Completed changes for clearing out memory associated with tokens.
This commit is contained in:
Juan Carlos Luciani
parent
834c6e0add
commit
717b3c1091
@ -31,6 +31,17 @@
|
||||
|
||||
//===[ Type definitions ]==================================================
|
||||
|
||||
//
|
||||
// Auth Cache Entry Wrapper definition
|
||||
//
|
||||
typedef struct _WrapperAuthCacheEntry
|
||||
{
|
||||
int size;
|
||||
AuthCacheEntry entry;
|
||||
|
||||
} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry;
|
||||
|
||||
|
||||
//===[ Function prototypes ]===============================================
|
||||
|
||||
//===[ Global variables ]==================================================
|
||||
@ -60,12 +71,13 @@ CreateAuthTokenCacheEntry(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
int32_t tokenSize, entrySize, keySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
char *pKey;
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
int32_t tokenSize, wrapperEntrySize, entrySize, keySize;
|
||||
WrapperAuthCacheEntry *pWrapperEntry = NULL;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
char *pKey;
|
||||
|
||||
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
|
||||
|
||||
@ -78,15 +90,20 @@ CreateAuthTokenCacheEntry(
|
||||
tokenSize = 0;
|
||||
}
|
||||
|
||||
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||
|
||||
// Allocate space for the entry
|
||||
// The AuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pEntry = (AuthCacheEntry*) malloc(entrySize);
|
||||
if (pEntry)
|
||||
// Allocate space for the entry wrapper
|
||||
//
|
||||
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
|
||||
if (pWrapperEntry)
|
||||
{
|
||||
// Save the entry size
|
||||
pEntry->size = entrySize;
|
||||
pWrapperEntry->size = wrapperEntrySize;
|
||||
|
||||
// Set the AuthCacheEntry pointer
|
||||
pEntry = &pWrapperEntry->entry;
|
||||
|
||||
// Set the status
|
||||
pEntry->status = status;
|
||||
@ -177,11 +194,12 @@ CreateSessionTokenCacheEntry(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
int32_t tokenSize, entrySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
int32_t tokenSize, wrapperEntrySize, entrySize;
|
||||
WrapperAuthCacheEntry *pWrapperEntry = NULL;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
|
||||
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
|
||||
|
||||
@ -194,15 +212,20 @@ CreateSessionTokenCacheEntry(
|
||||
tokenSize = 0;
|
||||
}
|
||||
|
||||
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
|
||||
entrySize = tokenSize + sizeof(AuthCacheEntry);
|
||||
|
||||
// Allocate space for the entry
|
||||
// The AuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pEntry = (AuthCacheEntry*) malloc(entrySize);
|
||||
if (pEntry)
|
||||
// Allocate space for the entry wrapper
|
||||
//
|
||||
// The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
|
||||
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
|
||||
if (pWrapperEntry)
|
||||
{
|
||||
// Save the entry size
|
||||
pEntry->size = entrySize;
|
||||
pWrapperEntry->size = wrapperEntrySize;
|
||||
|
||||
// Set the AuthCacheEntry pointer
|
||||
pEntry = &pWrapperEntry->entry;
|
||||
|
||||
// Set the status
|
||||
pEntry->status = status;
|
||||
@ -273,12 +296,14 @@ FreeAuthCacheEntry(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
WrapperAuthCacheEntry *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry);
|
||||
|
||||
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
|
||||
|
||||
// Free the entry after clearing the memory holding it since it
|
||||
// may contain security sensitive data.
|
||||
memset(pEntry, 0, pEntry->size);
|
||||
free(pEntry);
|
||||
memset(pWrapperEntry, 0, pWrapperEntry->size);
|
||||
free(pWrapperEntry);
|
||||
|
||||
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
|
||||
}
|
||||
@ -371,11 +396,12 @@ FindSessionTokenEntryInCache(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
int32_t valueLength, bytesRequired;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
|
||||
int32_t valueLength, wrapperEntrySize, bytesRequired;
|
||||
WrapperAuthCacheEntry *pWrapperEntry = NULL;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
|
||||
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
|
||||
|
||||
@ -397,10 +423,12 @@ FindSessionTokenEntryInCache(
|
||||
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
|
||||
&& bytesRequired != 0)
|
||||
{
|
||||
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
|
||||
if (pEntry)
|
||||
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
|
||||
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
|
||||
if (pWrapperEntry)
|
||||
{
|
||||
pEntry->size = bytesRequired;
|
||||
pWrapperEntry->size = wrapperEntrySize;
|
||||
pEntry = &pWrapperEntry->entry;
|
||||
valueLength = bytesRequired;
|
||||
bytesRequired = 0;
|
||||
|
||||
@ -460,12 +488,13 @@ FindAuthTokenEntryInCache(
|
||||
// L2
|
||||
//=======================================================================--
|
||||
{
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
int32_t valueLength, bytesRequired, keySize;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
char *pKey;
|
||||
int32_t miCasaStatus;
|
||||
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
|
||||
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
|
||||
int32_t valueLength, wrapperEntrySize, bytesRequired, keySize;
|
||||
WrapperAuthCacheEntry *pWrapperEntry = NULL;
|
||||
AuthCacheEntry *pEntry = NULL;
|
||||
char *pKey;
|
||||
|
||||
|
||||
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
|
||||
@ -496,10 +525,12 @@ FindAuthTokenEntryInCache(
|
||||
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
|
||||
&& bytesRequired != 0)
|
||||
{
|
||||
pEntry = (AuthCacheEntry*) malloc(bytesRequired);
|
||||
if (pEntry)
|
||||
wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
|
||||
pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
|
||||
if (pWrapperEntry)
|
||||
{
|
||||
pEntry->size = bytesRequired;
|
||||
pWrapperEntry->size = wrapperEntrySize;
|
||||
pEntry = &pWrapperEntry->entry;
|
||||
valueLength = bytesRequired;
|
||||
bytesRequired = 0;
|
||||
|
||||
|
||||
@ -208,8 +208,8 @@ ObtainSessionToken(
|
||||
{
|
||||
DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0);
|
||||
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
CASA_FACILITY_AUTHTOKEN,
|
||||
CASA_STATUS_INSUFFICIENT_RESOURCES);
|
||||
}
|
||||
|
||||
// Add the entry to the cache if successful or if the reason that we failed
|
||||
@ -225,9 +225,12 @@ ObtainSessionToken(
|
||||
}
|
||||
|
||||
// Release the cache entry if the resulting status is not successful
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
if (pCacheEntry)
|
||||
{
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
if (!CASA_SUCCESS(retStatus))
|
||||
{
|
||||
FreeAuthCacheEntry(pCacheEntry);
|
||||
}
|
||||
}
|
||||
|
||||
// Free up the buffer associated with the authentication mechanism token
|
||||
@ -423,7 +426,7 @@ ObtainAuthTokenFromServer(
|
||||
{
|
||||
// Clear the memory before freeing up the response message since it
|
||||
// may contain security sensitive data.
|
||||
memset(pRespMsg, 0, strlen(pRespMsg));
|
||||
memset(pRespMsg, 0, respLen);
|
||||
free(pRespMsg);
|
||||
}
|
||||
|
||||
|
||||
@ -98,10 +98,13 @@ typedef struct _AuthenticateResp
|
||||
//
|
||||
// Auth Cache Entry definition
|
||||
//
|
||||
// IMPORTANT NOTE - If changes are made to this structure then you
|
||||
// will need to deal with compatibility issues with cached tokens
|
||||
// since the entries are stored binarily in the miCASA cache.
|
||||
//
|
||||
typedef struct _AuthCacheEntry
|
||||
{
|
||||
int status;
|
||||
int size;
|
||||
DWORD creationTime;
|
||||
DWORD expirationTime;
|
||||
bool doesNotExpire;
|
||||
|
||||
@ -251,7 +251,7 @@ void NonHttpTest(void)
|
||||
}
|
||||
else
|
||||
{
|
||||
printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus);
|
||||
printf("-NonHttpTest- ObtainAuthToken failed with status %0X\n", retStatus);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user