Add support for "Server" secrets, by adding an additional keychain and a new credential type. This is the c code(micasa.so) only. We still need to implement persistence in micasad for this keychain.

This commit is contained in:
Jim Norman 2006-10-05 22:39:07 +00:00
parent c076f68b37
commit 06369edbd9
7 changed files with 98 additions and 17 deletions

View File

@ -57,6 +57,11 @@ extern "C"
#define SSCS_S_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F) #define SSCS_S_KC_ID_F (SSCS_SESSION_KEY_CHAIN_F)
#define SSCS_S_KC_ID_CHARS 26 #define SSCS_S_KC_ID_CHARS 26
static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"}; static SS_UTF8_T SSCS_SESSION_KEY_CHAIN_ID[] = {"SSCS_SESSION_KEY_CHAIN_ID"};
#define SSCS_S_KC_ID_SERVER_CHARS 25
static SS_UTF8_T SSCS_SERVER_KEY_CHAIN_ID[] = {"SSCS_SERVER_KEY_CHAIN_ID"};
// {'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0}; // {'S','S','C','S','_','S','E','S','S','I','O','N','_','K','E','Y','_','C','H','A','I','N','_','I','D', 0};
// ######################### FIRST RELEASE ############################ // ######################### FIRST RELEASE ############################

View File

@ -51,6 +51,7 @@ typedef unsigned char SS_UTF8_T;
// used to denote what structure is being used for the credentials // used to denote what structure is being used for the credentials
#define SSCS_CRED_TYPE_BASIC_F 0x00000001L #define SSCS_CRED_TYPE_BASIC_F 0x00000001L
#define SSCS_CRED_TYPE_BINARY_F 0x00000002L #define SSCS_CRED_TYPE_BINARY_F 0x00000002L
#define SSCS_CRED_TYPE_SERVER_F 0x00000004L
// used to denote the type of username being requested or set // used to denote the type of username being requested or set
#define USERNAME_TYPE_CN_F 0x00000000L // default behavior #define USERNAME_TYPE_CN_F 0x00000000L // default behavior
@ -402,6 +403,17 @@ typedef struct _sscs_ext_t
SSCS_EXT_T * ext // Reserved SSCS_EXT_T * ext // Reserved
); );
// miCASADeleteCredential replaces miCASARemoveCredential below in future releases.
SSCS_EXTERN_LIBCALL(int32_t)
miCASADeleteCredential
(
uint32_t ssFlags, // IN
SSCS_SECRET_ID_T * appSecretID, // IN
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
uint32_t credentialType, // IN
SSCS_EXT_T * ext // Reserved
);
SSCS_EXTERN_LIBCALL(int32_t) SSCS_EXTERN_LIBCALL(int32_t)
miCASARemoveCredential miCASARemoveCredential
( (

View File

@ -31,6 +31,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\ echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\

View File

@ -36,6 +36,7 @@ LINK_DEF_BLD = \
echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\ echo "/EXPORT:miCASA_RemoveSHSEntry" >> $(LINKDEF);\
echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASASetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASAGetCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASADeleteCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\ echo "/EXPORT:miCASARemoveCredential" >> $(LINKDEF);\
echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASAOpenSecretStoreCache" >> $(LINKDEF);\
echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\ echo "/EXPORT:miCASACloseSecretStoreCache" >> $(LINKDEF);\

View File

@ -9,13 +9,14 @@ VER_1.0
miCASAOpenSecretStoreCache; miCASAOpenSecretStoreCache;
miCASACloseSecretStoreCache; miCASACloseSecretStoreCache;
miCASAReadSecret; miCASAReadSecret;
miCASAReadKey; miCASAReadKey;
miCASAReadBinaryKey; miCASAReadBinaryKey;
miCASARemoveSecret; miCASADeleteSecret;
miCASARemoveSecret;
miCASARemoveKey; miCASARemoveKey;
miCASAWriteSecret; miCASAWriteSecret;
miCASAWriteKey; miCASAWriteKey;
miCASAWriteBinaryKey; miCASAWriteBinaryKey;
miCASAGetStoreInformation; miCASAGetStoreInformation;
miCASAEnumerateSecretIDs; miCASAEnumerateSecretIDs;
miCASARemoveSecretStore; miCASARemoveSecretStore;

View File

@ -6,6 +6,7 @@ EXPORTS
miCASA_RemoveSHSEntry miCASA_RemoveSHSEntry
miCASASetCredential miCASASetCredential
miCASAGetCredential miCASAGetCredential
miCASADeleteCredential
miCASARemoveCredential miCASARemoveCredential
miCASAOpenSecretStoreCache miCASAOpenSecretStoreCache
miCASACloseSecretStoreCache miCASACloseSecretStoreCache

View File

@ -900,6 +900,15 @@ miCASAOpenSecretStoreCache
{ {
goto errorLevel2; goto errorLevel2;
} }
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
if(sscs_CacheAddKeychain(storeContext->ssHandle, ssFlags, &kc, NULL))
{
goto errorLevel2;
}
} }
/* ############################### CODE EXITS HERE ############################# */ /* ############################### CODE EXITS HERE ############################# */
@ -3110,9 +3119,16 @@ miCASAGetCredential
return NSSCS_E_BUFFER_LEN; return NSSCS_E_BUFFER_LEN;
} }
// set default keychain if (*credentialType & SSCS_CRED_TYPE_SERVER_F)
kc.len = SSCS_S_KC_ID_CHARS; {
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
// open secretStore // open secretStore
sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN); sscs_Utf8Strncpy(store.ssName, SSCS_DEFAULT_SECRETSTORE_ID, SSCS_DEFAULT_SECRETSTORE_ID_LEN);
@ -3124,7 +3140,7 @@ miCASAGetCredential
return NSSCS_E_SYSTEM_FAILURE; return NSSCS_E_SYSTEM_FAILURE;
} }
if(*credentialType == SSCS_CRED_TYPE_BINARY_F) if(*credentialType & SSCS_CRED_TYPE_BINARY_F)
{ {
// first check appSecretID // first check appSecretID
rcode = miCASAReadBinaryKey( rcode = miCASAReadBinaryKey(
@ -3370,10 +3386,18 @@ miCASASetCredential
return NSSCS_E_SYSTEM_FAILURE; return NSSCS_E_SYSTEM_FAILURE;
} }
kc.len = SSCS_S_KC_ID_CHARS; if (credentialType & SSCS_CRED_TYPE_SERVER_F)
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); {
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
if(credentialType == SSCS_CRED_TYPE_BINARY_F) if(credentialType & SSCS_CRED_TYPE_BINARY_F)
{ {
binaryCred = (SSCS_BINARY_CREDENTIAL *)credential; binaryCred = (SSCS_BINARY_CREDENTIAL *)credential;
@ -3513,22 +3537,23 @@ miCASASetCredential
/* ############################### CODE ENDS HERE ############################# */ /* ############################### CODE ENDS HERE ############################# */
} // end of miCASASetCredential } // end of miCASASetCredential
/* /*
* NAME - miCASARemoveCredential * NAME - miCASADeleteCredential
* *
* DESCRIPTION * DESCRIPTION
* This call removes a managed credential with given the appSecretID * This call removes a managed credential with given the appSecretID
* This replaces miCASARemoveCredential in future releases by
* adding the credentilalType parameter
* the sharedSecretID is ignored now - TBD * the sharedSecretID is ignored now - TBD
* *
*/ */
SSCS_GLOBAL_LIBCALL(int32_t) SSCS_GLOBAL_LIBCALL(int32_t)
miCASARemoveCredential miCASADeleteCredential
( (
uint32_t ssFlags, // IN uint32_t ssFlags, // IN
SSCS_SECRET_ID_T * appSecretID, // IN SSCS_SECRET_ID_T * appSecretID, // IN
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
uint32_t credentialType, // IN
SSCS_EXT_T * ext // Reserved SSCS_EXT_T * ext // Reserved
) )
{ /* beginning of the call */ { /* beginning of the call */
@ -3565,8 +3590,16 @@ miCASARemoveCredential
} }
// remove the secret for the appSecretID passed in // remove the secret for the appSecretID passed in
kc.len = SSCS_S_KC_ID_CHARS; if (credentialType == SSCS_CRED_TYPE_SERVER_F)
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS); {
kc.len = SSCS_S_KC_ID_SERVER_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SERVER_KEY_CHAIN_ID, SSCS_S_KC_ID_SERVER_CHARS);
}
else
{
kc.len = SSCS_S_KC_ID_CHARS;
sscs_Utf8Strncpy(kc.keychainID, SSCS_SESSION_KEY_CHAIN_ID, SSCS_S_KC_ID_CHARS);
}
secID.type = SSCS_CREDENTIAL_TYPE_F; secID.type = SSCS_CREDENTIAL_TYPE_F;
secID.len = appSecretID->len; secID.len = appSecretID->len;
@ -3579,6 +3612,33 @@ miCASARemoveCredential
return(rcode); return(rcode);
/* ############################### CODE ENDS HERE ############################# */
} // end of miCASADeleteCredential
/*
* NAME - miCASARemoveCredential
*
* DESCRIPTION
* This call removes a managed credential with given the appSecretID
* the sharedSecretID is ignored now - TBD
*
*/
SSCS_GLOBAL_LIBCALL(int32_t)
miCASARemoveCredential
(
uint32_t ssFlags, // IN
SSCS_SECRET_ID_T * appSecretID, // IN
SSCS_SECRET_ID_T * sharedSecretID, // Optional IN
SSCS_EXT_T * ext // Reserved
)
{ /* beginning of the call */
/* ########################## DECLARATIONS START HERE ######################### */
return miCASADeleteCredential(ssFlags,
appSecretID,
sharedSecretID,
SSCS_CRED_TYPE_BASIC_F,
ext);
/* ############################### CODE ENDS HERE ############################# */ /* ############################### CODE ENDS HERE ############################# */
} // end of miCASARemoveCredential } // end of miCASARemoveCredential