geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
51ffdf0702
CASA/CASA-auth-token/client/library/cache.c

790 lines
26 KiB
C
Raw Normal View History

Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
/***********************************************************************
*
* Copyright (C) 2006 Novell, Inc. All Rights Reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; version 2.1
* of the License.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, Novell, Inc.
*
* To contact Novell about this file by physical or electronic mail,
* you may find current contact information at www.novell.com.
*
Made changes to deal with issues found during self-code review. Added lock callback functionality for interfacing with OpenSSL in a multi-threaded environment.
2006-11-30 19:21:42 +01:00
* Authors: Juan Carlos Luciani <jluciani@novell.com>
* Todd Throne <tthrone@novell.com>
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
*
***********************************************************************/
//===[ Include files ]=====================================================
#include "internal.h"
#include <micasa.h>
//===[ Type definitions ]==================================================
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
//
// Auth Cache Entry Wrapper definition
//
typedef struct _WrapperAuthCacheEntry
{
int size;
AuthCacheEntry entry;
} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
//===[ Function prototypes ]===============================================
//===[ Global variables ]==================================================
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
static
Finished the Linux side changes for the "Cleanup during library unload" issue.
2007-01-29 14:04:22 +01:00
bool g_authCacheInitialized = false;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
HANDLE g_hCASAContext;
//++=======================================================================
AuthCacheEntry*
CreateAuthTokenCacheEntry(
IN const char *pCacheKey,
IN const char *pGroupOrHostName,
IN CasaStatus status,
IN char *pToken,
IN int entryLifetime, // seconds (0 == Lives forever)
IN void *pCredStoreScope
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
uint32_t entrySize, keySize;
size_t tokenSize, wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen;
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
char *pKey;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t) strlen(pToken);
}
else
{
tokenSize = 0;
}
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Verify that entrySize will not overflow
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
entrySize = tokenSize + sizeof(AuthCacheEntry);
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
cacheKeyStrLen = strlen(pCacheKey);
groupOrHostNameStrLen = strlen(pGroupOrHostName);
// Verify that keySize will not overflow
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
{
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
pKey = malloc(keySize);
if (pKey)
{
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(uint8_t *) pEntry,
&entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
free(pKey);
}
else
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
}
}
else
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- keySize overflow prevented\n", 0);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
else
{
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
}
else
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
DbgTrace(0, "-CreateAuthTokenCacheEntry- entrySize overflow prevented\n", 0);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
CreateSessionTokenCacheEntry(
IN const char *pCacheKey,
IN CasaStatus status,
IN char *pToken,
IN int entryLifetime, // seconds (0 == Lives forever)
IN void *pCredStoreScope
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
uint32_t entrySize;
size_t tokenSize, wrapperEntrySize, cacheKeyStrLen;
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
if (status == CASA_STATUS_SUCCESS)
{
tokenSize = (uint32_t)strlen(pToken);
}
else
{
tokenSize = 0;
}
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Verify that entrySize will not overflow
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if ((tokenSize + sizeof(AuthCacheEntry)) <= UINT32_MAX)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
entrySize = tokenSize + sizeof(AuthCacheEntry);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Allocate space for the entry wrapper
//
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Save the entry size
pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status
pEntry->status = status;
if (pEntry->status == CASA_STATUS_SUCCESS)
{
memcpy(&pEntry->token[0], pToken, tokenSize);
}
pEntry->token[tokenSize] = '\0';
// Set the time when the entry was added to the cache
pEntry->creationTime = GetTickCount();
// First determine the time when the entry is due to expire
if (entryLifetime != 0)
{
pEntry->expirationTime = pEntry->creationTime + (entryLifetime * 1000);
pEntry->doesNotExpire = false;
}
else
{
// The entry does not expire
pEntry->expirationTime = 0;
pEntry->doesNotExpire = true;
}
cacheKeyStrLen = strlen(pCacheKey) + 1;
// Verify that the cacheKeyStrLen can be casted to a uint32_t
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if (cacheKeyStrLen <= UINT32_MAX)
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
{
miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) cacheKeyStrLen,
(uint8_t *) pEntry,
&entrySize,
NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
}
else
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- cacheKeyStrLen overflow prevented\n", 0);
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
else
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
else
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
DbgTrace(0, "-CreateSessionTokenCacheEntry- entrySize overflow prevented\n", 0);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
return pEntry;
}
//++=======================================================================
void
FreeAuthCacheEntry(
IN AuthCacheEntry *pEntry
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
WrapperAuthCacheEntry *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
// Free the entry after clearing the memory holding it since it
// may contain security sensitive data.
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
memset(pWrapperEntry, 0, pWrapperEntry->size);
free(pWrapperEntry);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
}
//++=======================================================================
static
bool
CacheEntryLifetimeExpired(
IN DWORD creationTime,
IN DWORD expirationTime
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DWORD currentTime = GetTickCount();
bool expired = false;
DbgTrace(2, "-CacheEntryLifetimeExpired- Start\n", 0);
// Check if the clock has wrapped
if (currentTime >= creationTime)
{
// The clock has not wrapped, check if the
// expiration time has wrapped.
if (expirationTime > creationTime)
{
// The expiration time also has not wrapped,
// do a straight compare against the current
// time.
if (currentTime >= expirationTime)
{
// It has expired
expired = true;
}
}
}
else
{
// The clock has wrapped, check if the expiration
// time also wrapped.
if (expirationTime > creationTime)
{
// The expiration time did not wrap, therefore
// it has been exceeded since the clock wrapped.
expired = true;
}
else
{
// The expiration time also wrapped, do a straight
// compare against the current time.
if (currentTime >= expirationTime)
{
// It has expired
expired = true;
}
}
}
DbgTrace(2, "-CacheEntryLifetimeExpired- End, result = %08X\n", expired);
return expired;
}
//++=======================================================================
AuthCacheEntry*
FindSessionTokenEntryInCache(
IN const char *pCacheKey,
IN void *pCredStoreScope
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
uint32_t valueLength, bytesRequired;
size_t wrapperEntrySize, cacheKeyStrLen;
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
valueLength = 0;
bytesRequired = 0;
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
cacheKeyStrLen = strlen(pCacheKey) + 1;
// Verify that the cacheKeyStrLen can be casted to a uint32_t
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if (cacheKeyStrLen <= UINT32_MAX)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
NULL,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
(uint8_t *) pEntry,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
cacheKeyStrLen,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
}
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
}
else
{
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
}
}
}
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
else
{
DbgTrace(0, "-FindSessionTokenEntryInCache- cacheKeyStrLen overflow prevented\n", 0);
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-FindSessionTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry);
return pEntry;
}
//++=======================================================================
AuthCacheEntry*
FindAuthTokenEntryInCache(
IN const char *pCacheKey,
IN const char *pGroupOrHostName,
IN void *pCredStoreScope
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
uint32_t valueLength, bytesRequired, keySize;
size_t wrapperEntrySize, cacheKeyStrLen, groupOrHostNameStrLen;
Completed changes for clearing out memory associated with tokens.
2007-01-04 14:27:31 +01:00
WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
char *pKey;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
cacheKeyStrLen = strlen(pCacheKey);
groupOrHostNameStrLen = strlen(pGroupOrHostName);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Verify that keySize will not overflow
More changes to resolve issues brought up during the security review of the code.
2007-02-06 23:09:00 +01:00
if ((cacheKeyStrLen + groupOrHostNameStrLen + 2) <= UINT32_MAX)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
keySize = (uint32_t) (cacheKeyStrLen + groupOrHostNameStrLen + 2);
pKey = malloc(keySize);
if (pKey)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
strncpy(pKey, pCacheKey, keySize);
strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize);
valueLength = 0;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
NULL,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired;
bytesRequired = 0;
miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
keySize,
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
(uint8_t *) pEntry,
&valueLength,
(SSCS_PASSWORD_T*) NULL,
&bytesRequired,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_SUCCESS)
{
if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
{
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pKey,
keySize,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
}
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
}
else
{
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
Added code to clear memory used to hold tokens since they contain data which is security sensitive.
2007-01-04 11:18:40 +01:00
FreeAuthCacheEntry(pEntry);
pEntry = NULL;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
}
}
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
free(pKey);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
Addressed issues found during the SuSE security review.
2007-02-03 00:02:43 +01:00
}
else
{
DbgTrace(0, "-FindAuthTokenEntryInCache- keySize overflow prevented\n", 0);
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
}
DbgTrace(1, "-FindAuthTokenEntryInCache- End, pEntry = %0lX\n", (long) pEntry);
return pEntry;
}
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
//++=======================================================================
void
RemoveSessionTokenEntryInCache(
IN const char *pCacheKey,
IN void *pCredStoreScope
)
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
DbgTrace(1, "-RemoveSessionTokenEntryInCache- Start\n", 0);
// Remove the entry from the cache
miCasaStatus = miCASARemoveKey(g_hCASAContext,
0,
&sessionKeyChain,
&sharedId,
(SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1,
(SSCS_PASSWORD_T*) NULL,
(SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-RemoveSessionTokenEntryInCache- miCASARemoveKey error = %0X\n", miCasaStatus);
}
DbgTrace(1, "-RemoveSessionTokenEntryInCache- End\n", 0);
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
//++=======================================================================
CasaStatus
InitializeAuthCache()
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
CasaStatus retStatus;
SSCS_SECRETSTORE_T ssId;
DbgTrace(1, "-InitializeAuthCache- Start\n", 0);
ssId.version = NSSCS_VERSION_NUMBER;
strcpy((char *)ssId.ssName, (char *)SSCS_DEFAULT_SECRETSTORE_ID);
g_hCASAContext = miCASAOpenSecretStoreCache(&ssId,
0,
NULL);
if (!g_hCASAContext)
{
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_UNSUCCESSFUL);
}
else
{
Finished the Linux side changes for the "Cleanup during library unload" issue.
2007-01-29 14:04:22 +01:00
g_authCacheInitialized = true;
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
retStatus = CASA_STATUS_SUCCESS;
}
DbgTrace(1, "-InitializeAuthCache- End, retStatus = %08X\n", retStatus);
return retStatus;
}
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
//++=======================================================================
void
Finished the Linux side changes for the "Cleanup during library unload" issue.
2007-01-29 14:04:22 +01:00
UnInitializeAuthCache(void)
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
//
// Arguments:
//
// Returns:
//
// Abstract:
//
// Notes:
//
// L2
//=======================================================================--
{
DbgTrace(1, "-UnInitializeAuthCache- Start\n", 0);
// Proceed if initialized
if (g_authCacheInitialized)
{
// Close the secret store cache
miCASACloseSecretStoreCache(g_hCASAContext,
0,
NULL);
// Forget about being initialized
g_hCASAContext = NULL;
Finished the Linux side changes for the "Cleanup during library unload" issue.
2007-01-29 14:04:22 +01:00
g_authCacheInitialized = false;
Added code to allow us to un-initialize the library when it is unloaded. These changes allow library un-initialization to work for Windows. More code needs to be added to un-initialize the library under Linux.
2007-01-29 11:46:18 +01:00
}
DbgTrace(1, "-UnInitializeAuthCache- End\n", 0);
}
Splitted the non-java project into client and server projects in order to be able to deliver the client component onto distributions targeting desktops without having to deliver the server components. This commit is for the resulting client project.
2006-11-13 06:20:43 +01:00
//++=======================================================================
//++=======================================================================
//++=======================================================================
Reference in New Issue Copy Permalink