geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add support for "Server" secrets, by adding an additional keychain and a new credential type. This is the c code(micasa.so) only. We still need to implement persistence in micasad for this keychain.

Browse Source
This commit is contained in:
Jim Norman
2006-10-05 22:39:07 +00:00
parent c076f68b37
commit 06369edbd9
7 changed files with 98 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CASA/micasadk/link.w32
View File

@@ -31,6 +31,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\

1
CASA/micasadk/link_mdd.w32
View File

@@ -36,6 +36,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\

9
CASA/micasadk/linux/micasa_lux.exp
View File

@@ -9,13 +9,14 @@ VER_1.0
miCASAOpenSecretStoreCache;
miCASACloseSecretStoreCache;
miCASAReadSecret;
miCASAReadKey;
miCASAReadBinaryKey;
miCASARemoveSecret;
miCASAReadKey;
miCASAReadBinaryKey;
miCASADeleteSecret;
miCASARemoveSecret;
miCASARemoveKey;
miCASAWriteSecret;
miCASAWriteKey;
miCASAWriteBinaryKey;
miCASAWriteBinaryKey;
miCASAGetStoreInformation;
miCASAEnumerateSecretIDs;
miCASARemoveSecretStore;

1
CASA/micasadk/micasa.def
View File

@@ -6,6 +6,7 @@ EXPORTS
miCASA_RemoveSHSEntry
miCASASetCredential
miCASAGetCredential
miCASADeleteCredential
miCASARemoveCredential
miCASAOpenSecretStoreCache
miCASACloseSecretStoreCache

86
CASA/micasadk/sscs_ndk.c
View File

@@ -900,6 +900,15 @@ miCASAOpenSecretStoreCache
{
goto errorLevel2;
}
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
if(sscs_CacheAddKeychain(storeContext->ssHandle, ssFlags, &kc, NULL))
{
goto errorLevel2;
}
}
/* ############################### CODE EXITS HERE ############################# */
@@ -3110,9 +3119,16 @@ miCASAGetCredential
return NSSCS_E_BUFFER_LEN;
}
// set default keychain
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
if (*credentialType & SSCS_CRED_TYPE_SERVER_F)
{
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
// open secretStore
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
@@ -3124,7 +3140,7 @@ miCASAGetCredential
return NSSCS_E_SYSTEM_FAILURE;
}
if(*credentialType == SSCS_CRED_TYPE_BINARY_F)
if(*credentialType & SSCS_CRED_TYPE_BINARY_F)
{
// first check appSecretID
rcode = miCASAReadBinaryKey(
@@ -3370,10 +3386,18 @@ miCASASetCredential
return NSSCS_E_SYSTEM_FAILURE;
}
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
if (credentialType & SSCS_CRED_TYPE_SERVER_F)
{
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
if(credentialType == SSCS_CRED_TYPE_BINARY_F)
if(credentialType & SSCS_CRED_TYPE_BINARY_F)
{
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
@@ -3513,22 +3537,23 @@ miCASASetCredential
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASASetCredential
/*
* NAME - miCASARemoveCredential
* NAME - miCASADeleteCredential
*
* DESCRIPTION
* This call removes a managed credential with given the appSecretID
* This replaces miCASARemoveCredential in future releases by
* adding the credentilalType parameter
* the sharedSecretID is ignored now - TBD
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASARemoveCredential
miCASADeleteCredential
(
uint32_t ssFlags, // IN
SSCS_SECRET_ID_T * appSecretID, // IN
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
uint32_t credentialType, // IN
SSCS_EXT_T * ext // Reserved
)
{ /* beginning of the call */
@@ -3565,8 +3590,16 @@ miCASARemoveCredential
}
// remove the secret for the appSecretID passed in
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
if (credentialType == SSCS_CRED_TYPE_SERVER_F)
{
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
secID.type = SSCS_CREDENTIAL_TYPE_F;
secID.len = appSecretID->len;
@@ -3579,6 +3612,33 @@ miCASARemoveCredential
return(rcode);
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASADeleteCredential
/*
* NAME - miCASARemoveCredential
*
* DESCRIPTION
* This call removes a managed credential with given the appSecretID
* the sharedSecretID is ignored now - TBD
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASARemoveCredential
(
uint32_t ssFlags, // IN
SSCS_SECRET_ID_T * appSecretID, // IN
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
SSCS_EXT_T * ext // Reserved
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
return miCASADeleteCredential(ssFlags,
appSecretID,
sharedSecretID,
SSCS_CRED_TYPE_BASIC_F,
ext);
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASARemoveCredential