diff --git a/CASA-auth-token/client/library/cache.c b/CASA-auth-token/client/library/cache.c index ed461971..40f96fcb 100644 --- a/CASA-auth-token/client/library/cache.c +++ b/CASA-auth-token/client/library/cache.c @@ -31,6 +31,17 @@ //===[ Type definitions ]================================================== +// +// Auth Cache Entry Wrapper definition +// +typedef struct _WrapperAuthCacheEntry +{ + int size; + AuthCacheEntry entry; + +} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry; + + //===[ Function prototypes ]=============================================== //===[ Global variables ]================================================== @@ -60,12 +71,13 @@ CreateAuthTokenCacheEntry( // L2 //=======================================================================-- { - int32_t miCasaStatus; - SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; - SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; - int32_t tokenSize, entrySize, keySize; - AuthCacheEntry *pEntry = NULL; - char *pKey; + int32_t miCasaStatus; + SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; + SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; + int32_t tokenSize, wrapperEntrySize, entrySize, keySize; + WrapperAuthCacheEntry *pWrapperEntry = NULL; + AuthCacheEntry *pEntry = NULL; + char *pKey; DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0); @@ -78,15 +90,20 @@ CreateAuthTokenCacheEntry( tokenSize = 0; } + wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry); - // Allocate space for the entry - // The AuthCacheEntry structure contains room for the tokens NULL terminator - pEntry = (AuthCacheEntry*) malloc(entrySize); - if (pEntry) + // Allocate space for the entry wrapper + // + // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { // Save the entry size - pEntry->size = entrySize; + pWrapperEntry->size = wrapperEntrySize; + + // Set the AuthCacheEntry pointer + pEntry = &pWrapperEntry->entry; // Set the status pEntry->status = status; @@ -177,11 +194,12 @@ CreateSessionTokenCacheEntry( // L2 //=======================================================================-- { - int32_t miCasaStatus; - SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; - SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; - int32_t tokenSize, entrySize; - AuthCacheEntry *pEntry = NULL; + int32_t miCasaStatus; + SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; + SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; + int32_t tokenSize, wrapperEntrySize, entrySize; + WrapperAuthCacheEntry *pWrapperEntry = NULL; + AuthCacheEntry *pEntry = NULL; DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); @@ -194,15 +212,20 @@ CreateSessionTokenCacheEntry( tokenSize = 0; } + wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry); - // Allocate space for the entry - // The AuthCacheEntry structure contains room for the tokens NULL terminator - pEntry = (AuthCacheEntry*) malloc(entrySize); - if (pEntry) + // Allocate space for the entry wrapper + // + // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { // Save the entry size - pEntry->size = entrySize; + pWrapperEntry->size = wrapperEntrySize; + + // Set the AuthCacheEntry pointer + pEntry = &pWrapperEntry->entry; // Set the status pEntry->status = status; @@ -273,12 +296,14 @@ FreeAuthCacheEntry( // L2 //=======================================================================-- { + WrapperAuthCacheEntry *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry); + DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry); // Free the entry after clearing the memory holding it since it // may contain security sensitive data. - memset(pEntry, 0, pEntry->size); - free(pEntry); + memset(pWrapperEntry, 0, pWrapperEntry->size); + free(pWrapperEntry); DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0); } @@ -371,11 +396,12 @@ FindSessionTokenEntryInCache( // L2 //=======================================================================-- { - int32_t miCasaStatus; - SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; - SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; - int32_t valueLength, bytesRequired; - AuthCacheEntry *pEntry = NULL; + int32_t miCasaStatus; + SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; + SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; + int32_t valueLength, wrapperEntrySize, bytesRequired; + WrapperAuthCacheEntry *pWrapperEntry = NULL; + AuthCacheEntry *pEntry = NULL; DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0); @@ -397,10 +423,12 @@ FindSessionTokenEntryInCache( if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) { - pEntry = (AuthCacheEntry*) malloc(bytesRequired); - if (pEntry) + wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { - pEntry->size = bytesRequired; + pWrapperEntry->size = wrapperEntrySize; + pEntry = &pWrapperEntry->entry; valueLength = bytesRequired; bytesRequired = 0; @@ -460,12 +488,13 @@ FindAuthTokenEntryInCache( // L2 //=======================================================================-- { - int32_t miCasaStatus; - SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; - SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; - int32_t valueLength, bytesRequired, keySize; - AuthCacheEntry *pEntry = NULL; - char *pKey; + int32_t miCasaStatus; + SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; + SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; + int32_t valueLength, wrapperEntrySize, bytesRequired, keySize; + WrapperAuthCacheEntry *pWrapperEntry = NULL; + AuthCacheEntry *pEntry = NULL; + char *pKey; DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0); @@ -496,10 +525,12 @@ FindAuthTokenEntryInCache( if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT && bytesRequired != 0) { - pEntry = (AuthCacheEntry*) malloc(bytesRequired); - if (pEntry) + wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry); + pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize); + if (pWrapperEntry) { - pEntry->size = bytesRequired; + pWrapperEntry->size = wrapperEntrySize; + pEntry = &pWrapperEntry->entry; valueLength = bytesRequired; bytesRequired = 0; diff --git a/CASA-auth-token/client/library/engine.c b/CASA-auth-token/client/library/engine.c index 760edbf9..6f9e6981 100644 --- a/CASA-auth-token/client/library/engine.c +++ b/CASA-auth-token/client/library/engine.c @@ -208,8 +208,8 @@ ObtainSessionToken( { DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, - CASA_FACILITY_AUTHTOKEN, - CASA_STATUS_INSUFFICIENT_RESOURCES); + CASA_FACILITY_AUTHTOKEN, + CASA_STATUS_INSUFFICIENT_RESOURCES); } // Add the entry to the cache if successful or if the reason that we failed @@ -225,9 +225,12 @@ ObtainSessionToken( } // Release the cache entry if the resulting status is not successful - if (!CASA_SUCCESS(retStatus)) + if (pCacheEntry) { - FreeAuthCacheEntry(pCacheEntry); + if (!CASA_SUCCESS(retStatus)) + { + FreeAuthCacheEntry(pCacheEntry); + } } // Free up the buffer associated with the authentication mechanism token @@ -423,7 +426,7 @@ ObtainAuthTokenFromServer( { // Clear the memory before freeing up the response message since it // may contain security sensitive data. - memset(pRespMsg, 0, strlen(pRespMsg)); + memset(pRespMsg, 0, respLen); free(pRespMsg); } diff --git a/CASA-auth-token/client/library/internal.h b/CASA-auth-token/client/library/internal.h index 10e6d418..aa101e50 100644 --- a/CASA-auth-token/client/library/internal.h +++ b/CASA-auth-token/client/library/internal.h @@ -98,10 +98,13 @@ typedef struct _AuthenticateResp // // Auth Cache Entry definition // +// IMPORTANT NOTE - If changes are made to this structure then you +// will need to deal with compatibility issues with cached tokens +// since the entries are stored binarily in the miCASA cache. +// typedef struct _AuthCacheEntry { int status; - int size; DWORD creationTime; DWORD expirationTime; bool doesNotExpire; diff --git a/CASA-auth-token/client/library/test/CASA_Auth.cpp b/CASA-auth-token/client/library/test/CASA_Auth.cpp index 47f2997d..92d9c711 100644 --- a/CASA-auth-token/client/library/test/CASA_Auth.cpp +++ b/CASA-auth-token/client/library/test/CASA_Auth.cpp @@ -251,7 +251,7 @@ void NonHttpTest(void) } else { - printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); + printf("-NonHttpTest- ObtainAuthToken failed with status %0X\n", retStatus); } }