Add support for "Server" secrets, by adding an additional keychain and a new credential type. This is the c code(micasa.so) only. We still need to implement persistence in micasad for this keychain.
This commit is contained in:
Jim Norman
parent
c076f68b37
commit
06369edbd9
@ -57,6 +57,11 @@ extern "C"
|
|||||||
#define SSCS_S_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F)
|
#define SSCS_S_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F)
|
||||||
#define SSCS_S_KC_ID_CHARS 26
|
#define SSCS_S_KC_ID_CHARS 26
|
||||||
static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"};
|
static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"};
|
||||||
|
|
||||||
|
#define SSCS_S_KC_ID_SERVER_CHARS 25
|
||||||
|
static SS_UTF8_T SSCS_SERVER_KEY_CHAIN_ID[] = {"SSCS_SERVER_KEY_CHAIN_ID"};
|
||||||
|
|
||||||
|
|
||||||
// {'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0};
|
// {'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0};
|
||||||
// ######################### FIRST RELEASE ############################
|
// ######################### FIRST RELEASE ############################
|
||||||
|
|
||||||
|
|||||||
@ -51,6 +51,7 @@ typedef unsigned char SS_UTF8_T;
|
|||||||
// used to denote what structure is being used for the credentials
|
// used to denote what structure is being used for the credentials
|
||||||
#define SSCS_CRED_TYPE_BASIC_F 0x00000001L
|
#define SSCS_CRED_TYPE_BASIC_F 0x00000001L
|
||||||
#define SSCS_CRED_TYPE_BINARY_F 0x00000002L
|
#define SSCS_CRED_TYPE_BINARY_F 0x00000002L
|
||||||
|
#define SSCS_CRED_TYPE_SERVER_F 0x00000004L
|
||||||
|
|
||||||
// used to denote the type of username being requested or set
|
// used to denote the type of username being requested or set
|
||||||
#define USERNAME_TYPE_CN_F 0x00000000L // default behavior
|
#define USERNAME_TYPE_CN_F 0x00000000L // default behavior
|
||||||
@ -402,6 +403,17 @@ typedef struct _sscs_ext_t
|
|||||||
SSCS_EXT_T * ext // Reserved
|
SSCS_EXT_T * ext // Reserved
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// miCASADeleteCredential replaces miCASARemoveCredential below in future releases.
|
||||||
|
SSCS_EXTERN_LIBCALL(int32_t)
|
||||||
|
miCASADeleteCredential
|
||||||
|
(
|
||||||
|
uint32_t ssFlags, // IN
|
||||||
|
SSCS_SECRET_ID_T * appSecretID, // IN
|
||||||
|
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
|
||||||
|
uint32_t credentialType, // IN
|
||||||
|
SSCS_EXT_T * ext // Reserved
|
||||||
|
);
|
||||||
|
|
||||||
SSCS_EXTERN_LIBCALL(int32_t)
|
SSCS_EXTERN_LIBCALL(int32_t)
|
||||||
miCASARemoveCredential
|
miCASARemoveCredential
|
||||||
(
|
(
|
||||||
|
|||||||
@ -31,6 +31,7 @@ LINK_DEF_BLD = \
|
|||||||
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
|
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
|
||||||
|
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
||||||
|
|||||||
@ -36,6 +36,7 @@ LINK_DEF_BLD = \
|
|||||||
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
|
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
|
||||||
|
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
|
||||||
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\
|
||||||
|
|||||||
@ -10,12 +10,13 @@ VER_1.0
|
|||||||
miCASACloseSecretStoreCache;
|
miCASACloseSecretStoreCache;
|
||||||
miCASAReadSecret;
|
miCASAReadSecret;
|
||||||
miCASAReadKey;
|
miCASAReadKey;
|
||||||
miCASAReadBinaryKey;
|
miCASAReadBinaryKey;
|
||||||
|
miCASADeleteSecret;
|
||||||
miCASARemoveSecret;
|
miCASARemoveSecret;
|
||||||
miCASARemoveKey;
|
miCASARemoveKey;
|
||||||
miCASAWriteSecret;
|
miCASAWriteSecret;
|
||||||
miCASAWriteKey;
|
miCASAWriteKey;
|
||||||
miCASAWriteBinaryKey;
|
miCASAWriteBinaryKey;
|
||||||
miCASAGetStoreInformation;
|
miCASAGetStoreInformation;
|
||||||
miCASAEnumerateSecretIDs;
|
miCASAEnumerateSecretIDs;
|
||||||
miCASARemoveSecretStore;
|
miCASARemoveSecretStore;
|
||||||
|
|||||||
@ -6,6 +6,7 @@ EXPORTS
|
|||||||
miCASA_RemoveSHSEntry
|
miCASA_RemoveSHSEntry
|
||||||
miCASASetCredential
|
miCASASetCredential
|
||||||
miCASAGetCredential
|
miCASAGetCredential
|
||||||
|
miCASADeleteCredential
|
||||||
miCASARemoveCredential
|
miCASARemoveCredential
|
||||||
miCASAOpenSecretStoreCache
|
miCASAOpenSecretStoreCache
|
||||||
miCASACloseSecretStoreCache
|
miCASACloseSecretStoreCache
|
||||||
|
|||||||
@ -900,6 +900,15 @@ miCASAOpenSecretStoreCache
|
|||||||
{
|
{
|
||||||
goto errorLevel2;
|
goto errorLevel2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
|
||||||
|
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
|
||||||
|
|
||||||
|
if(sscs_CacheAddKeychain(storeContext->ssHandle, ssFlags, &kc, NULL))
|
||||||
|
{
|
||||||
|
goto errorLevel2;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* ############################### CODE EXITS HERE ############################# */
|
/* ############################### CODE EXITS HERE ############################# */
|
||||||
@ -3110,9 +3119,16 @@ miCASAGetCredential
|
|||||||
return NSSCS_E_BUFFER_LEN;
|
return NSSCS_E_BUFFER_LEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
// set default keychain
|
if (*credentialType & SSCS_CRED_TYPE_SERVER_F)
|
||||||
kc.len = SSCS_S_KC_ID_CHARS;
|
{
|
||||||
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
kc.len = SSCS_S_KC_ID_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
||||||
|
}
|
||||||
|
|
||||||
// open secretStore
|
// open secretStore
|
||||||
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
|
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
|
||||||
@ -3124,7 +3140,7 @@ miCASAGetCredential
|
|||||||
return NSSCS_E_SYSTEM_FAILURE;
|
return NSSCS_E_SYSTEM_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(*credentialType == SSCS_CRED_TYPE_BINARY_F)
|
if(*credentialType & SSCS_CRED_TYPE_BINARY_F)
|
||||||
{
|
{
|
||||||
// first check appSecretID
|
// first check appSecretID
|
||||||
rcode = miCASAReadBinaryKey(
|
rcode = miCASAReadBinaryKey(
|
||||||
@ -3370,10 +3386,18 @@ miCASASetCredential
|
|||||||
return NSSCS_E_SYSTEM_FAILURE;
|
return NSSCS_E_SYSTEM_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
kc.len = SSCS_S_KC_ID_CHARS;
|
if (credentialType & SSCS_CRED_TYPE_SERVER_F)
|
||||||
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
{
|
||||||
|
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
kc.len = SSCS_S_KC_ID_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
||||||
|
}
|
||||||
|
|
||||||
if(credentialType == SSCS_CRED_TYPE_BINARY_F)
|
if(credentialType & SSCS_CRED_TYPE_BINARY_F)
|
||||||
{
|
{
|
||||||
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
|
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
|
||||||
|
|
||||||
@ -3513,22 +3537,23 @@ miCASASetCredential
|
|||||||
|
|
||||||
/* ############################### CODE ENDS HERE ############################# */
|
/* ############################### CODE ENDS HERE ############################# */
|
||||||
} // end of miCASASetCredential
|
} // end of miCASASetCredential
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* NAME - miCASARemoveCredential
|
* NAME - miCASADeleteCredential
|
||||||
*
|
*
|
||||||
* DESCRIPTION
|
* DESCRIPTION
|
||||||
* This call removes a managed credential with given the appSecretID
|
* This call removes a managed credential with given the appSecretID
|
||||||
|
* This replaces miCASARemoveCredential in future releases by
|
||||||
|
* adding the credentilalType parameter
|
||||||
* the sharedSecretID is ignored now - TBD
|
* the sharedSecretID is ignored now - TBD
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
SSCS_GLOBAL_LIBCALL(int32_t)
|
SSCS_GLOBAL_LIBCALL(int32_t)
|
||||||
miCASARemoveCredential
|
miCASADeleteCredential
|
||||||
(
|
(
|
||||||
uint32_t ssFlags, // IN
|
uint32_t ssFlags, // IN
|
||||||
SSCS_SECRET_ID_T * appSecretID, // IN
|
SSCS_SECRET_ID_T * appSecretID, // IN
|
||||||
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
|
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
|
||||||
|
uint32_t credentialType, // IN
|
||||||
SSCS_EXT_T * ext // Reserved
|
SSCS_EXT_T * ext // Reserved
|
||||||
)
|
)
|
||||||
{ /* beginning of the call */
|
{ /* beginning of the call */
|
||||||
@ -3565,8 +3590,16 @@ miCASARemoveCredential
|
|||||||
}
|
}
|
||||||
|
|
||||||
// remove the secret for the appSecretID passed in
|
// remove the secret for the appSecretID passed in
|
||||||
kc.len = SSCS_S_KC_ID_CHARS;
|
if (credentialType == SSCS_CRED_TYPE_SERVER_F)
|
||||||
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
{
|
||||||
|
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
kc.len = SSCS_S_KC_ID_CHARS;
|
||||||
|
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
|
||||||
|
}
|
||||||
|
|
||||||
secID.type = SSCS_CREDENTIAL_TYPE_F;
|
secID.type = SSCS_CREDENTIAL_TYPE_F;
|
||||||
secID.len = appSecretID->len;
|
secID.len = appSecretID->len;
|
||||||
@ -3579,6 +3612,33 @@ miCASARemoveCredential
|
|||||||
|
|
||||||
return(rcode);
|
return(rcode);
|
||||||
|
|
||||||
|
/* ############################### CODE ENDS HERE ############################# */
|
||||||
|
} // end of miCASADeleteCredential
|
||||||
|
|
||||||
|
/*
|
||||||
|
* NAME - miCASARemoveCredential
|
||||||
|
*
|
||||||
|
* DESCRIPTION
|
||||||
|
* This call removes a managed credential with given the appSecretID
|
||||||
|
* the sharedSecretID is ignored now - TBD
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
SSCS_GLOBAL_LIBCALL(int32_t)
|
||||||
|
miCASARemoveCredential
|
||||||
|
(
|
||||||
|
uint32_t ssFlags, // IN
|
||||||
|
SSCS_SECRET_ID_T * appSecretID, // IN
|
||||||
|
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
|
||||||
|
SSCS_EXT_T * ext // Reserved
|
||||||
|
)
|
||||||
|
{ /* beginning of the call */
|
||||||
|
/* ########################## DECLARATIONS START HERE ######################### */
|
||||||
|
return miCASADeleteCredential(ssFlags,
|
||||||
|
appSecretID,
|
||||||
|
sharedSecretID,
|
||||||
|
SSCS_CRED_TYPE_BASIC_F,
|
||||||
|
ext);
|
||||||
|
|
||||||
/* ############################### CODE ENDS HERE ############################# */
|
/* ############################### CODE ENDS HERE ############################# */
|
||||||
} // end of miCASARemoveCredential
|
} // end of miCASARemoveCredential
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user