // - // - // Parameters: - // ssFlags - // Sets behaviors desired on the Secret. Set to 0. - // - // appSecretID (input) - - // Name of service requesting credentials. - // - // sharedSecretID (input) - - // The group name is the name of the backend authentication realm, relating a group of services. - // Example: Novell.Collaboration (Groupwise, GW address book, GW Notify, and GWIM) - // This parameter can be set to NULL, - // - // credentialType (input) - // Type of credential structure used during this call. - // Currently we only support one: - // SSCS_CRED_TYPE_BASIC_F - // - // credential - // Pointer to the credential structure - // - // ext - // Reserved. - // - // Abstract: - // - // Get cache user credentials routine. - // - // - - SSCS_EXTERN_LIBCALL(int32_t) - miCASAGetCredential - ( - uint32_t ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - int32_t * credentialType, // IN/OUT - void * credential, // OUT - SSCS_EXT_T * ext // Reserved - ); - - SSCS_EXTERN_LIBCALL(int32_t) - miCASASetCredential - ( - uint32_t ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - int32_t credentialType, // IN - void * credential, // IN - SSCS_EXT_T * ext // Reserved - ); - - SSCS_EXTERN_LIBCALL(int32_t) - miCASARemoveCredential - ( - uint32_t ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - SSCS_EXT_T * ext // Reserved - ); - - // end - - -#if defined(__cplusplus) || defined(c_plusplus) -} -#endif - -#endif // _MICASA_MANAGED_H_ - diff --git a/LoginCapture/windows/nsscs_mgmd_idk.h b/LoginCapture/windows/nsscs_mgmd_idk.h deleted file mode 100644 index 5ab52dee..00000000 --- a/LoginCapture/windows/nsscs_mgmd_idk.h +++ /dev/null @@ -1,447 +0,0 @@ -/*********************************************************************** - * - * Copyright (C) 2005-2006 Novell, Inc. All Rights Reserved. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; version 2.1 - * of the License. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Library Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, Novell, Inc. - * - * To contact Novell about this file by physical or electronic mail, - * you may find current contact information at www.novell.com. - * - ***********************************************************************/ - -#ifndef _NSSCS_MANAGED_IDK_H_ -#define _NSSCS_MANAGED_IDK_H_ - -#if defined(__cplusplus) || defined(c_plusplus) -extern "C" -{ -#endif - -/*************************************************************************** -*** All strings are length preceeded and the lengths include the NULL. -***************************************************************************/ - - - -#if defined(WIN32) - - #define SSCS_GLOBAL_LIBCALL_PTR(RET) RET * __stdcall - #define SSCS_GLOBAL_LIBCALL(RET) RET __stdcall - #define SSCS_EXTERN_LIBCALL_PTR(RET) extern RET * __stdcall - #define SSCS_EXTERN_LIBCALL(RET) extern RET __stdcall - #define SSCS_TYPEDEF_LIBCALL_PTR(RET, PTR) typedef RET * (__stdcall *PTR) - #define SSCS_TYPEDEF_LIBCALL(RET, PTR) typedef RET (__stdcall *PTR) - -#else - - #define SSCS_GLOBAL_LIBCALL_PTR(RET) RET * - #define SSCS_GLOBAL_LIBCALL(RET) RET - #define SSCS_EXTERN_LIBCALL_PTR(RET) extern RET * - #define SSCS_EXTERN_LIBCALL(RET) extern RET - #define SSCS_TYPEDEF_LIBCALL_PTR(RET, PTR) typedef RET * (*PTR) - #define SSCS_TYPEDEF_LIBCALL(RET, PTR) typedef RET (*PTR) - -#endif /* WIN32 */ - -#ifndef _SSUTF8_H_ -/* defining the utf8 for SSCS */ -typedef unsigned char SS_UTF8_T; -#endif - -#define NSSCS_MAX_USERID_LEN 256 //* max username (bytes) -#define NSSCS_MAX_PWORD_LEN 128 //* max password (bytes) -#define NSSCS_MAX_SECRET_ID_LEN 512 //* in bytes including NULL - -// used to denote what structure is being used for the credentials -#define SSCS_CRED_TYPE_BASIC_F 0x00000001L - -// used to denote the type of username being requested or set -#define USERNAME_TYPE_CN_F 0x00000000L // default behavior -#define USERNAME_TYPE_NDS_DN_F 0x00000001L -#define USERNAME_TYPE_LDAP_DN_F 0x00000002L -#define USERNAME_TYPE_EMAIL_F 0x00000004L -#define USERNAME_TYPE_OTHER_F 0x00000008L - -typedef struct _sscs_secret_id -{ - long len; // max id len in bytes - SS_UTF8_T id[NSSCS_MAX_SECRET_ID_LEN]; // * should be passed in # of chars -} SSCS_SECRET_ID_T; - - -typedef struct _sscs_basic_credential -{ - unsigned long unFlags; - unsigned long unLen; - SS_UTF8_T username[NSSCS_MAX_USERID_LEN]; - unsigned long pwordLen; - SS_UTF8_T password[NSSCS_MAX_PWORD_LEN]; -} SSCS_BASIC_CREDENTIAL; - - -typedef struct _sscs_ext_t -{ - int extID; // defined to identify the extension - int version; // defined as the version of the specified extension - void *ext; // points to the actual extension -} SSCS_EXT_T; - - /* ####################################################################### */ - /* ############################## ERROR CODES ############################ */ - /* ####################################################################### */ - -#define NSSCS_SUCCESS 0x00000000 /* 0 */ -#define NSSCS_E_OBJECT_NOT_FOUND 0xFFFFFCE0 /* -800 */ -#define NSSCS_E_NICI_FAILURE 0xFFFFFCDF /* -801 */ -#define NSSCS_E_INVALID_SECRET_ID 0xFFFFFCDE /* -802 */ -#define NSSCS_E_SYSTEM_FAILURE 0xFFFFFCDD /* -803 */ -#define NSSCS_E_ACCESS_DENIED 0xFFFFFCDC /* -804 */ -#define NSSCS_E_NDS_INTERNAL_FAILURE 0xFFFFFCDB /* -805 */ -#define NSSCS_E_SECRET_UNINITIALIZED 0xFFFFFCDA /* -806 */ -#define NSSCS_E_BUFFER_LEN 0xFFFFFCD9 /* -807 */ -#define NSSCS_E_INCOMPATIBLE_VERSION 0xFFFFFCD8 /* -808 */ -#define NSSCS_E_CORRUPTED_STORE 0xFFFFFCD7 /* -809 */ -#define NSSCS_E_SECRET_ID_EXISTS 0xFFFFFCD6 /* -810 */ -#define NSSCS_E_NDS_PWORD_CHANGED 0xFFFFFCD5 /* -811 */ -#define NSSCS_E_INVALID_TARGET_OBJECT 0xFFFFFCD4 /* -812 */ -#define NSSCS_E_STORE_NOT_FOUND 0xFFFFFCD3 /* -813 */ -#define NSSCS_E_SERVICE_NOT_FOUND 0xFFFFFCD2 /* -814 */ -#define NSSCS_E_SECRET_ID_TOO_LONG 0xFFFFFCD1 /* -815 */ -#define NSSCS_E_ENUM_BUFF_TOO_SHORT 0xFFFFFCD0 /* -816 */ -#define NSSCS_E_NOT_AUTHENTICATED 0xFFFFFCCF /* -817 */ -#define NSSCS_E_NOT_SUPPORTED 0xFFFFFCCE /* -818 */ -#define NSSCS_E_NDS_PWORD_INVALID 0xFFFFFCCD /* -819 */ -#define NSSCS_E_NICI_OUTOF_SYNC 0xFFFFFCCC /* -820 */ -#define NSSCS_E_SERVICE_NOT_SUPPORTED 0xFFFFFCCB /* -821 */ -#define NSSCS_E_TOKEN_NOT_SUPPORTED 0xFFFFFCCA /* -822 */ -#define NSSCS_E_UNICODE_OP_FAILURE 0xFFFFFCC9 /* -823 */ -#define NSSCS_E_TRANSPORT_FAILURE 0xFFFFFCC8 /* -824 */ -#define NSSCS_E_CRYPTO_OP_FAILURE 0xFFFFFCC7 /* -825 */ -#define NSSCS_E_SERVER_CONN_FAILURE 0xFFFFFCC6 /* -826 */ -#define NSSCS_E_CONN_ACCESS_FAILURE 0xFFFFFCC5 /* -827 */ -#define NSSCS_E_ENUM_BUFF_TOO_LONG 0xFFFFFCC4 /* -828 */ -#define NSSCS_E_SECRET_BUFF_TOO_LONG 0xFFFFFCC3 /* -829 */ -#define NSSCS_E_SECRET_ID_TOO_SHORT 0xFFFFFCC2 /* -830 */ -#define NSSCS_E_CORRUPTED_PACKET_DATA 0xFFFFFCC1 /* -831 */ -#define NSSCS_E_EP_ACCESS_DENIED 0xFFFFFCC0 /* -832 */ -#define NSSCS_E_SCHEMA_NOT_EXTENDED 0xFFFFFCBF /* -833 */ -#define NSSCS_E_ATTR_NOT_FOUND 0xFFFFFCBE /* -834 */ -#define NSSCS_E_MIGRATION_NEEDED 0xFFFFFCBD /* -835 */ -#define NSSCS_E_MP_PWORD_INVALID 0xFFFFFCBC /* -836 */ -#define NSSCS_E_MP_PWORD_NOT_SET 0xFFFFFCBB /* -837 */ -#define NSSCS_E_MP_PWORD_NOT_ALLOWED 0xFFFFFCBA /* -838 */ -#define NSSCS_E_WRONG_REPLICA_TYPE 0xFFFFFCB9 /* -839 */ -#define NSSCS_E_ATTR_VAL_NOT_FOUND 0xFFFFFCB8 /* -840 */ -#define NSSCS_E_INVALID_PARAM 0xFFFFFCB7 /* -841 */ -#define NSSCS_E_NEED_SECURE_CHANNEL 0xFFFFFCB6 /* -842 */ -#define NSSCS_E_CONFIG_NOT_SUPPORTED 0xFFFFFCB5 /* -843 */ -#define NSSCS_E_STORE_NOT_LOCKED 0xFFFFFCB4 /* -844 */ -#define NSSCS_E_TIME_OUT_OF_SYNC 0xFFFFFCB3 /* -845 */ -#define NSSCS_E_VERSION_MISMATCH 0xFFFFFCB2 /* -846 */ -#define NSSCS_E_SECRET_BUFF_TOO_SHORT 0xFFFFFCB1 /* -847 */ -#define NSSCS_E_SH_SECRET_FAILURE 0xFFFFFCB0 /* -848 */ -#define NSSCS_E_PARSER_FAILURE 0xFFFFFCAF /* -849 */ -#define NSSCS_E_UTF8_OP_FAILURE 0xFFFFFCAE /* -850 */ -#define NSSCS_E_CTX_LESS_CN_NOT_UNIQUE 0xFFFFFCAD /* -851 */ -#define NSSCS_E_UNSUPPORTED_BIND_CRED 0xFFFFFCAC /* -852 */ -#define NSSCS_E_CERTIFICATE_NOT_FOUND 0xFFFFFCAB /* -853 */ -#define NSSCS_E_CANT_OPEN_CLIENT_CACHE 0xFFFFFCAA /* -854 */ -#define NSSCS_E_WRONG_SH_SEC_TYPE 0xFFFFFCA9 /* -855 */ - -#define NSSCS_E_NOT_IMPLEMENTED 0xFFFFFC88 /* -888 */ -#define NSSCS_E_BETA_EXPIRED 0xFFFFFC7D /* -899 */ - - - /* ######################################################################### - ########################### ERROR DESCRIPTIONS ########################## - ######################################################################### - - NSSCS_E_OBJECT_NOT_FOUND -800 - Description: Can't find the target object DN in NDS. (Resolve name failed.) - - NSSCS_E_NICI_FAILURE -801 - Description: NICI operations have failed. - - NSSCS_E_INVALID_SECRET_ID -802 - Description: Secret ID is not in the User Secret Store. - - NSSCS_E_SYSTEM_FAILURE -803 - Description: Some internal operating system services have not been available. - - NSSCS_E_ACCESS_DENIED -804 - Description: Access to the target Secret Store has been denied! - - NSSCS_E_NDS_INTERNAL_FAILURE -805 - Description: Some internal NDS services have not been available. - - NSSCS_E_SECRET_UNINITIALIZED -806 - Description: Secret has not been initialized with a write. - - NSSCS_E_BUFFER_LEN -807 - Description: Size of the buffer is not in a nominal range between minimum and maximum. - - NSSCS_E_INCOMPATIBLE_VERSION -808 - Description: Client and server components are not of the compatible versions. - - NSSCS_E_CORRUPTED_STORE -809 - Description: Secret Store data on the server has been corrupted. - - NSSCS_E_SECRET_ID_EXISTS -810 - Description: Secret ID already exists in the Secret Store. - - NSSCS_E_NDS_PWORD_CHANGED -811 - Description: User NDS password has been changed by the administrator. - - NSSCS_E_INVALID_TARGET_OBJECT -812 - Description: Target NDS User object not found. - - NSSCS_E_STORE_NOT_FOUND -813 - Description: Target NDS User object does not have a Secret Store. - - NSSCS_E_SERVICE_NOT_FOUND -814 - Description: Secret Store not on the Network. - - NSSCS_E_SECRET_ID_TOO_LONG -815 - Description: Lenght of the Secret ID buffer exceeds the limit. - - NSSCS_E_ENUM_BUFF_TOO_SHORT -816 - Description: Lenght of the Enumeration buffer too short. - - NSSCS_E_NOT_AUTHENTICATED -817 - Description: User not authenticated. - - NSSCS_E_NOT_SUPPORTED -818 - Description: Not supported operations. - - NSSCS_E_NDS_PWORD_INVALID -819 - Description: Typed in NDS password not valid. - - NSSCS_E_NICI_OUTOF_SYNC -820 - Description: Session keys of the client and server NICI are out of sync. - - NSSCS_E_SERVICE_NOT_SUPPORTED -821 - Description: Requested service not supported yet. - - NSSCS_E_TOKEN_NOT_SUPPORTED -822 - Description: NDS authentication type not supported. - - NSSCS_E_UNICODE_OP_FAILURE -823 - Description: Unicode text conversion operation failed. - - NSSCS_E_TRANSPORT_FAILURE -824 - Description: Connection to server is lost. - - NSSCS_E_CRYPTO_OP_FAILURE -825 - Description: Cryptographic operation failed. - - NSSCS_E_SERVER_CONN_FAILURE -826 - Description: Opening a connection to the server failed. - - NSSCS_E_CONN_ACCESS_FAILURE -827 - Description: Access to server connection failed. - - NSSCS_E_ENUM_BUFF_TOO_LONG -828 - Description: Size of the enumeration buffer exceeds the limit. - - NSSCS_E_SECRET_BUFF_TOO_LONG -829 - Description: Size of the Secret buffer exceeds the limit. - - NSSCS_E_SECRET_ID_TOO_SHORT -830 - Description: Lenght of the Secret ID should be greater than zero. - - NSSCS_E_CORRUPTED_PACKET_DATA -831 - Description: Protocol data corrupted on the wire. - - NSSCS_E_EP_ACCESS_DENIED -832 - Description: EP password validation failed. Access to the secret denied! - - NSSCS_E_SCHEMA_NOT_EXTENDED -833 - Description: Schema is not extended to support SecreStore on the target tree. - - NSSCS_E_ATTR_NOT_FOUND -834 - Description: One of the optional service attributes is not instantiated. - - NSSCS_E_MIGRATION_NEEDED -835 - Description: Server has been upgraded and user SecretStore should be updated. - - NSSCS_E_MP_PWORD_INVALID -836 - Description: Master passwrod could not be verified to read or unlock the secrets. - - NSSCS_E_MP_PWORD_NOT_SET -837 - Description: Master password has not been set on the SecretStore. - - NSSCS_E_MP_PWORD_NOT_ALLOWED -838 - Description: Ability to use master password has been disabled. - - NSSCS_E_WRONG_REPLICA_TYPE -839 - Description: Not a writeable replica of NDS. - - NSSCS_E_ATTR_VAL_NOT_FOUND -840 - Description: Target attrbute is not instantiated in NDS. - - NSSCS_E_INVALID_PARAM -841 - Description: API parameter is not initialized. - - NSSCS_E_NEED_SECURE_CHANNEL -842 - Description: Connection to the SecretStore needs to be over SSL. - - NSSCS_E_CONFIG_NOT_SUPPORTED -843 - Description: No server to support the given override configuration is found. - - NSSCS_E_STORE_NOT_LOCKED -844 - Description: Attempt to unlock SecretStore failed because the store is not locked. - - NSSCS_E_TIME_OUT_OF_SYNC -845 - Description: NDS Replica on the server that holds SecretStore is out of sync with the replica ring. - - NSSCS_E_VERSION_MISMATCH -846 - Description: Versions of the client dlls don't match. - - NSSCS_E_SECRET_BUFF_TOO_SHORT -847 - Description: Buffer supplied for the secret is too short (minimum NSSCS_MIN_IDLIST_BUF_LEN). - - NSSCS_E_SH_SECRET_FAILURE -848 - Description: Shared Secret processing and operations failed. - - NSSCS_E_PARSER_FAILURE -849 - Description: Shared Secret parser operations failed. - - NSSCS_E_UTF8_OP_FAILURE -850 - Description: Utf8 string operations failed. - - NSSCS_E_CTX_LESS_CN_NOT_UNIQUE -851 - Description: Contextless name for LDAP bind does not resolve to a unique DN - - NSSCS_E_UNSUPPORTED_BIND_CRED -852 - Description: login credential for advanced bind is not supported - - NSSCS_E_CERTIFICATE_NOT_FOUND -853 - Description: LDAP Root Cert required for Bind operations not found - - NSSCS_E_WRONG_SH_SEC_TYPE -855 - Description: Unrecognized or unknown shared secret tag. - - - NSSCS_E_NOT_IMPLEMENTED -888 - Description: Feature not implemented yet. - - NSSCS_E_BETA_EXPIRED -899 - Description: Product's BETA life has expired! Official release copy should be - purchased. - - - - ########################### END OFERROR CODES ########################## */ - - // * The following functions will be exposed as exported API: - // ************************************************************** - // * These function calls will utilize the Support Functions for - // * populating or extracting data from a Shared Secret. - // ************************************************************** - - // General API Info: - // - // There is a high probability that services under the same group share the - // same user name and passwords. By specifying a service group name, the caller wants to - // take advantage of this to try to improve the user experience. If the service group - // name is not specified then no effort is made to share usernames and passwords with - // other services. - // - // If the svcGroupNameIsRealmName parameter is set to true then it is assumed that - // the services in the group validate username and passwords against the same - // database or against synchronized databases. - // - // If the svcGroupNameIsRealmName parameter is set to false then an attempt will be - // made to share passwords between the services in the group but services will be - // allowed to use different passwords. Specifying a service group does not mean - // that the system will not be able to obtain a username and password that is - // unique to a particular service. - // - // All strings passed through the API need to be NULL terminated. - // - - // - // Get cache user credentials routine - // - // Parameters: - // - // ssFlags - // Sets behaviors desired on the Secret. - // Example: SSCS_PERSIST_CREDENTIAL_F (Make credential persistent) - // - // appSecretID (input) - - // Name of service requesting credentials. - // - // sharedSecretID (input) - - // The group name is the name of the backend authentication realm, relating a group of services. - // Example: NovellCollaboration (Groupwise, GW address book, GW Notify, and GWIM) - // This parameter can be set to NULL, - // - // credentialType (input) - // Type of credential structure used during this call. - // Currently we only support one: - // SSCS_CRED_TYPE_BASIC_F - // - // credential - // Pointer to the credential structure - // - // ext - // Reserved. - // - // Abstract: - // - // Get cache user credentials routine. - // - // - - SSCS_EXTERN_LIBCALL(int) - NSSCSGetCredential - ( - unsigned long ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - int * credentialType, // IN/OUT - void * credential, // OUT - SSCS_EXT_T * ext // Reserved - ); - - SSCS_EXTERN_LIBCALL(int) - NSSCSSetCredential - ( - unsigned long ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - int credentialType, // IN - void * credential, // IN - SSCS_EXT_T * ext // Reserved - ); - - SSCS_EXTERN_LIBCALL(int) - NSSCSRemoveCredential - ( - unsigned long ssFlags, // IN - SSCS_SECRET_ID_T * appSecretID, // IN - SSCS_SECRET_ID_T * sharedSecretID, // Optional IN - SSCS_EXT_T * ext // Reserved - ); - - // end - - -#if defined(__cplusplus) || defined(c_plusplus) -} -#endif - -#endif // _NSSCS_MANAGED_IDK_H_ - diff --git a/LoginCapture/windows/windows.vcproj b/LoginCapture/windows/windows.vcproj index c952e111..4aa128e1 100644 --- a/LoginCapture/windows/windows.vcproj +++ b/LoginCapture/windows/windows.vcproj @@ -19,7 +19,7 @@ - - diff --git a/c_common/sscs_ll.c b/c_common/sscs_ll.c index 146c26c9..88f7a980 100644 --- a/c_common/sscs_ll.c +++ b/c_common/sscs_ll.c @@ -210,7 +210,7 @@ int ll_InsertSharedSecretLink sharedLink->key = (SS_UTF8_T *)(((uint8_t *)sharedLink) + sizeof(LL_SHSEC_KEY_VAL_T)); sharedLink->value = (((uint8_t *)sharedLink) + sizeof(LL_SHSEC_KEY_VAL_T)) + keyLen; - sscs_Utf8Strcpy(sharedLink->key, key); + sscs_Utf8Strncpy(sharedLink->key, key, kLen); memcpy(sharedLink->value, value, vLen); return(NSSCS_LL_SUCCESS); diff --git a/c_micasacache/Makefile.am b/c_micasacache/Makefile.am deleted file mode 100644 index da9e07c3..00000000 --- a/c_micasacache/Makefile.am +++ /dev/null @@ -1,36 +0,0 @@ -####################################################################### -# -# Copyright (C) 2006 Novell, Inc. -# -# This program is free software; you can redistribute it and/or -# modify it under the terms of the GNU General Public -# License as published by the Free Software Foundation; either -# version 2 of the License, or (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public -# License along with this program; if not, write to the Free -# Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -# -# -####################################################################### - -SUBDIRS = $(TARGET_OS) - -DIST_SUBDIRS = linux - -CFILES = - -EXTRA_DIST = *.c - -.PHONY: package package-clean package-install package-uninstall -package package-clean package-install package-uninstall: - $(MAKE) -C $(TARGET_OS) $@ - -maintainer-clean-local: - rm -f Makefile.in - diff --git a/c_micasacache/sscs_unx_cache.c b/c_micasacache/sscs_unx_cache.c index b5eabd6f..6b010112 100644 --- a/c_micasacache/sscs_unx_cache.c +++ b/c_micasacache/sscs_unx_cache.c @@ -45,7 +45,7 @@ extern "C" void* sscs_CacheOpenSecretStore ( void *secretStoreID, - uint32_t ssFlags, + uint32_t ssFlags, void *reserved ) @@ -54,27 +54,19 @@ void* sscs_CacheOpenSecretStore SSCS_LINUX_SS_HANDLE_T *platHandle = NULL; int32_t retVal = 0; - ssHandle = (SSCS_SECRETSTORE_HANDLE_T *)malloc(sizeof(SSCS_SECRETSTORE_HANDLE_T)); + ssHandle = (SSCS_SECRETSTORE_HANDLE_T *)malloc((sizeof(SSCS_SECRETSTORE_HANDLE_T) + (sizeof(SSCS_LINUX_SS_HANDLE_T)))); if(NULL == ssHandle) { return NULL; } - platHandle = (SSCS_LINUX_SS_HANDLE_T *)malloc(sizeof(SSCS_LINUX_SS_HANDLE_T)); - if(NULL == platHandle) - { - free(ssHandle); - return NULL; - } - memset(ssHandle,0,sizeof(SSCS_SECRETSTORE_HANDLE_T)); - memset(platHandle,0,sizeof(SSCS_LINUX_SS_HANDLE_T)); - - ssHandle->platHandle = platHandle; - + memset(ssHandle,0,sizeof(SSCS_SECRETSTORE_HANDLE_T)); + ssHandle->platHandle = ssHandle + sizeof(SSCS_SECRETSTORE_HANDLE_T); + retVal = ipc_OpenSecretStore(secretStoreID,ssHandle); if(retVal) { - free(platHandle); + memset(ssHandle, 0, sizeof(SSCS_SECRETSTORE_HANDLE_T) + (sizeof(SSCS_LINUX_SS_HANDLE_T))); free(ssHandle); return NULL; } @@ -106,8 +98,7 @@ int32_t sscs_CacheCloseSecretStore if(ssHandleCopy->platHandle) { - retVal = ipc_CloseSecretStore(ssHandleCopy, ssFlags); - free(ssHandleCopy->platHandle); + retVal = ipc_CloseSecretStore(ssHandleCopy, ssFlags); } if(ssHandleCopy) diff --git a/c_micasacache/sscs_unx_ipc_client.c b/c_micasacache/sscs_unx_ipc_client.c index 5d280369..be280071 100644 --- a/c_micasacache/sscs_unx_ipc_client.c +++ b/c_micasacache/sscs_unx_ipc_client.c @@ -227,8 +227,8 @@ int32_t ipc_OpenSecretStore break; } - *(int *)ssHandle->platHandle = IPC_CREATE(); - if(*(int *)ssHandle->platHandle < 0) + ssHandle->platHandle = IPC_CREATE(); + if(ssHandle->platHandle < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; break; @@ -259,13 +259,13 @@ int32_t ipc_OpenSecretStore memcpy(pReq,ssID->ssName,ssNameLen); pReq += ssNameLen; - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,(char *)gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,(char *)gpReqBuf, msgLen); if(retVal < 0) { DMSG(("Write failed : %s\n",strerror(errno))); DMSG(("Closing socket : %d\n",*(int*)ssHandle->platHandle)); DMSG(("ipc_OpenSecretStore:IPC_WRITE returned :%d\n",retVal)); - IPC_CLOSE(*(int *)ssHandle->platHandle); + IPC_CLOSE(ssHandle->platHandle); retCode = NSSCS_E_SYSTEM_FAILURE; break; } @@ -276,7 +276,7 @@ int32_t ipc_OpenSecretStore // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_OPENSS); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_OPENSS); if(retVal < 0) { //log debug info here @@ -284,7 +284,7 @@ int32_t ipc_OpenSecretStore DMSG(("Read failed : %s\n",strerror(errno))); DMSG(("Closing socket : %d\n",*(int*)ssHandle->platHandle)); - IPC_CLOSE(*(int *)ssHandle->platHandle); + IPC_CLOSE(ssHandle->platHandle); retCode = NSSCS_E_SYSTEM_FAILURE; break; } @@ -302,7 +302,7 @@ int32_t ipc_OpenSecretStore { DMSG(("ipc_OpenSecretStore:sscs returned :%d\n",sockReturn)); DMSG(("Closing socket : %d\n",*(int*)ssHandle->platHandle)); - IPC_CLOSE(*(int *)ssHandle->platHandle); + IPC_CLOSE(ssHandle->platHandle); retCode = mapReturnCode(sockReturn); break; } @@ -351,7 +351,7 @@ int32_t ipc_CloseSecretStore //marshall ssflags memcpy(pReq, &ssFlags, MSG_DWORD_LEN); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { retVal = NSSCS_E_SYSTEM_FAILURE; @@ -361,7 +361,7 @@ int32_t ipc_CloseSecretStore // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -379,7 +379,7 @@ int32_t ipc_CloseSecretStore }while(0); DMSG(("Closing socket : %d\n",*(int*)ssHandle->platHandle)); - IPC_CLOSE(*(int *)ssHandle->platHandle); + IPC_CLOSE(ssHandle->platHandle); return retCode; // map return code } @@ -419,7 +419,7 @@ int32_t ipc_RemoveSecretStore pReq += MSGID_LEN; memcpy(pReq, &msgLen, MSG_LEN); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -428,7 +428,7 @@ int32_t ipc_RemoveSecretStore // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -497,7 +497,7 @@ int32_t ipc_EnumerateKeychainIDs pReq += MSGID_LEN; memcpy(pReq, &msgLen, MSG_LEN); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -507,7 +507,7 @@ int32_t ipc_EnumerateKeychainIDs // Read reply pReply = gpReplyBuf; memset(pReply,0,MIN_REPLY_BUF_LEN); - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -523,7 +523,7 @@ int32_t ipc_EnumerateKeychainIDs memcpy(&bufLen,pReply, MSG_DWORD_LEN); if( 0 == bufLen ) { - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if(retVal < 0) { //log debug info here @@ -546,13 +546,13 @@ int32_t ipc_EnumerateKeychainIDs n = msgLen - MSG_REPLY_GENERAL; while(n) { - int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); + int bytes = IPC_READ(ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); if( bytes > 0 ) n -= MIN_REPLY_BUF_LEN; else break; } - retVal = IPC_READ(*(int *)ssHandle->platHandle, + retVal = IPC_READ(ssHandle->platHandle, &sockReturn, MSG_DWORD_LEN); if(retVal < 0) { @@ -565,7 +565,7 @@ int32_t ipc_EnumerateKeychainIDs else tmpBuf = (SS_UTF8_T *)pReply; // Save this ptr to free later. } - retVal = IPC_READ(*(int *)ssHandle->platHandle,pReply, bufLen*sizeof(char)); + retVal = IPC_READ(ssHandle->platHandle,pReply, bufLen*sizeof(char)); tmpPtr = (SS_UTF8_T *)pReply; tmpPtr[bufLen] = nulc; @@ -587,7 +587,7 @@ int32_t ipc_EnumerateKeychainIDs free(tmpBuf); tmpBuf = NULL; } - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); kcIDList->enumHandle = 0; retCode = NSSS_E_ENUM_BUFF_TOO_SHORT; @@ -605,7 +605,7 @@ int32_t ipc_EnumerateKeychainIDs } } - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if(retVal < 0) { //log debug info here @@ -677,7 +677,7 @@ int32_t ipc_AddKeychain memcpy((SS_UTF8_T*)pReq,keychainID->keychainID,keychainIDLen); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -687,7 +687,7 @@ int32_t ipc_AddKeychain // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -759,7 +759,7 @@ int32_t ipc_RemoveKeychain pReq += MSG_STRING_LEN; memcpy(pReq,keychainID->keychainID, keychainIDLen); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -768,7 +768,7 @@ int32_t ipc_RemoveKeychain // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -853,7 +853,7 @@ int32_t ipc_EnumerateSecretIDs pReq += MSG_STRING_LEN; memcpy((SS_UTF8_T *)pReq,(SS_UTF8_T *)keychainID->keychainID,keychainIDLen); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -863,7 +863,7 @@ int32_t ipc_EnumerateSecretIDs // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if( retVal < 0 ) { //log debug info here @@ -881,7 +881,7 @@ int32_t ipc_EnumerateSecretIDs if( 0 == bufLen ) { // Cleanup the channel by reading the return code. - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); secretIDList->returnedIDs = 0; retCode = mapReturnCode(sockReturn); break; @@ -899,13 +899,13 @@ int32_t ipc_EnumerateSecretIDs n = msgLen - MSG_REPLY_GENERAL; while(n) { - int bytes = IPC_READ((*(int *)ssHandle->platHandle), gpReplyBuf, MIN_REPLY_BUF_LEN); + int bytes = IPC_READ((ssHandle->platHandle), gpReplyBuf, MIN_REPLY_BUF_LEN); if(bytes > 0 ) n -= MIN_REPLY_BUF_LEN; else break; } - retVal = IPC_READ(*(int *)ssHandle->platHandle, + retVal = IPC_READ(ssHandle->platHandle, &sockReturn, MSG_DWORD_LEN); if(retVal < 0) { @@ -920,7 +920,7 @@ int32_t ipc_EnumerateSecretIDs else tmpBuf = (SS_UTF8_T *)pReply; // Save this ptr to free later. } - retVal = IPC_READ(*(int *)ssHandle->platHandle,pReply, bufLen*sizeof(SS_UTF8_T)); + retVal = IPC_READ(ssHandle->platHandle,pReply, bufLen*sizeof(SS_UTF8_T)); DMSG(("Read returns..%d\n",retVal)); tmpPtr = (SS_UTF8_T *)pReply; tmpPtr[bufLen] = nulc; @@ -941,7 +941,7 @@ int32_t ipc_EnumerateSecretIDs free(tmpBuf); tmpBuf = NULL; } - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); secretIDList->enumHandle = 0; retCode = NSSS_E_ENUM_BUFF_TOO_SHORT; break; @@ -958,7 +958,7 @@ int32_t ipc_EnumerateSecretIDs } } - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if(retVal < 0) { //log debug info here @@ -1049,7 +1049,7 @@ int32_t ipc_ReadSecret memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1059,7 +1059,7 @@ int32_t ipc_ReadSecret // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if( 0 == retVal ) { //log debug info here @@ -1075,7 +1075,7 @@ int32_t ipc_ReadSecret if( 0 == dataLen ) { // Cleanup the channel by reading the return code. - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1089,7 +1089,7 @@ int32_t ipc_ReadSecret if(dataLen <= (uint32_t)secretData->len) { // Read the secret into application buffer. - retVal = IPC_READ(*(int *)ssHandle->platHandle, secretData->data, dataLen); + retVal = IPC_READ(ssHandle->platHandle, secretData->data, dataLen); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1108,20 +1108,20 @@ int32_t ipc_ReadSecret n = dataLen; while(n) { - int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); + int bytes = IPC_READ(ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); if( bytes > 0) n -= MIN_REPLY_BUF_LEN; else break; } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = NSSCS_E_ENUM_BUFF_TOO_SHORT; break; } } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = mapReturnCode(sockReturn); } while(0); @@ -1288,11 +1288,11 @@ int ipc_WriteSecret if(tmpBuf != NULL) { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen); } else { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen); } if(retVal < 0) { @@ -1303,7 +1303,7 @@ int ipc_WriteSecret // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -1411,7 +1411,7 @@ int32_t ipc_RemoveSecret memcpy(pReq, &pwordlen, MSG_STRING_LEN); } - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1421,7 +1421,7 @@ int32_t ipc_RemoveSecret // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1486,7 +1486,7 @@ int32_t ipc_GetSecretStoreInfo memcpy(pReq, &msgLen, MSG_LEN); pReq += MSG_LEN; - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1496,7 +1496,7 @@ int32_t ipc_GetSecretStoreInfo // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GETSSINFO); if(retVal < 0) { @@ -1575,7 +1575,7 @@ int32_t ipc_GetKeychainInfo pReq += MSG_LEN; memcpy(pReq,keychainID->keychainID,keychainID->len); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1585,7 +1585,7 @@ int32_t ipc_GetKeychainInfo // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply,MSG_REPLY_GETKEYCHAIN_INFO); + retVal = IPC_READ(ssHandle->platHandle, pReply,MSG_REPLY_GETKEYCHAIN_INFO); if(retVal < 0) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1653,7 +1653,7 @@ int32_t ipc_LockCache pReq += MSGID_LEN; memcpy(pReq, &msgLen, MSG_LEN); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1662,7 +1662,7 @@ int32_t ipc_LockCache } // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL) + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL) ; if(retVal < 0) { @@ -1725,7 +1725,7 @@ int32_t ipc_UnlockCache pReq += MSGID_LEN; memcpy(pReq, &msgLen, MSG_LEN); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { // log debug info here @@ -1734,7 +1734,7 @@ int32_t ipc_UnlockCache } // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -1814,7 +1814,7 @@ int32_t ipc_SetMasterPasscode memcpy((SS_UTF8_T*)pReq,((SSCS_PASSWORD_T*)(passcode->passcodeHandle))->pword,passcodeLen); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1824,7 +1824,7 @@ int32_t ipc_SetMasterPasscode // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -1932,7 +1932,7 @@ int32_t ipc_ReadKey memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -1942,7 +1942,7 @@ int32_t ipc_ReadKey // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if( 0 == retVal ) { //log debug info here @@ -1958,7 +1958,7 @@ int32_t ipc_ReadKey if( 0 == dataLen ) { // Cleanup the channel by reading the return code. - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1971,7 +1971,7 @@ int32_t ipc_ReadKey if(dataLen <= *valLen) { // Read the secret into application buffer. - retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen); + retVal = IPC_READ(ssHandle->platHandle, val, dataLen); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -1991,20 +1991,20 @@ int32_t ipc_ReadKey n = dataLen; while(n) { - int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); + int bytes = IPC_READ(ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); if( bytes > 0) n -= MIN_REPLY_BUF_LEN; else break; } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = NSSCS_E_ENUM_BUFF_TOO_SHORT; break; } } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = mapReturnCode(sockReturn); } while(0); @@ -2098,7 +2098,7 @@ int32_t ipc_ReadBinaryKey memcpy(pReq, epPassword->pword, epPassword->pwordLen); pReq += epPassword->pwordLen; - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -2108,7 +2108,7 @@ int32_t ipc_ReadBinaryKey // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if( 0 == retVal ) { //log debug info here @@ -2124,7 +2124,7 @@ int32_t ipc_ReadBinaryKey if( 0 == dataLen ) { // Cleanup the channel by reading the return code. - retVal = IPC_READ(*(int *)ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); + retVal = IPC_READ(ssHandle->platHandle,&sockReturn, MSG_DWORD_LEN); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -2137,7 +2137,7 @@ int32_t ipc_ReadBinaryKey if(dataLen <= *valLen) { // Read the secret into application buffer. - retVal = IPC_READ(*(int *)ssHandle->platHandle, val, dataLen); + retVal = IPC_READ(ssHandle->platHandle, val, dataLen); if( retVal < 0 ) { retCode = NSSCS_E_SYSTEM_FAILURE; @@ -2156,20 +2156,20 @@ int32_t ipc_ReadBinaryKey n = dataLen; while(n) { - int bytes = IPC_READ(*(int *)ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); + int bytes = IPC_READ(ssHandle->platHandle, gpReplyBuf, MIN_REPLY_BUF_LEN); if( bytes > 0) n -= MIN_REPLY_BUF_LEN; else break; } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = NSSCS_E_ENUM_BUFF_TOO_SHORT; break; } } // Read the sscs return code also. - IPC_READ(*(int *)ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); + IPC_READ(ssHandle->platHandle, (Byte *) &sockReturn, MSG_DWORD_LEN); retCode = mapReturnCode(sockReturn); } while(0); @@ -2348,11 +2348,11 @@ int ipc_WriteKey if(tmpBuf != NULL) { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen); } else { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen); } if(retVal < 0) { @@ -2363,7 +2363,7 @@ int ipc_WriteKey // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -2563,11 +2563,11 @@ int ipc_WriteBinaryKey if(tmpBuf != NULL) { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen); } else { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen); } if(retVal < 0) { @@ -2578,7 +2578,7 @@ int ipc_WriteBinaryKey // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -2660,7 +2660,7 @@ int32_t ipc_SetMasterPassword memcpy((SS_UTF8_T*)pReq,passwd->pword,passwdLen); - retVal = IPC_WRITE(*(int *)ssHandle->platHandle, gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle, gpReqBuf, msgLen); if(retVal < 0) { //log debug info here @@ -2670,7 +2670,7 @@ int32_t ipc_SetMasterPassword // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here @@ -2796,11 +2796,11 @@ int ipc_IsSecretPersistent } if(tmpBuf != NULL) { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,tmpBuf,msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,tmpBuf,msgLen); } else { - retVal = IPC_WRITE(*(int *)ssHandle->platHandle,gpReqBuf, msgLen); + retVal = IPC_WRITE(ssHandle->platHandle,gpReqBuf, msgLen); } if(retVal < 0) { @@ -2811,7 +2811,7 @@ int ipc_IsSecretPersistent // Read reply pReply = gpReplyBuf; - retVal = IPC_READ(*(int *)ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); + retVal = IPC_READ(ssHandle->platHandle, pReply, MSG_REPLY_GENERAL); if(retVal < 0) { //log debug info here diff --git a/c_micasadk/sscs_ndk.c b/c_micasadk/sscs_ndk.c index 16880029..fb1d7cc3 100644 --- a/c_micasadk/sscs_ndk.c +++ b/c_micasadk/sscs_ndk.c @@ -35,62 +35,21 @@ // delimited tags //static SS_UTF8_T SSCS_CRED_SET_DELIMITED[] = {'S','S','_','C','r','e','d','S','e','t',':',0}; static SS_UTF8_T SSCS_CRED_SET_DELIMITED[] = {"SS_CredSet:"}; -#define SSCS_CRED_SET_CHARS_DELIMITED 11 +#define SSCS_CRED_SET_CHARS_DELIMITED 12 //static SS_UTF8_T SSCS_APP_SECRET_DELIMITED[] = {'S','S','_','A','p','p',':',0}; static SS_UTF8_T SSCS_APP_SECRET_DELIMITED[] = {"SS_App:"}; -#define SSCS_APP_SECRET_CHARS_DELIMITED 7 +#define SSCS_APP_SECRET_CHARS_DELIMITED 8 //static SS_UTF8_T SSCS_BINARY_SECRET_DELIMITED[] = {'S','S','_','B','i','n','a','r','y',':',0}; static SS_UTF8_T SSCS_BINARY_SECRET_DELIMITED[] = {"SS_Binary:"}; -#define SSCS_BINARY_CHARS_DELIMITED 10 +#define SSCS_BINARY_CHARS_DELIMITED 11 //static SS_UTF8_T SSCS_OBITUARY_DELIMITED[] = {'S','S','_','O','b','i','t','u','a','r','y',':', 0}; static SS_UTF8_T SSCS_OBITUARY_DELIMITED[] = {"SS_Obituary:"}; -#define SSCS_OBITUARY_CHARS_DELIMITED 12 +#define SSCS_OBITUARY_CHARS_DELIMITED 13 - - -/* - * NAME - sscsshs_AddSHSBinarySHSEntry - * - * DESCRIPTION - * Internal function that adds a new entry in the parser list for a Shared Secret. - * - */ -static int32_t sscsshs_AddSHSBinaryEntry -( - void *secretHandle, - SS_UTF8_T *key, - uint32_t valLen, - uint8_t *value -) -{ /* beginning of the call */ -/* ########################## DECLARATIONS START HERE ######################### */ - - uint32_t keyLen = sscs_Utf8StrSize((SS_UTF8_T *)key); - -/* ############################## CODE STARTS HERE ############################ */ - - if((keyLen) && (secretHandle)) - { - if(ll_InsertSharedSecretLink((LL_LINKLIST_T *)secretHandle, - keyLen, key, valLen, value)) - { - return(NSSCS_E_LL_SYS_FAILURE); - } - else - { - return(NSSCS_LL_SUCCESS); - } - } - else - { - return(NSSCS_E_LL_SYS_FAILURE); - } - -/* ############################### CODE ENDS HERE ############################# */ -} //* sscsshs_AddSHSBinaryEntry +#define sscsshs_AddSHSBinaryEntry sscsshs_AddSHSEntry @@ -105,15 +64,12 @@ static int32_t sscsshs_AddSHSBinaryEntry static int32_t sscsshs_AddSHSEntry ( void *secretHandle, + uint32_t keyLen, SS_UTF8_T *key, + uint32_t valLen, uint8_t *val ) { /* beginning of the call */ -/* ########################## DECLARATIONS START HERE ######################### */ - - uint32_t keyLen = sscs_Utf8Strlen(key) + 1; - uint32_t valLen = sscs_Utf8StrSize((SS_UTF8_T *)val); - /* ############################## CODE STARTS HERE ############################ */ if((keyLen) && (secretHandle)) @@ -133,7 +89,6 @@ static int32_t sscsshs_AddSHSEntry { return(NSSCS_E_LL_SYS_FAILURE); } - /* ############################### CODE ENDS HERE ############################# */ } //* sscsshs_AddSHSEntry @@ -187,16 +142,9 @@ static int32_t sscsshs_GetNextSHSEntry if(keyVal->kLen) { *keyLen = keyVal->kLen; - sscs_Utf8Strcpy(key, keyVal->key); + sscs_Utf8Strncpy(key, keyVal->key, keyVal->kLen); *valLen = keyVal->vLen; - if(sscs_Utf8Strncmp(keyVal->key, SSCS_BINARY_SECRET, SSCS_BINARY_CHARS)) - { // credset or app data - sscs_Utf8Strcpy((SS_UTF8_T *)val, (SS_UTF8_T *)keyVal->value); - } - else - { // binary data - memcpy(val, keyVal->value, *valLen); - } + memcpy(val, keyVal->value, *valLen); return(NSSCS_SUCCESS); } @@ -221,7 +169,11 @@ static int32_t sscsshs_GetNextSHSEntry * Internal function that escapes delimited characters in a string. * */ -static void sscsshs_ChkEscapeString(SS_UTF8_T **entryBuf) +static void sscsshs_ChkEscapeString +( + SS_UTF8_T **entryBuf, + uint32_t *entryBufLen +) { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ @@ -230,9 +182,9 @@ static void sscsshs_ChkEscapeString(SS_UTF8_T **entryBuf) /* ############################## CODE STARTS HERE ############################ */ - len = sscs_Utf8Strlen(*entryBuf) + 1; + len = *entryBufLen; - if (len > (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN)) + if(len > (NSSCS_MAX_SECRET_BUF_LEN - SSCS_CRED_SET_LEN)) return; /* We assume that all the chars in entryBuf might need escaping */ @@ -272,9 +224,12 @@ static void sscsshs_ChkEscapeString(SS_UTF8_T **entryBuf) } } - if (escaped) { + if(escaped) + { + memset(*entryBuf, 0, *entryBufLen); free (*entryBuf); - *entryBuf = tempBuf; + *entryBuf = tempBuf; + *entryBufLen = *entryBufLen + k; return; } @@ -304,7 +259,9 @@ static void sscsshs_ChkEscapeString(SS_UTF8_T **entryBuf) static int32_t sscsshs_PopulateSecretBuf ( int32_t type, + uint32_t *kLen, SS_UTF8_T *key, + uint32_t *vLen, SS_UTF8_T *val, uint32_t *bufLen, SS_UTF8_T *retBuffer @@ -312,22 +269,24 @@ static int32_t sscsshs_PopulateSecretBuf { /* beginning of the call */ /* ############################## CODE STARTS HERE ############################ */ - if(sscs_Utf8Strlen(key) == 0) + if(*kLen == 0) { return(NSSCS_E_PARSER_FAILURE); // create error stating non-Sh Sec Format key } if(*bufLen) { - retBuffer[sscs_Utf8Strlen(retBuffer)] = (SS_UTF8_T)0x0A; // add a line feed delimiter + retBuffer[*bufLen] = (SS_UTF8_T)0x0A; // add a line feed delimiter } - sscsshs_ChkEscapeString(&key); + sscsshs_ChkEscapeString(&key, kLen); - if(sscs_Utf8Strcmp(key, SSCS_CRED_SET)) + if(sscs_Utf8Strncmp(key, SSCS_CRED_SET, SSCS_CRED_SET_LEN)) { - sscs_Utf8Strcat(retBuffer, key); - sscs_Utf8Strcat(retBuffer, CREDSET_DELIMITER); + sscs_Utf8Strncat(retBuffer, key, *kLen); + sscs_Utf8Strncat(retBuffer, CREDSET_DELIMITER, CREDSET_DELIMITER_LEN); + *bufLen += (CREDSET_DELIMITER_LEN + *kLen - 2); + } else { @@ -336,15 +295,16 @@ static int32_t sscsshs_PopulateSecretBuf return(NSSCS_E_PARSER_FAILURE); // create error stating non-Sh Sec Format key } - sscs_Utf8Strcat(retBuffer, key); - sscs_Utf8Strcat(retBuffer, APP_DELIMITER); + sscs_Utf8Strncat(retBuffer, key, *kLen); + sscs_Utf8Strncat(retBuffer, APP_DELIMITER, APP_DELIMITER_LEN); + *bufLen += (APP_DELIMITER_LEN + *kLen - 2); } - sscsshs_ChkEscapeString(&val); - if((*bufLen + (sscs_Utf8StrSize(val))) < NSSCS_MAX_SECRET_BUF_LEN) + sscsshs_ChkEscapeString(&val, vLen); + if((*bufLen + *vLen) < NSSCS_MAX_SECRET_BUF_LEN) { - sscs_Utf8Strcat(retBuffer, val); - *bufLen = sscs_Utf8StrSize(retBuffer); + sscs_Utf8Strncat(retBuffer, val, *vLen); + *bufLen = *bufLen + *vLen - 1; return(NSSCS_SUCCESS); } else @@ -367,6 +327,7 @@ static int32_t sscsshs_PopulateSecretBuf static int32_t sscsshs_PopulateBinarySecretBuf ( int32_t type, + uint32_t *kLen, SS_UTF8_T *key, uint32_t valLen, uint8_t *val, @@ -380,27 +341,22 @@ static int32_t sscsshs_PopulateBinarySecretBuf /* ############################## CODE STARTS HERE ############################ */ - if(sscs_Utf8Strlen(key) == 0) + if((*kLen == 0) || (*bufLen)) { return(NSSCS_E_PARSER_FAILURE); // create error stating non-Sh Sec Format key - } - - if(*bufLen) - { - return(NSSCS_E_PARSER_FAILURE); // can't mix binary data with other data - } + } // can't mix binary data with other data if(type & SSCS_BINARY_TYPE_F) { - if(sscs_Utf8Strcmp(key, SSCS_BINARY_SECRET)) + if(sscs_Utf8Strncmp(key, SSCS_BINARY_SECRET, SSCS_BINARY_CHARS)) { return(NSSCS_E_PARSER_FAILURE); // create error stating non-binary buffer } - sscsshs_ChkEscapeString(&key); - sscs_Utf8Strcpy((SS_UTF8_T *)retBuffer, key); - sscs_Utf8Strcat((SS_UTF8_T *)retBuffer, BINARY_DELIMITER); - len = sscs_Utf8StrSize((SS_UTF8_T *)retBuffer); + sscsshs_ChkEscapeString(&key, kLen); + sscs_Utf8Strncpy((SS_UTF8_T *)retBuffer, key, *kLen); + sscs_Utf8Strncat((SS_UTF8_T *)retBuffer, BINARY_DELIMITER, BINARY_DELIMITER_LEN); + len = *kLen + BINARY_DELIMITER_LEN - 1; *bufLen = len + valLen + sizeof(uint32_t); // buffer format ==> [BINARY=][binary data len(uint32_t)][binary data] *(uint32_t *)&retBuffer[len] = valLen; @@ -426,7 +382,8 @@ static int32_t sscsshs_PopulateBinarySecretBuf * */ static int32_t sscsshs_ParseBinarySecretBuf -( +( + uint32_t *kLen, SS_UTF8_T *key, uint32_t *valLen, uint8_t *val, @@ -435,15 +392,17 @@ static int32_t sscsshs_ParseBinarySecretBuf { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ - int32_t len = (SHS_BINARY_LEN + BINARY_DELIMITER_LEN) - 2; // excluding one Null terminator + int32_t len = (SHS_BINARY_LEN + BINARY_DELIMITER_LEN) - 1; // excluding one Null terminator /* ############################## CODE STARTS HERE ############################ */ - - memcpy(key, secretBuf->data, (SHS_BINARY_LEN - 2)); - if(memcmp(SHS_BINARY, key, (SHS_BINARY_LEN - 2))) + + memcpy(key, secretBuf->data, (SHS_BINARY_LEN - 1)); + if(memcmp(key, SHS_BINARY, (SHS_BINARY_LEN - 1))) { return(NSSCS_E_PARSER_FAILURE); // create error stating non-Sh Sec Format key - } + } + + *kLen = SHS_BINARY_LEN - 1; // get the length of the binary data out; *valLen = *(uint32_t *)&secretBuf[len]; @@ -473,7 +432,7 @@ static int32_t sscsshs_UnescapeSecretIDBuf int32_t i, rc = NSSCS_SUCCESS; SSCS_SECRET_ID_T tmpSecID = {0}; - int32_t len = sscs_Utf8Strlen((SS_UTF8_T *)secID->id) + 1; + int32_t len = secID->len; int32_t k = 0; /* ############################## CODE STARTS HERE ############################ */ @@ -539,25 +498,43 @@ static int32_t sscsshs_UnescapeSecretIDBuf } } // end for ... - sscs_Utf8Strcpy(shSecID->name, tmpSecID.id); - shSecID->len = sscs_Utf8Strlen(shSecID->name) + 1; + shSecID->len = tmpSecID.len + k - 1; + sscs_Utf8Strncpy(shSecID->name, tmpSecID.id, shSecID->len); // shSecID->len = k; return(rc); /* ############################### CODE ENDS HERE ############################# */ } /* end of sscsshs_UnescapeSecretIDBuf */ + + + -static int32_t unescapeString(uint8_t *val, uint32_t *valueLen) -{ - uint32_t k,i = 0; - uint32_t len = 0; - uint8_t *temp; - uint32_t rc = NSSCS_SUCCESS; +/* + * NAME - sscs_UnescapeString + * + * DESCRIPTION + * Parses a string. + * + */ +static int32_t sscs_UnescapeString +( + uint8_t *val, + uint32_t *valueLen +) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + uint32_t k,i = 0; + uint32_t len = 0; + uint8_t *temp; + uint32_t rc = NSSCS_SUCCESS; + +/* ############################## CODE STARTS HERE ############################ */ len = *valueLen; temp = malloc(len+1); - if (temp) + if(temp) { for(k = i = 0; i < len; i++) { @@ -583,16 +560,24 @@ static int32_t unescapeString(uint8_t *val, uint32_t *valueLen) { temp[k++] = val[i]; } - } // end for ... + } // end for ... + temp[k] = '\0'; - sscs_Utf8Strcpy(val, temp); *valueLen = k+1; + sscs_Utf8Strncpy(val, temp, *valueLen); + + memset(temp, 0, *valueLen); free(temp); return rc; } - else - return NSSCS_E_PARSER_FAILURE; -} + else + { + return NSSCS_E_PARSER_FAILURE; + } + +/* ############################### CODE ENDS HERE ############################# */ +} /* end of sscs_UnescapeString */ + /* @@ -606,7 +591,9 @@ static int32_t sscsshs_ParseSecretBuf ( int32_t *index, int32_t type, + int32_t *keyLen, SS_UTF8_T *key, + int32_t *valLen, SS_UTF8_T *val, SSCS_SECRET_T *secretBuf ) @@ -614,7 +601,7 @@ static int32_t sscsshs_ParseSecretBuf /* ########################## DECLARATIONS START HERE ######################### */ int32_t i, rc; - int32_t len = sscs_Utf8Strlen((SS_UTF8_T *)secretBuf->data);// + 1; + int32_t len = secretBuf->len; SS_UTF8_T *secBuf = (SS_UTF8_T *)(secretBuf->data); int32_t delimiterIsFound = FALSE; int32_t k = 0; @@ -622,7 +609,7 @@ static int32_t sscsshs_ParseSecretBuf /* ############################## CODE STARTS HERE ############################ */ // if we've exhausted the buffer, get out. - if (*index >= len) + if(*index >= len) { return(NSSCS_E_OBJECT_NOT_FOUND); } @@ -692,6 +679,7 @@ static int32_t sscsshs_ParseSecretBuf } } + *keyLen = k+1; *index = i; // extract the value @@ -774,15 +762,17 @@ static int32_t sscsshs_ParseSecretBuf rc = NSSCS_SUCCESS; break; } - else { val[k] = secBuf[i]; k++; } } + + *valLen = k+1; } + *index = i; return(rc); @@ -819,12 +809,12 @@ miCASAOpenSecretStoreCache SSCS_KEYCHAIN_ID_T kc = {0}; SSCS_KEYCHAIN_ID_LIST_T *kcIDList = NULL; uint32_t bytesRequired = 0; - SSCS_SRCH_KEY_T searchKey = {0}; + SSCS_SRCH_KEY_T searchKey = {0}; /* ############################## CODE STARTS HERE ############################ */ searchKey.srchKey[0] = NSSCS_ENUM_DELIM; - searchKey.srchKeyLen = sscs_Utf8Strlen(searchKey.srchKey) + 1; + searchKey.srchKeyLen = sizeof(NSSCS_ENUM_DELIM) + 1; if((ssid == NULL)) { @@ -832,12 +822,8 @@ miCASAOpenSecretStoreCache } else { - if (sscs_Utf8StrSize(ssid->ssName) == 0) - { - // set to default - sscs_Utf8Strcpy(ssid->ssName, SSCS_DEFAULT_SECRETSTORE_ID); - } - + // set to default for now + sscs_Utf8Strncpy(ssid->ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); ssid->version = NSSCS_VERSION_NUMBER; } @@ -908,7 +894,7 @@ miCASAOpenSecretStoreCache // For Phase one only add ssFlags |= SSCS_SESSION_KEY_CHAIN_F; - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); + sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); kc.len = SSCS_S_KC_ID_CHARS; if(sscs_CacheAddKeychain(storeContext->ssHandle, ssFlags, &kc, NULL)) { @@ -1022,7 +1008,7 @@ miCASAReadSecret SS_UTF8_T *escapedSHSName = NULL, *key = NULL; SSCS_SECRET_T secBuf = {0}; uint8_t *val = NULL; - uint32_t vLen = 0; + uint32_t vLen = 0, kLen = 0; uint32_t bytesRequired = 0; SSCS_CONTEXT_T *storeContext = (SSCS_CONTEXT_T *)context; @@ -1067,11 +1053,18 @@ miCASAReadSecret memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); - // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); - sscsshs_ChkEscapeString(&escapedSHSName); + // escape delimited characters + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + + memcpy(escapedSHSName, sharedSecretID->name, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; @@ -1079,24 +1072,24 @@ miCASAReadSecret if(SSCS_APPLICATION_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED, SSCS_APP_SECRET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_APP_SECRET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_CREDENTIAL_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_BINARY_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED, SSCS_BINARY_CHARS_DELIMITED); sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_BINARY_CHARS_DELIMITED + escNameLen - 1; } else { @@ -1112,16 +1105,16 @@ miCASAReadSecret if(SSCS_BINARY_TYPE_F & sharedSecretID->type) { - if((rc = sscsshs_ParseBinarySecretBuf(key, &vLen, val, &secBuf)) == NSSCS_SUCCESS) + if((rc = sscsshs_ParseBinarySecretBuf(&kLen, key, &vLen, val, &secBuf)) == NSSCS_SUCCESS) { - rc = sscsshs_AddSHSBinaryEntry((LL_LINKLIST_T *)secretHandle, key, vLen, val); + rc = sscsshs_AddSHSBinaryEntry((LL_LINKLIST_T *)secretHandle, kLen, key, vLen, val); } } else { - while ((rc = sscsshs_ParseSecretBuf(&index, sharedSecretID->type, key, (SS_UTF8_T *)val, &secBuf)) == NSSCS_SUCCESS) + while ((rc = sscsshs_ParseSecretBuf(&index, sharedSecretID->type, &kLen, key, &vLen, (SS_UTF8_T *)val, &secBuf)) == NSSCS_SUCCESS) { - if(rc = sscsshs_AddSHSEntry((LL_LINKLIST_T *)secretHandle, key, val)) + if(rc = sscsshs_AddSHSEntry((LL_LINKLIST_T *)secretHandle, kLen, key, vLen, val)) { goto errorLevel1; } @@ -1131,8 +1124,10 @@ miCASAReadSecret } // did we exhaust the buffer? - if (rc == NSSCS_E_OBJECT_NOT_FOUND) - rc = NSSCS_SUCCESS; + if(rc == NSSCS_E_OBJECT_NOT_FOUND) + { + rc = NSSCS_SUCCESS; + } } /* ############################### CODE EXITS HERE ############################# */ @@ -1236,37 +1231,43 @@ miCASARemoveSecret memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); - // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); - sscsshs_ChkEscapeString(&escapedSHSName); + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + + memcpy(escapedSHSName, sharedSecretID->name, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; } - + if(SSCS_APPLICATION_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED, SSCS_APP_SECRET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_APP_SECRET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_CREDENTIAL_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_BINARY_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED, SSCS_BINARY_CHARS_DELIMITED); sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_BINARY_CHARS_DELIMITED + escNameLen - 1; } else { @@ -1337,8 +1338,8 @@ miCASAWriteSecret SSCS_SECRET_ID_T secretID = {0}; SS_UTF8_T *escapedSHSName = NULL, *key = NULL; SSCS_SECRET_T secBuf = {0}; - uint8_t *val = NULL; - SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context; + uint8_t *val = NULL; + SSCS_CONTEXT_T *storeContext = (SSCS_CONTEXT_T *)context; /* ############################## CODE STARTS HERE ############################ */ @@ -1378,16 +1379,23 @@ miCASAWriteSecret memset(key, 0, NSSCS_MAX_SECRET_ID_LEN); memset(val, 0, NSSCS_MAX_SECRET_BUF_LEN); memset(secBuf.data, 0, NSSCS_MAX_SECRET_BUF_LEN + - sizeof((LL_LINKLIST_T*)secretHandle + sizeof(SSCS_SH_SECRET_ID_T))) ; + sizeof((LL_LINKLIST_T *)secretHandle + sizeof(SSCS_SH_SECRET_ID_T))); memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->name, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->name)); - sscsshs_ChkEscapeString(&escapedSHSName); + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + + memcpy(escapedSHSName, sharedSecretID->name, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; @@ -1395,37 +1403,37 @@ miCASAWriteSecret if(SSCS_APPLICATION_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_APP_SECRET_DELIMITED, SSCS_APP_SECRET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_APP_SECRET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_CREDENTIAL_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; } else if(SSCS_BINARY_TYPE_F & sharedSecretID->type) { - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED); + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_BINARY_SECRET_DELIMITED, SSCS_BINARY_CHARS_DELIMITED); sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + secretID.len = SSCS_BINARY_CHARS_DELIMITED + escNameLen - 1; } else { rc = NSSCS_E_NOT_SUPPORTED; goto errorLevel1; } - + secBuf.len = 0; if(sharedSecretID->type & SSCS_BINARY_TYPE_F) { if(!(sscsshs_GetNextSHSEntry(1, (LL_LINKLIST_T *)secretHandle, &kLen, key, &vLen, (char *)val))) { - if(rc = sscsshs_PopulateBinarySecretBuf(sharedSecretID->type, key, vLen, val, &secBuf.len, secBuf.data)) + if(rc = sscsshs_PopulateBinarySecretBuf(sharedSecretID->type, &kLen, key, vLen, val, &secBuf.len, secBuf.data)) { goto errorLevel1; } @@ -1444,7 +1452,8 @@ miCASAWriteSecret { if(kLen > 2) { - if(rc = sscsshs_PopulateSecretBuf(sharedSecretID->type, key, (SS_UTF8_T *)val, &secBuf.len, (SS_UTF8_T *)secBuf.data)) + if(rc = sscsshs_PopulateSecretBuf(sharedSecretID->type, &kLen, key, &vLen, (SS_UTF8_T *)val, + &secBuf.len, (SS_UTF8_T *)secBuf.data)) { goto errorLevel1; } @@ -1458,7 +1467,8 @@ miCASAWriteSecret { if(kLen > 2) { - if(rc = sscsshs_PopulateSecretBuf(sharedSecretID->type, key, (SS_UTF8_T *)val, &secBuf.len, (SS_UTF8_T *)secBuf.data)) + if(rc = sscsshs_PopulateSecretBuf(sharedSecretID->type, &kLen, key, &vLen, (SS_UTF8_T *)val, + &secBuf.len, (SS_UTF8_T *)secBuf.data)) { goto errorLevel1; } @@ -1532,10 +1542,10 @@ miCASAWriteKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t valLen, SSCS_PASSWORD_T * epPassword, SSCS_EXT_T * ext ) @@ -1553,12 +1563,22 @@ miCASAWriteKey /* ############################## CODE STARTS HERE ############################ */ // readData and epPassword are optional parameters - if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL)) + if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) + || (key == NULL) || (val == NULL) || (valLen == 0)) { return(NSSCS_E_INVALID_PARAM); } - secretID.len = NSSCS_MAX_SECRET_ID_LEN; + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if ((keyLen > NSSCS_MAX_SECRET_ID_LEN/4) || (valLen > NSSCS_MAX_SECRET_BUF_LEN/4)) + { + return(NSSCS_E_BUFFER_LEN); + } + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { @@ -1566,13 +1586,13 @@ miCASAWriteKey goto errorLevel2; } - if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { rc = NSSCS_E_SYSTEM_FAILURE; goto errorLevel1; } - if((escapedSHSValue = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + if((escapedSHSValue = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_BUF_LEN)) == NULL) { rc = NSSCS_E_SYSTEM_FAILURE; goto errorLevel1; @@ -1581,30 +1601,32 @@ miCASAWriteKey memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); - memset(escapedSHSValue, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); + memset(escapedSHSValue, 0, NSSCS_MAX_SECRET_BUF_LEN); + // escape delimited characters + memcpy(escapedSHSName, sharedSecretID->id, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); - sscsshs_ChkEscapeString(&escapedSHSName); + memcpy(escapedSHSKey, key, keyLen); + sscsshs_ChkEscapeString(&escapedSHSKey, &keyLen); - memcpy(escapedSHSKey, key, keyLen); - sscsshs_ChkEscapeString(&escapedSHSKey); - - memcpy(escapedSHSValue, val, valLen); - sscsshs_ChkEscapeString(&escapedSHSValue); + // escape delimited characters + memcpy(escapedSHSValue, val, valLen); + sscsshs_ChkEscapeString(&escapedSHSValue, &valLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; } // convert to a SSCS_CRED_SET - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; //rc = sscs_CacheWriteSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, epPassword, ext); // -1 to prevent the null from being cached in micasad @@ -1615,9 +1637,9 @@ miCASAWriteKey keyChainID, &secretID, escapedSHSKey, - sscs_Utf8Strlen(escapedSHSKey), + keyLen-1, // NOTE: micasad not saving NULL on key and value escapedSHSValue, - sscs_Utf8Strlen(escapedSHSValue), + valLen-1, // NOTE: micasad not saving NULL on key and value epPassword, ext); @@ -1630,15 +1652,15 @@ errorLevel1: free(escapedSHSName); } - if (escapedSHSKey) + if(escapedSHSKey) { - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); free(escapedSHSKey); } - if (escapedSHSValue) + if(escapedSHSValue) { - memset(escapedSHSValue, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSValue, 0, NSSCS_MAX_SECRET_BUF_LEN); free(escapedSHSValue); } @@ -1688,12 +1710,22 @@ miCASAWriteBinaryKey /* ############################## CODE STARTS HERE ############################ */ // readData and epPassword are optional parameters - if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) || (key == NULL)) + if((context == NULL) || (keyChainID == NULL) || (sharedSecretID == NULL) + || (key == NULL) || (val == NULL) || (valLen == 0)) { return(NSSCS_E_INVALID_PARAM); } - secretID.len = NSSCS_MAX_SECRET_ID_LEN; + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if ((keyLen > NSSCS_MAX_SECRET_ID_LEN/4) || (*valLen > NSSCS_MAX_SECRET_BUF_LEN/4)) + { + return(NSSCS_E_BUFFER_LEN); + } + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { @@ -1711,23 +1743,30 @@ miCASAWriteBinaryKey memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); - // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); - sscsshs_ChkEscapeString(&escapedSHSName); + // escape delimited characters + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + + memcpy(escapedSHSName, sharedSecretID->id, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); memcpy(escapedSHSKey, key, keyLen); - sscsshs_ChkEscapeString(&escapedSHSKey); + sscsshs_ChkEscapeString(&escapedSHSKey, &keyLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; } // convert to a SSCS_CRED_SET - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; //rc = sscs_CacheWriteSecret(storeContext->ssHandle, ssFlags, keyChainID, &secretID, &secBuf, epPassword, ext); // -1 to prevent the null from being cached in micasad @@ -1738,7 +1777,7 @@ miCASAWriteBinaryKey keyChainID, &secretID, escapedSHSKey, - sscs_Utf8Strlen(escapedSHSKey), + escNameLen, val, *valLen, epPassword, @@ -1753,9 +1792,9 @@ errorLevel1: free(escapedSHSName); } - if (escapedSHSKey) + if(escapedSHSKey) { - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); free(escapedSHSKey); } @@ -1765,6 +1804,9 @@ errorLevel2: /* ############################### CODE ENDS HERE ############################# */ } //* end of miCASAWriteBinaryKey + + + /* * NAME - miCASAReadKey @@ -1781,10 +1823,10 @@ miCASAReadKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t * valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, SSCS_PASSWORD_T * epPassword, uint32_t * bytesRequired, SSCS_EXT_T * ext @@ -1797,7 +1839,7 @@ miCASAReadKey SSCS_SECRET_ID_T secretID = {0}; SS_UTF8_T *escapedSHSName = NULL; SS_UTF8_T *escapedSHSKey = NULL; - SSCS_CONTEXT_T * storeContext = (SSCS_CONTEXT_T *)context; + SSCS_CONTEXT_T *storeContext = (SSCS_CONTEXT_T *)context; /* ############################## CODE STARTS HERE ############################ */ @@ -1807,20 +1849,23 @@ miCASAReadKey return(NSSCS_E_INVALID_PARAM); } - if (keyLen > NSSCS_MAX_SECRET_ID_LEN) + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if (keyLen > NSSCS_MAX_SECRET_ID_LEN/4) { - return(NSSCS_E_SECRET_ID_TOO_LONG); + return(NSSCS_E_BUFFER_LEN); } - secretID.len = NSSCS_MAX_SECRET_ID_LEN; - if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { rc = NSSCS_E_SYSTEM_FAILURE; goto errorLevel2; } - if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { rc = NSSCS_E_SYSTEM_FAILURE; goto errorLevel1; @@ -1828,42 +1873,48 @@ miCASAReadKey memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); - // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); - sscsshs_ChkEscapeString(&escapedSHSName); + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + rc = NSSCS_E_BUFFER_LEN; + goto errorLevel1; + } + memcpy(escapedSHSName, sharedSecretID->id, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); + memcpy(escapedSHSKey, key, keyLen); - sscsshs_ChkEscapeString(&escapedSHSKey); + sscsshs_ChkEscapeString(&escapedSHSKey, &keyLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; } // convert to a SSCS_CRED_SET - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; rc = sscs_CacheReadKey(storeContext->ssHandle, ssFlags, keyChainID, &secretID, escapedSHSKey, - sscs_Utf8Strlen(escapedSHSKey), + keyLen-1, // NOTE: micasad not saving NULL on key and value val, - valLen, + valLen, // NOTE: micasad not saving NULL on key and value epPassword, bytesRequired, ext); - if (rc == NSSCS_SUCCESS) + if(rc == NSSCS_SUCCESS) { - unescapeString(val, valLen); + sscs_UnescapeString(val, valLen); } /* ############################### CODE EXITS HERE ############################# */ @@ -1875,9 +1926,9 @@ errorLevel1: free(escapedSHSName); } - if (escapedSHSKey) + if(escapedSHSKey) { - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); free(escapedSHSKey); } @@ -1929,8 +1980,17 @@ miCASAReadBinaryKey { return(NSSCS_E_INVALID_PARAM); } - - secretID.len = NSSCS_MAX_SECRET_ID_LEN; + + if(sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + + if (keyLen > NSSCS_MAX_SECRET_ID_LEN/4) + { + return(NSSCS_E_BUFFER_LEN); + } + if((escapedSHSName = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { @@ -1938,7 +1998,7 @@ miCASAReadBinaryKey goto errorLevel2; } - if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_PASSCODE_LEN)) == NULL) + if((escapedSHSKey = (SS_UTF8_T *) malloc(NSSCS_MAX_SECRET_ID_LEN)) == NULL) { rc = NSSCS_E_SYSTEM_FAILURE; goto errorLevel1; @@ -1946,33 +2006,32 @@ miCASAReadBinaryKey memset(secretID.id, 0, NSSCS_MAX_SECRET_ID_LEN); memset(escapedSHSName, 0, NSSCS_MAX_SECRET_ID_LEN); - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); - - // escape delimited characters - memcpy(escapedSHSName, sharedSecretID->id, sscs_Utf8StrSize((SS_UTF8_T *)sharedSecretID->id)); - sscsshs_ChkEscapeString(&escapedSHSName); + memcpy(escapedSHSName, sharedSecretID->id, sharedSecretID->len); + escNameLen = sharedSecretID->len; + sscsshs_ChkEscapeString(&escapedSHSName, &escNameLen); memcpy(escapedSHSKey, key, keyLen); - sscsshs_ChkEscapeString(&escapedSHSKey); + sscsshs_ChkEscapeString(&escapedSHSKey, &keyLen); - if((escNameLen = sscs_Utf8Strlen((SS_UTF8_T *)escapedSHSName)) < 1) + if(escNameLen < 1) { rc = NSSCS_E_SECRET_ID_TOO_SHORT; goto errorLevel1; } // convert to a SSCS_CRED_SET - sscs_Utf8Strcpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED); - sscs_Utf8Strcat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName); - secretID.len = sscs_Utf8Strlen((SS_UTF8_T *)secretID.id) + 1; + sscs_Utf8Strncpy((SS_UTF8_T *)secretID.id, SSCS_CRED_SET_DELIMITED, SSCS_CRED_SET_CHARS_DELIMITED); + sscs_Utf8Strncat((SS_UTF8_T *)secretID.id, (SS_UTF8_T *)escapedSHSName, escNameLen); + secretID.len = SSCS_CRED_SET_CHARS_DELIMITED + escNameLen - 1; rc = sscs_CacheReadBinaryKey(storeContext->ssHandle, ssFlags, keyChainID, &secretID, escapedSHSKey, - sscs_Utf8Strlen(escapedSHSKey), + keyLen, val, valLen, epPassword, @@ -1988,9 +2047,9 @@ errorLevel1: free(escapedSHSName); } - if (escapedSHSKey) + if(escapedSHSKey) { - memset(escapedSHSKey, 0, NSSCS_MAX_PASSCODE_LEN); + memset(escapedSHSKey, 0, NSSCS_MAX_SECRET_ID_LEN); free(escapedSHSKey); } @@ -2180,7 +2239,7 @@ miCASARemoveSecretStore /* - * NAME - miCASAMasterPassword + * NAME - miCASASetMasterPassword * * DESCRIPTION * @@ -2189,38 +2248,37 @@ miCASARemoveSecretStore SSCS_GLOBAL_LIBCALL(int32_t) miCASASetMasterPassword ( - uint32_t ssFlags, - SSCS_PASSWORD_T *passwd, - SSCS_HINT_T *hint, - SSCS_EXT_T *ext + uint32_t ssFlags, + SSCS_PASSWORD_T *passwd, + SSCS_HINT_T *hint, + SSCS_EXT_T *ext ) { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ -int32_t rc = 0; - void *context = NULL; - - SSCS_SECRETSTORE_T store = {0}; - // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); - store.version = 1; - context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); - - if((context == NULL) || (passwd == NULL)) - { - return(NSSCS_E_INVALID_PARAM); - } - rc = sscs_SetMasterPassword(((SSCS_CONTEXT_T*)context)->ssHandle,passwd,hint, NULL); - // close the secretstore - miCASACloseSecretStoreCache(context, ssFlags, NULL); - return(rc); - - + + int32_t rc = 0; + void *context = NULL; + SSCS_SECRETSTORE_T store = {0}; + /* ############################## CODE STARTS HERE ############################ */ - - return(NSSCS_E_NOT_IMPLEMENTED); + + // open secretStore + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); + store.version = 1; -/* ############################### CODE EXITS HERE ############################# */ + context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + + if((context == NULL) || (passwd == NULL)) + { + return(NSSCS_E_INVALID_PARAM); + } + + rc = sscs_SetMasterPassword(((SSCS_CONTEXT_T*)context)->ssHandle, passwd, hint, NULL); + // close the secretstore + miCASACloseSecretStoreCache(context, ssFlags, NULL); + + return(rc); /* ########################## CODE ENDS HERE ##################### */ } //* end of miCASASetMasterPassword @@ -2554,17 +2612,10 @@ miCASA_GetNextSHSEntry if(keyVal->kLen > 1) { *keyLen = keyVal->kLen; - sscs_Utf8Strcpy(key, keyVal->key); + sscs_Utf8Strncpy(key, keyVal->key, *keyLen); *valLen = keyVal->vLen; - if(sscs_Utf8Strncmp(keyVal->key, SSCS_BINARY_SECRET, SSCS_BINARY_CHARS)) - { - // if binary value just copy - memcpy(val, keyVal->value, keyVal->vLen); - } - else - { - sscs_Utf8Strcpy((SS_UTF8_T *)val, (SS_UTF8_T *)keyVal->value); - } + // if binary value just copy + memcpy(val, keyVal->value, keyVal->vLen); for(n = 0; n < (int32_t)*keyLen - 2; n++) { @@ -2610,7 +2661,8 @@ miCASA_GetNextSHSEntry SSCS_GLOBAL_LIBCALL(int32_t) miCASA_AddSHSEntry ( - void *secretHandle, + void *secretHandle, + uint32_t keyLen, SS_UTF8_T *key, uint32_t valueLen, uint8_t *value @@ -2618,7 +2670,6 @@ miCASA_AddSHSEntry { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ - uint32_t keyLen = sscs_Utf8Strlen(key) + 1; int32_t rc = NSSCS_LL_SUCCESS; /* ############################## CODE STARTS HERE ############################ */ @@ -2658,7 +2709,8 @@ miCASA_AddSHSEntry SSCS_GLOBAL_LIBCALL(int32_t) miCASA_RemoveSHSEntry ( - void *secretHandle, + void *secretHandle, + uint32_t keyLen, SS_UTF8_T *key, uint32_t valueLen, uint8_t *value @@ -2667,7 +2719,6 @@ miCASA_RemoveSHSEntry /* ########################## DECLARATIONS START HERE ######################### */ int32_t rc; - uint32_t keyLen = sscs_Utf8StrSize(key); /* ############################## CODE STARTS HERE ############################ */ @@ -2681,11 +2732,11 @@ miCASA_RemoveSHSEntry /* ##################################################################################### */ /* ######################### INTERNAL MANAGED CODE STARTS HERE ######################### */ /* ##################################################################################### */ + static int32_t sscsshs_GetUsernamePassword ( void *secretHandle, - long unFlags, SSCS_BASIC_CREDENTIAL *basicCred ) { /* beginning of the call */ @@ -2695,9 +2746,10 @@ static int32_t sscsshs_GetUsernamePassword int32_t userFound = 0, passFound = 0; SS_UTF8_T *key = NULL; uint8_t *value = NULL; + uint32_t unkLen = 0; uint32_t kLen = 0; uint32_t vLen = 0; - + SS_UTF8_T *usernameKeyname; // = SSCS_USERNAME_OTHER; /* ############################## CODE STARTS HERE ############################ */ @@ -2714,47 +2766,66 @@ static int32_t sscsshs_GetUsernamePassword } // determine username key name, ie CN, LDAPDN, etc - if (unFlags & USERNAME_TYPE_NDS_DN_F) - usernameKeyname = SHS_DN_NDAP; - else if (basicCred->unFlags & USERNAME_TYPE_NDS_FDN_F) + if(basicCred->unFlags & USERNAME_TYPE_NDS_DN_F) + { + usernameKeyname = SHS_DN_NDAP; + unkLen = SHS_DNNDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_NDS_FDN_F) + { usernameKeyname = SHS_FDN_NDAP; - else if (unFlags & USERNAME_TYPE_LDAP_DN_F) + unkLen = SHS_FDNNDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_LDAP_DN_F) + { usernameKeyname = SHS_DN_LDAP; - else if (unFlags & USERNAME_TYPE_EMAIL_F) + unkLen = SHS_DNLDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_EMAIL_F) + { usernameKeyname = SHS_EMAIL; - else if (unFlags & USERNAME_TYPE_OTHER_F) + unkLen = SHS_EMAIL_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_OTHER_F) + { usernameKeyname = SHS_OTHER; + unkLen = SHS_OTHER_LEN; + } else + { usernameKeyname = SHS_CN; + unkLen = SHS_CN_LEN; + } // enumerate this list looking for username and password if(!(rcode = miCASA_GetNextSHSEntry(1, secretHandle, &kLen, key, &vLen, value))) { do { - if(sscs_Utf8Strlen(key) == 0) + if(kLen == 0) { break; } - if (!sscs_Utf8Strcmp(key, usernameKeyname)) + if(!sscs_Utf8Strncmp(key, usernameKeyname, unkLen)) { userFound = 1; - sscs_Utf8Strcpy((SS_UTF8_T *)basicCred->username, (SS_UTF8_T *)value); + sscs_Utf8Strncpy((SS_UTF8_T *)basicCred->username, (SS_UTF8_T *)value, vLen); basicCred->unLen = vLen; } - if (!sscs_Utf8Strcmp(key, SHS_PASSWORD)) + if(!sscs_Utf8Strncmp(key, SHS_PASSWORD, SHS_PASSWORD_LEN)) { passFound = 1; - sscs_Utf8Strcpy((SS_UTF8_T *)basicCred->password, (SS_UTF8_T *)value); + sscs_Utf8Strncpy((SS_UTF8_T *)basicCred->password, (SS_UTF8_T *)value, vLen); basicCred->pwordLen = vLen; } - if (userFound && passFound) - break; + if(userFound && passFound) + { + break; + } - // clear the buffers memset(key, 0, NSSCS_MAX_SECRET_ID_LEN); memset(value, 0, NSSCS_MAX_SECRET_BUF_LEN); @@ -2765,16 +2836,24 @@ static int32_t sscsshs_GetUsernamePassword } + memset(key, 0, NSSCS_MAX_SECRET_ID_LEN); free(key); + memset(value, 0, NSSCS_MAX_SECRET_BUF_LEN); free(value); - if (userFound && passFound) + if(userFound && passFound) + { return NSSCS_SUCCESS; + } else + { return NSSCS_E_INVALID_SECRET_ID; - + } + /* ############################### CODE ENDS HERE ############################# */ } // end of sscsshs_GetUsernamePassword + + /* @@ -2786,7 +2865,8 @@ static int32_t sscsshs_GetUsernamePassword */ static int32_t sscsshs_GetCredSetName ( - void *secretHandle, + void *secretHandle, + uint32_t *credSetNameLen, uint8_t *credSetName ) { /* beginning of the call */ @@ -2814,13 +2894,16 @@ static int32_t sscsshs_GetCredSetName // enumerate this list looking for username and password if(!(rcode = miCASA_GetNextSHSEntry(1, secretHandle, &kLen, key, &vLen, value))) { - if(sscs_Utf8Strlen(key) != 0) + if(kLen) { - sscs_Utf8Strcpy((SS_UTF8_T *)credSetName, (SS_UTF8_T *)value); + sscs_Utf8Strncpy((SS_UTF8_T *)credSetName, (SS_UTF8_T *)value, vLen); + *credSetNameLen = vLen; } } + memset(key, 0, NSSCS_MAX_SECRET_ID_LEN); free(key); + memset(value, 0, NSSCS_MAX_SECRET_BUF_LEN); free(value); return rcode; @@ -2828,6 +2911,8 @@ static int32_t sscsshs_GetCredSetName /* ############################### CODE ENDS HERE ############################# */ } // end of sscsshs_GetCredSetName + + /* ################################################################################# */ @@ -2866,8 +2951,8 @@ miCASAGetCredential { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ - void *context; - int32_t rcode = 0; + void *context; + int32_t rcode = 0; SSCS_SECRETSTORE_T store = {0}; SSCS_SH_SECRET_ID_T secID = {0}; @@ -2882,22 +2967,36 @@ miCASAGetCredential /* ############################## CODE STARTS HERE ############################ */ // check params - if ((appSecretID == NULL) || (credential == NULL)) + if((appSecretID == NULL) || (credential == NULL)) { return(NSSCS_E_INVALID_PARAM); + } + + if (appSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return NSSCS_E_BUFFER_LEN; + } + + if ((sharedSecretID) && (sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4)) + { + return NSSCS_E_BUFFER_LEN; } // set default keychain - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); kc.len = SSCS_S_KC_ID_CHARS; - + sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); store.version = 1; context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + + if(context == NULL) + { + return NSSCS_E_SYSTEM_FAILURE; + } - if (*credentialType == SSCS_CRED_TYPE_BINARY_F) + if(*credentialType == SSCS_CRED_TYPE_BINARY_F) { // first check appSecretID rcode = miCASAReadBinaryKey( @@ -2913,7 +3012,7 @@ miCASAGetCredential &bytesRequired, ext); - if ((rcode != NSSCS_SUCCESS) && (sharedSecretID != NULL)) + if((rcode != NSSCS_SUCCESS) && (sharedSecretID != NULL)) { // try shared if set rcode = miCASAReadBinaryKey( @@ -2936,105 +3035,116 @@ miCASAGetCredential // create a SHS Handle secretHandle = miCASA_CreateSHSHandle(); - if (secretHandle == NULL) + if(secretHandle == NULL) + { return NSSCS_E_SYSTEM_FAILURE; - + } // 1&2. look up the SS_App for this secretID, if not found use the sharedSecretID - - secID.type = SSCS_APPLICATION_TYPE_F; + secID.type = SSCS_APPLICATION_TYPE_F; secID.len = appSecretID->len; - sscs_Utf8Strcpy(secID.name, appSecretID->id); + sscs_Utf8Strncpy(secID.name, appSecretID->id, appSecretID->len); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { // we found a link for this app which should be a SS_CredSet secretID. // Get the key called SS_CredSet, it's value is the CredSet ID - rcode = sscsshs_GetCredSetName(secretHandle, secID.name); + rcode = sscsshs_GetCredSetName(secretHandle, &secID.len, secID.name); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { - - if (secretHandle) + if(secretHandle) + { miCASA_DestroySHSHandle(secretHandle); + } + secretHandle = miCASA_CreateSHSHandle(); - // read credset for this app secID.type = SSCS_CREDENTIAL_TYPE_F; - secID.len = sscs_Utf8Strlen(secID.name); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { // read the username and password - rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred->unFlags, basicCred); + rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred); } } } // 3. if we still don't have a secret, try the SS_CredSet for the appSecretID - if (rcode) + if(rcode) { - if (secretHandle) - miCASA_DestroySHSHandle(secretHandle); + if(secretHandle) + { + miCASA_DestroySHSHandle(secretHandle); + } + secretHandle = miCASA_CreateSHSHandle(); // read credset for this app secID.type = SSCS_CREDENTIAL_TYPE_F; - secID.len = sscs_Utf8Strlen(appSecretID->id); - sscs_Utf8Strcpy(secID.name, appSecretID->id); + secID.len = appSecretID->len; + sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { // read the username and password - rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred->unFlags, basicCred); + rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred); } } // 4. if still no secret, did caller pass in a suggested sharedSecretID? - if (rcode && sharedSecretID) + if(rcode && sharedSecretID) { // let's look for it. - secID.type = SSCS_CREDENTIAL_TYPE_F; + secID.type = SSCS_CREDENTIAL_TYPE_F; secID.len = sharedSecretID->len; - sscs_Utf8Strcpy(secID.name, sharedSecretID->id); + sscs_Utf8Strncpy(secID.name, sharedSecretID->id, secID.len); // get a new handle - if (secretHandle) + if(secretHandle) + { miCASA_DestroySHSHandle(secretHandle); + } + secretHandle = miCASA_CreateSHSHandle(); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { //get the username and password - rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred->unFlags, basicCred); + rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred); } } // if we still haven't found a credential, return the default credential - if (rcode) + if(rcode) { secID.type = SSCS_CREDENTIAL_TYPE_F; secID.len = SECRET_ID_DEFAULT_LEN; - sscs_Utf8Strcpy(secID.name, SECRET_ID_DEFAULT); + sscs_Utf8Strncpy(secID.name, SECRET_ID_DEFAULT, secID.len); + + if(secretHandle) + { + miCASA_DestroySHSHandle(secretHandle); + } - if (secretHandle) - miCASA_DestroySHSHandle(secretHandle); secretHandle = miCASA_CreateSHSHandle(); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { - rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred->unFlags, basicCred); + rcode = sscsshs_GetUsernamePassword(secretHandle, basicCred); } } - if (secretHandle) - miCASA_DestroySHSHandle(secretHandle); + if(secretHandle) + { + miCASA_DestroySHSHandle(secretHandle); + } miCASACloseSecretStoreCache(context, ssFlags, NULL); return rcode; @@ -3072,9 +3182,9 @@ miCASASetCredential { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ - void *context; - int32_t rcode = 0; - int32_t vLen = 0; + void *context; + int32_t rcode = 0; + int32_t vLen = 0; SSCS_SECRETSTORE_T store = {0}; SSCS_SH_SECRET_ID_T secID = {0}; @@ -3082,40 +3192,51 @@ miCASASetCredential SSCS_READEXT_T readData = {0}; SSCS_KEYCHAIN_ID_T kc = {0}; - SS_UTF8_T *usernameKeyname; // = SSCS_USERNAME_OTHER; + SS_UTF8_T *usernameKeyname; // = SSCS_USERNAME_OTHER; + uint32_t kLen = 0; + uint32_t unkLen = 0; - SSCS_CONTEXT_T *storeContext; + SSCS_CONTEXT_T *storeContext; /* ############################## CODE STARTS HERE ############################ */ SSCS_BASIC_CREDENTIAL *basicCred; SSCS_BINARY_CREDENTIAL *binaryCred; - // check params - if ((appSecretID == NULL) || (credential == NULL)) + if((appSecretID == NULL) || (credential == NULL)) { return(NSSCS_E_INVALID_PARAM); - } + } + + if (appSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return NSSCS_E_BUFFER_LEN; + } + + if ((sharedSecretID) && (sharedSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4)) + { + return NSSCS_E_BUFFER_LEN; + } + + // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); store.version = 1; context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); storeContext = (SSCS_CONTEXT_T *)context; - if (context == NULL) + if(context == NULL) { return NSSCS_E_SYSTEM_FAILURE; } - - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); kc.len = SSCS_S_KC_ID_CHARS; + sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); - - if (credentialType == SSCS_CRED_TYPE_BINARY_F) + if(credentialType == SSCS_CRED_TYPE_BINARY_F) { binaryCred = (SSCS_BINARY_CREDENTIAL *)credential; @@ -3140,92 +3261,113 @@ miCASASetCredential } else - + { basicCred = (SSCS_BASIC_CREDENTIAL *)credential; - - + } + // determine username key name, ie CN, LDAPDN, etc - if (basicCred->unFlags & USERNAME_TYPE_NDS_DN_F) - usernameKeyname = SHS_DN_NDAP; - else if (basicCred->unFlags & USERNAME_TYPE_NDS_FDN_F) + if(basicCred->unFlags & USERNAME_TYPE_NDS_DN_F) + { + usernameKeyname = SHS_DN_NDAP; + unkLen = SHS_DNNDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_NDS_FDN_F) + { usernameKeyname = SHS_FDN_NDAP; - else if (basicCred->unFlags & USERNAME_TYPE_LDAP_DN_F) - usernameKeyname = SHS_DN_LDAP; - else if (basicCred->unFlags & USERNAME_TYPE_EMAIL_F) + unkLen = SHS_FDNNDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_LDAP_DN_F) + { + usernameKeyname = SHS_DN_LDAP; + unkLen = SHS_DNLDAP_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_EMAIL_F) + { usernameKeyname = SHS_EMAIL; - else if (basicCred->unFlags & USERNAME_TYPE_OTHER_F) + unkLen = SHS_EMAIL_LEN; + } + else if(basicCred->unFlags & USERNAME_TYPE_OTHER_F) + { usernameKeyname = SHS_OTHER; + unkLen = SHS_OTHER_LEN; + } else + { usernameKeyname = SHS_CN; - - + unkLen = SHS_CN_LEN; + } // create a SHS Handle secretHandle = miCASA_CreateSHSHandle(); - if (secretHandle == NULL) + if(secretHandle == NULL) + { return NSSCS_E_SYSTEM_FAILURE; + } // 1&2. Look up the SS_App for this secretID in case we should use an shared override, // if not found use the sharedSecretID passed in. - secID.type = SSCS_APPLICATION_TYPE_F; secID.len = appSecretID->len; - sscs_Utf8Strcpy(secID.name, appSecretID->id); + sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { // we found a link for this app which should be a SS_CredSet secretID. // Get the key called SS_CredSet, it's value is the CredSet ID - rcode = sscsshs_GetCredSetName(secretHandle, (uint8_t*)secID.name); + rcode = sscsshs_GetCredSetName(secretHandle, &secID.len, (uint8_t*)secID.name); - if (rcode == NSSCS_SUCCESS) + if(rcode == NSSCS_SUCCESS) { - if (secretHandle) - miCASA_DestroySHSHandle(secretHandle); + if(secretHandle) + { + miCASA_DestroySHSHandle(secretHandle); + } + secretHandle = miCASA_CreateSHSHandle(); // read credset for this app secID.type = SSCS_CREDENTIAL_TYPE_F; secID.len = secID.len; rcode = miCASAReadSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, &readData, NULL); - - + // set the username and password - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->username) + 1) * sizeof(SS_UTF8_T); - miCASA_AddSHSEntry(secretHandle, usernameKeyname, vLen, basicCred->username); + vLen = basicCred->unLen; + miCASA_AddSHSEntry(secretHandle, unkLen, usernameKeyname, vLen, basicCred->username); - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->password) + 1) * sizeof(SS_UTF8_T); - miCASA_AddSHSEntry(secretHandle, SHS_PASSWORD, vLen, basicCred->password); + vLen = basicCred->pwordLen; + miCASA_AddSHSEntry(secretHandle, SHS_PASSWORD_LEN , SHS_PASSWORD, vLen, basicCred->password); rcode = miCASAWriteSecret(context, &kc, ssFlags, secretHandle, &secID, NULL, ext); } } // 3. did caller pass in a suggested sharedSecretID? - if (rcode && sharedSecretID) + if(rcode && sharedSecretID) { - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->username) + 1) * sizeof(SS_UTF8_T); - rcode = miCASAWriteKey(context, ssFlags, &kc, sharedSecretID, usernameKeyname, strlen(usernameKeyname)+1, basicCred->username, vLen, NULL, ext); + vLen = basicCred->unLen; + rcode = miCASAWriteKey(context, ssFlags, &kc, sharedSecretID, usernameKeyname, unkLen, basicCred->username, vLen, NULL, ext); - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->password) + 1) * sizeof(SS_UTF8_T); + vLen = basicCred->pwordLen; rcode = miCASAWriteKey(context, ssFlags, &kc, sharedSecretID, SHS_PASSWORD, 9, basicCred->password, vLen, NULL, ext); } // 4. Set the appSecretID at least - if (rcode) + if(rcode) { // write the keys - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->username) + 1) * sizeof(SS_UTF8_T); - rcode = miCASAWriteKey(context, ssFlags, &kc, appSecretID, usernameKeyname, strlen(usernameKeyname)+1, basicCred->username, vLen, NULL, ext); + vLen = basicCred->unLen; + rcode = miCASAWriteKey(context, ssFlags, &kc, appSecretID, usernameKeyname, unkLen, basicCred->username, vLen, NULL, ext); - vLen = (sscs_Utf8Strlen((SS_UTF8_T *)basicCred->password) + 1) * sizeof(SS_UTF8_T); + vLen = basicCred->pwordLen; rcode = miCASAWriteKey(context, ssFlags, &kc, appSecretID, SHS_PASSWORD, 9, basicCred->password, vLen, NULL, ext); } - if (secretHandle) + if(secretHandle) + { miCASA_DestroySHSHandle(secretHandle); + } miCASACloseSecretStoreCache(context, ssFlags, NULL); @@ -3254,28 +3396,43 @@ miCASARemoveCredential { /* beginning of the call */ /* ########################## DECLARATIONS START HERE ######################### */ - void *context; - int32_t rcode = 0; - int32_t vLen = 0; + void *context = NULL; + int32_t rcode = 0; + int32_t vLen = 0; SSCS_SECRETSTORE_T store = {0}; SSCS_KEYCHAIN_ID_T kc = {0}; SSCS_SH_SECRET_ID_T secID = {0}; /* ############################## CODE STARTS HERE ############################ */ + + if(appSecretID == NULL) + { + return(NSSCS_E_INVALID_PARAM); + } + + if(appSecretID->len > NSSCS_MAX_SECRET_ID_LEN/4) + { + return NSSCS_E_BUFFER_LEN; + } // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); store.version = 1; context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); - + + if(context == NULL) + { + return NSSCS_E_SYSTEM_FAILURE; + } + // remove the secret for the appSecretID passed in - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); kc.len = SSCS_S_KC_ID_CHARS; + sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); secID.type = SSCS_CREDENTIAL_TYPE_F; secID.len = appSecretID->len; - sscs_Utf8Strcpy(secID.name, appSecretID->id); + sscs_Utf8Strncpy(secID.name, appSecretID->id, secID.len); rcode = miCASARemoveSecret (context, &kc, ssFlags, &secID, NULL, NULL); @@ -3288,6 +3445,13 @@ miCASARemoveCredential } // end of miCASARemoveCredential +/* + * NAME - miCASASetMasterPasscode + * + * DESCRIPTION + * This call sets the Master Passcode + * + */ SSCS_GLOBAL_LIBCALL(int32_t) miCASASetMasterPasscode ( @@ -3295,62 +3459,96 @@ miCASASetMasterPasscode SSCS_PASSCODE_T *passcode, SSCS_EXT_T *ext ) -{ - int32_t rc = 0; - void *context = NULL; +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + int32_t rc = 0; + void *context = NULL; - SSCS_SECRETSTORE_T store = {0}; - // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); - store.version = 1; - context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + SSCS_SECRETSTORE_T store = {0}; + +/* ############################## CODE STARTS HERE ############################ */ + + if(passcode == NULL) + { + return(NSSCS_E_INVALID_PARAM); + } + + // open secretStore + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); + store.version = 1; + context = miCASAOpenSecretStoreCache(&store, ssFlags, NULL); + + if(context == NULL) + { + return NSSCS_E_SYSTEM_FAILURE; + } - if((context == NULL) || (passcode == NULL)) - { - return(NSSCS_E_INVALID_PARAM); - } - rc = sscs_SetMasterPasscode(((SSCS_CONTEXT_T*)context)->ssHandle,passcode, NULL); - // close the secretstore - miCASACloseSecretStoreCache(context, ssFlags, NULL); - return(rc); + rc = sscs_SetMasterPasscode(((SSCS_CONTEXT_T*)context)->ssHandle,passcode, NULL); + // close the secretstore + miCASACloseSecretStoreCache(context, ssFlags, NULL); + return(rc); +/* ############################### CODE ENDS HERE ############################# */ } //* end of miCASASetMasterPasscode +/* + * NAME - miCASAIsSecretPersistent + * + * DESCRIPTION + * This call checks for the persistence of the secret. + * + */ SSCS_GLOBAL_LIBCALL(int32_t) miCASAIsSecretPersistent ( - uint32_t ssFlags, - SSCS_SECRET_ID_T *secretID, - SSCS_EXT_T *ext + uint32_t ssFlags, + SSCS_SECRET_ID_T *secretID, + SSCS_EXT_T *ext ) -{ - void *context; - int32_t rcode = 0; - SSCS_SECRETSTORE_T store = {0}; - SSCS_KEYCHAIN_ID_T kc = {0}; - SSCS_CONTEXT_T *storeContext; - - if( (ssFlags == 0) && (secretID == NULL) ) +{ /* beginning of the call */ +/* ########################## DECLARATIONS START HERE ######################### */ + + void *context = NULL; + int32_t rcode = 0; + SSCS_SECRETSTORE_T store = {0}; + SSCS_KEYCHAIN_ID_T kc = {0}; + SSCS_CONTEXT_T *storeContext; + +/* ############################## CODE STARTS HERE ############################ */ + + if((ssFlags == 0) && (secretID == NULL)) + { return NSSCS_E_INVALID_PARAM; + } + + if(secretID->len > NSSCS_MAX_SECRET_ID_LEN) + { + return NSSCS_E_BUFFER_LEN; + } // open secretStore - sscs_Utf8Strcpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID); + sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); store.version = 1; context = miCASAOpenSecretStoreCache(&store, 0, NULL); storeContext = (SSCS_CONTEXT_T *)context; - if (context == NULL) + if(context == NULL) { return NSSCS_E_SYSTEM_FAILURE; - } - sscs_Utf8Strcpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID); - kc.len = SSCS_S_KC_ID_CHARS; + } - rcode = sscs_IsSecretPersistent(storeContext->ssHandle,ssFlags,&kc,secretID,ext); + kc.len = SSCS_S_KC_ID_CHARS; + sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, kc.len); + + rcode = sscs_IsSecretPersistent(storeContext->ssHandle, ssFlags, &kc, secretID, ext); miCASACloseSecretStoreCache(context, 0, NULL); return rcode; -} + +/* ############################### CODE ENDS HERE ############################# */ +} // end of miCASAIsSecretPersistent + diff --git a/include/micasa.h b/include/micasa.h index 93bcffd8..cdf760a7 100644 --- a/include/micasa.h +++ b/include/micasa.h @@ -238,7 +238,7 @@ typedef struct _sscs_passcode typedef struct _sscs_secretstore { - uint32_t version; + uint32_t version; SS_UTF8_T ssName[NSSCS_MAX_SECRET_ID_LEN]; } SSCS_SECRETSTORE_T; @@ -455,10 +455,10 @@ miCASAWriteKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t valLen, SSCS_PASSWORD_T * epPassword, SSCS_EXT_T * ext ); @@ -470,10 +470,10 @@ miCASAWriteBinaryKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t * valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, SSCS_PASSWORD_T * epPassword, SSCS_EXT_T * ext ); @@ -485,10 +485,10 @@ miCASAReadKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t * valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, SSCS_PASSWORD_T * epPassword, uint32_t * bytesRequired, SSCS_EXT_T * ext @@ -501,10 +501,10 @@ miCASAReadBinaryKey uint32_t ssFlags, SSCS_KEYCHAIN_ID_T * keyChainID, SSCS_SECRET_ID_T * sharedSecretID, - SS_UTF8_T * key, - uint32_t keyLen, - uint8_t * val, - uint32_t * valLen, + SS_UTF8_T * key, + uint32_t keyLen, + uint8_t * val, + uint32_t * valLen, SSCS_PASSWORD_T * epPassword, uint32_t * bytesRequired, SSCS_EXT_T * ext @@ -546,6 +546,7 @@ SSCS_EXTERN_LIBCALL(int32_t) miCASA_AddSHSEntry ( void *secretHandle, + uint32_t keyLen, SS_UTF8_T *key, uint32_t valueLen, uint8_t *value @@ -554,7 +555,8 @@ miCASA_AddSHSEntry SSCS_EXTERN_LIBCALL(int32_t) miCASA_RemoveSHSEntry ( - void *secretHandle, + void *secretHandle, + uint32_t keyLen, SS_UTF8_T *key, uint32_t valueLen, uint8_t *value diff --git a/include/micasa_mgmd.h b/include/micasa_mgmd.h index 9f82f9e8..7a3c1710 100644 --- a/include/micasa_mgmd.h +++ b/include/micasa_mgmd.h @@ -44,13 +44,13 @@ extern "C" typedef unsigned char SS_UTF8_T; #endif -#define NSSCS_MAX_USERID_LEN 256 //* max username (bytes) +#define NSSCS_MAX_USERID_LEN 256 //* max username (bytes) #define NSSCS_MAX_PWORD_LEN 128 //* max password (bytes) #define NSSCS_MAX_SECRET_ID_LEN 512 //* in bytes including NULL // used to denote what structure is being used for the credentials -#define SSCS_CRED_TYPE_BASIC_F 0x00000001L -#define SSCS_CRED_TYPE_BINARY_F 0x00000002L +#define SSCS_CRED_TYPE_BASIC_F 0x00000001L +#define SSCS_CRED_TYPE_BINARY_F 0x00000002L // used to denote the type of username being requested or set #define USERNAME_TYPE_CN_F 0x00000000L // default behavior @@ -96,6 +96,7 @@ typedef struct _sscs_ext_t /* ############################## ERROR CODES ############################ */ /* ####################################################################### */ + #define NSSCS_SUCCESS 0x00000000 /* 0 */ #define NSSCS_E_OBJECT_NOT_FOUND 0xFFFFFCE0 /* -800 */ #define NSSCS_E_NICI_FAILURE 0xFFFFFCDF /* -801 */ @@ -146,13 +147,13 @@ typedef struct _sscs_ext_t #define NSSCS_E_VERSION_MISMATCH 0xFFFFFCB2 /* -846 */ #define NSSCS_E_SECRET_BUFF_TOO_SHORT 0xFFFFFCB1 /* -847 */ #define NSSCS_E_SH_SECRET_FAILURE 0xFFFFFCB0 /* -848 */ -#define NSSCS_E_PARSER_FAILURE 0xFFFFFCAF /* -849 */ -#define NSSCS_E_UTF8_OP_FAILURE 0xFFFFFCAE /* -850 */ -#define NSSCS_E_CTX_LESS_CN_NOT_UNIQUE 0xFFFFFCAD /* -851 */ -#define NSSCS_E_UNSUPPORTED_BIND_CRED 0xFFFFFCAC /* -852 */ -#define NSSCS_E_CERTIFICATE_NOT_FOUND 0xFFFFFCAB /* -853 */ -#define NSSCS_E_CANT_OPEN_CLIENT_CACHE 0xFFFFFCAA /* -854 */ -#define NSSCS_E_WRONG_SH_SEC_TYPE 0xFFFFFCA9 /* -855 */ +#define NSSCS_E_PARSER_FAILURE 0xFFFFFCAF /* -849 */ +#define NSSCS_E_UTF8_OP_FAILURE 0xFFFFFCAE /* -850 */ +#define NSSCS_E_CTX_LESS_CN_NOT_UNIQUE 0xFFFFFCAD /* -851 */ +#define NSSCS_E_UNSUPPORTED_BIND_CRED 0xFFFFFCAC /* -852 */ +#define NSSCS_E_CERTIFICATE_NOT_FOUND 0xFFFFFCAB /* -853 */ +#define NSSCS_E_CANT_OPEN_CLIENT_CACHE 0xFFFFFCAA /* -854 */ +#define NSSCS_E_WRONG_SH_SEC_TYPE 0xFFFFFCA9 /* -855 */ #define NSSCS_E_NOT_IMPLEMENTED 0xFFFFFC88 /* -888 */ #define NSSCS_E_BETA_EXPIRED 0xFFFFFC7D /* -899 */ @@ -339,8 +340,6 @@ typedef struct _sscs_ext_t ########################### END OFERROR CODES ########################## */ -#endif // _SSCS_SDK_H_ - // * The following functions will be exposed as exported API: // ************************************************************** @@ -425,4 +424,5 @@ typedef struct _sscs_ext_t } #endif +#endif diff --git a/include/sscs_ipc.h b/include/sscs_ipc.h index 9aacab31..9c364b49 100644 --- a/include/sscs_ipc.h +++ b/include/sscs_ipc.h @@ -57,6 +57,11 @@ typedef uint8_t Byte; #include #include +void * ipc_win_create(void); +int ipc_win_write(HANDLE hPipe, LPCVOID lpBuffer, DWORD bytesToWrite); +int ipc_win_read(HANDLE hPipe, LPVOID lpBuffer, DWORD numOfBytesToRead); +int ipc_win_close(HANDLE hPipe); + #define IPC_CREATE() ipc_win_create(); #define IPC_READ(s1,s2,s3) ipc_win_read(s1,s2,s3); #define IPC_WRITE(s1,s2,s3) ipc_win_write(s1,s2,s3); diff --git a/include/sscs_utf8.h b/include/sscs_utf8.h index a39edb7e..b67648e1 100644 --- a/include/sscs_utf8.h +++ b/include/sscs_utf8.h @@ -38,15 +38,15 @@ typedef unsigned char SS_UTF8_T; #define sscs_Utf8Strlen(s) sscs_strlen((s)) #define sscs_Utf8StrSize(s) (sscs_strlen((s)) ? (sscs_strlen((s))+1) : 0) -#define sscs_Utf8Strcpy(s1, s2) sscs_strcpy((s1), (s2)) -#define sscs_Utf8Strcat(s1, s2) sscs_strcat((s1), (s2)) -#define sscs_Utf8Strcmp(s1, s2) sscs_strcmp((s1), (s2)) -#define sscs_Utf8Stricmp(s1, s2) sscs_stricmp((s1), (s2)) -#define sscs_Utf8Strstr(s1, s2) sscs_strstr((s1), (s2)) -#define sscs_Utf8Strchr(s1, c) sscs_strchr((s1), (c)) -#define sscs_Utf8Strncat(s1, s2, c) sscs_strncat((s1), (s2), (c)) -#define sscs_Utf8Strncmp(s1, s2, c) sscs_strncmp((s1), (s2), (c)) -#define sscs_Utf8Strncpy(s1, s2, c) sscs_strncpy((s1), (s2), (c)) +#define sscs_Utf8Strcpy(s1, s2) sscs_strcpy((s1),(s2)) +#define sscs_Utf8Strcat(s1, s2) sscs_strcat((s1),(s2)) +#define sscs_Utf8Strcmp(s1, s2) sscs_strcmp((s1),(s2)) +#define sscs_Utf8Stricmp(s1, s2) sscs_stricmp((s1),(s2)) +#define sscs_Utf8Strstr(s1, s2) sscs_strstr((s1),(s2)) +#define sscs_Utf8Strchr(s1, c) sscs_strchr((s1),(c)) +#define sscs_Utf8Strncat(s1, s2, l) {(s2)[(l)-1]='\0';strncat((s1),(s2),(l));} +#define sscs_Utf8Strncmp(s1, s2, l) (strncmp((s1),(s2),(l))) +#define sscs_Utf8Strncpy(s1, s2, l) {(s2)[(l)-1]='\0';strncpy((s1),(s2),(l));} #if defined(__cplusplus) || defined(c_plusplus)