Completed changes for clearing out memory associated with tokens.

CASA-auth-token/client/library/cache.c

@@ -31,6 +31,17 @@
 
 //===[ Type definitions ]==================================================
 
+//
+// Auth Cache Entry Wrapper definition 
+//
+typedef struct _WrapperAuthCacheEntry
+{
+   int               size;
+   AuthCacheEntry    entry;
+    
+} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry;
+
+
 //===[ Function prototypes ]===============================================
 
 //===[ Global variables ]==================================================
@@ -60,12 +71,13 @@ CreateAuthTokenCacheEntry(
 // L2
 //=======================================================================--
 {
-   int32_t              miCasaStatus;
-   SSCS_KEYCHAIN_ID_T   sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
-   SSCS_SECRET_ID_T     sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
-   int32_t              tokenSize, entrySize, keySize;
-   AuthCacheEntry       *pEntry = NULL;
-   char                 *pKey;
+   int32_t                 miCasaStatus;
+   SSCS_KEYCHAIN_ID_T      sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
+   SSCS_SECRET_ID_T        sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
+   int32_t                 tokenSize, wrapperEntrySize, entrySize, keySize;
+   WrapperAuthCacheEntry   *pWrapperEntry = NULL;
+   AuthCacheEntry          *pEntry = NULL;
+   char                    *pKey;
 
    DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
 
@@ -78,15 +90,20 @@ CreateAuthTokenCacheEntry(
       tokenSize = 0;
    }
 
+   wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
    entrySize = tokenSize + sizeof(AuthCacheEntry);
 
-   // Allocate space for the entry
-   // The AuthCacheEntry structure contains room for the tokens NULL terminator
-   pEntry = (AuthCacheEntry*) malloc(entrySize);
-   if (pEntry)
+   // Allocate space for the entry wrapper
+   // 
+   // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
+   pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
+   if (pWrapperEntry)
    {
       // Save the entry size
-      pEntry->size = entrySize;
+      pWrapperEntry->size = wrapperEntrySize;
+
+      // Set the AuthCacheEntry pointer
+      pEntry = &pWrapperEntry->entry;
 
       // Set the status
       pEntry->status = status;
@@ -177,11 +194,12 @@ CreateSessionTokenCacheEntry(
 // L2
 //=======================================================================--
 {
-   int32_t              miCasaStatus;
-   SSCS_KEYCHAIN_ID_T   sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
-   SSCS_SECRET_ID_T     sharedId = {20, "CASA_SESSION_TOKENS"};
-   int32_t              tokenSize, entrySize;
-   AuthCacheEntry       *pEntry = NULL;
+   int32_t                 miCasaStatus;
+   SSCS_KEYCHAIN_ID_T      sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
+   SSCS_SECRET_ID_T        sharedId = {20, "CASA_SESSION_TOKENS"};
+   int32_t                 tokenSize, wrapperEntrySize, entrySize;
+   WrapperAuthCacheEntry   *pWrapperEntry = NULL;
+   AuthCacheEntry          *pEntry = NULL;
 
    DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
 
@@ -194,15 +212,20 @@ CreateSessionTokenCacheEntry(
       tokenSize = 0;
    }
 
+   wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
    entrySize = tokenSize + sizeof(AuthCacheEntry);
 
-   // Allocate space for the entry
-   // The AuthCacheEntry structure contains room for the tokens NULL terminator
-   pEntry = (AuthCacheEntry*) malloc(entrySize);
-   if (pEntry)
+   // Allocate space for the entry wrapper
+   // 
+   // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
+   pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
+   if (pWrapperEntry)
    {
       // Save the entry size
-      pEntry->size = entrySize;
+      pWrapperEntry->size = wrapperEntrySize;
+
+      // Set the AuthCacheEntry pointer
+      pEntry = &pWrapperEntry->entry;
 
       // Set the status
       pEntry->status = status;
@@ -273,12 +296,14 @@ FreeAuthCacheEntry(
 // L2
 //=======================================================================--
 {
+   WrapperAuthCacheEntry   *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry);
+
    DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
 
    // Free the entry after clearing the memory holding it since it
    // may contain security sensitive data.
-   memset(pEntry, 0, pEntry->size);
-   free(pEntry);
+   memset(pWrapperEntry, 0, pWrapperEntry->size);
+   free(pWrapperEntry);
 
    DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
 }
@@ -371,11 +396,12 @@ FindSessionTokenEntryInCache(
 // L2
 //=======================================================================--
 {
-   int32_t              miCasaStatus;
-   SSCS_KEYCHAIN_ID_T   sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
-   SSCS_SECRET_ID_T     sharedId = {20, "CASA_SESSION_TOKENS"};
-   int32_t              valueLength, bytesRequired;
-   AuthCacheEntry       *pEntry = NULL;
+   int32_t                 miCasaStatus;
+   SSCS_KEYCHAIN_ID_T      sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
+   SSCS_SECRET_ID_T        sharedId = {20, "CASA_SESSION_TOKENS"};
+   int32_t                 valueLength, wrapperEntrySize, bytesRequired;
+   WrapperAuthCacheEntry   *pWrapperEntry = NULL;
+   AuthCacheEntry          *pEntry = NULL;
 
    DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
 
@@ -397,10 +423,12 @@ FindSessionTokenEntryInCache(
    if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
        && bytesRequired != 0)
    {
-      pEntry = (AuthCacheEntry*) malloc(bytesRequired);
-      if (pEntry)
+      wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
+      pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
+      if (pWrapperEntry)
       {
-         pEntry->size = bytesRequired;
+         pWrapperEntry->size = wrapperEntrySize;
+         pEntry = &pWrapperEntry->entry;
          valueLength = bytesRequired;
          bytesRequired = 0;
          
@@ -460,12 +488,13 @@ FindAuthTokenEntryInCache(
 // L2
 //=======================================================================--
 {
-   int32_t              miCasaStatus;
-   SSCS_KEYCHAIN_ID_T   sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
-   SSCS_SECRET_ID_T     sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
-   int32_t              valueLength, bytesRequired, keySize;
-   AuthCacheEntry       *pEntry = NULL;
-   char                 *pKey;
+   int32_t                 miCasaStatus;
+   SSCS_KEYCHAIN_ID_T      sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
+   SSCS_SECRET_ID_T        sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
+   int32_t                 valueLength, wrapperEntrySize, bytesRequired, keySize;
+   WrapperAuthCacheEntry   *pWrapperEntry = NULL;
+   AuthCacheEntry          *pEntry = NULL;
+   char                    *pKey;
 
 
    DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
@@ -496,10 +525,12 @@ FindAuthTokenEntryInCache(
       if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
           && bytesRequired != 0)
       {
-         pEntry = (AuthCacheEntry*) malloc(bytesRequired);
-         if (pEntry)
+         wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
+         pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
+         if (pWrapperEntry)
          {
-            pEntry->size = bytesRequired;
+            pWrapperEntry->size = wrapperEntrySize;
+            pEntry = &pWrapperEntry->entry;
             valueLength = bytesRequired;
             bytesRequired = 0;
             

CASA-auth-token/client/library/engine.c

@@ -208,8 +208,8 @@ ObtainSessionToken(
          {
             DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0);
             retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
-                                 CASA_FACILITY_AUTHTOKEN,
-                                 CASA_STATUS_INSUFFICIENT_RESOURCES);
+                                        CASA_FACILITY_AUTHTOKEN,
+                                        CASA_STATUS_INSUFFICIENT_RESOURCES);
          }
 
          // Add the entry to the cache if successful or if the reason that we failed
@@ -225,9 +225,12 @@ ObtainSessionToken(
          }
    
          // Release the cache entry if the resulting status is not successful
-         if (!CASA_SUCCESS(retStatus))
+         if (pCacheEntry)
          {
-            FreeAuthCacheEntry(pCacheEntry);
+            if (!CASA_SUCCESS(retStatus))
+            {
+               FreeAuthCacheEntry(pCacheEntry);
+            }
          }
 
          // Free up the buffer associated with the authentication mechanism token
@@ -423,7 +426,7 @@ ObtainAuthTokenFromServer(
          {
             // Clear the memory before freeing up the response message since it
             // may contain security sensitive data.
-            memset(pRespMsg, 0, strlen(pRespMsg));
+            memset(pRespMsg, 0, respLen);
             free(pRespMsg);
          }
 

CASA-auth-token/client/library/internal.h

@@ -98,10 +98,13 @@ typedef struct _AuthenticateResp
 //
 // Auth Cache Entry definition
 //
+// IMPORTANT NOTE - If changes are made to this structure then you
+// will need to deal with compatibility issues with cached tokens
+// since the entries are stored binarily in the miCASA cache.
+// 
 typedef struct _AuthCacheEntry
 {
    int         status;
-   int         size;
    DWORD       creationTime;
    DWORD       expirationTime;
    bool        doesNotExpire;

CASA-auth-token/client/library/test/CASA_Auth.cpp

@@ -251,7 +251,7 @@ void NonHttpTest(void)
    }
    else
    {
-      printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus);
+      printf("-NonHttpTest- ObtainAuthToken failed with status %0X\n", retStatus);
    }
 }