geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Completed changes for clearing out memory associated with tokens.

Browse Source
This commit is contained in:
Juan Carlos Luciani 2007-01-04 13:27:31 +00:00
parent 834c6e0add
commit 717b3c1091
4 changed files with 84 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

111
CASA-auth-token/client/library/cache.c
View File

@ -31,6 +31,17 @@
//===[ Type definitions ]================================================== //===[ Type definitions ]==================================================
//
// Auth Cache Entry Wrapper definition
//
typedef struct _WrapperAuthCacheEntry
{
int size;
AuthCacheEntry entry;
} WrapperAuthCacheEntry, *PWrapperAuthCacheEntry;
//===[ Function prototypes ]=============================================== //===[ Function prototypes ]===============================================
//===[ Global variables ]================================================== //===[ Global variables ]==================================================
@ -60,12 +71,13 @@ CreateAuthTokenCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t tokenSize, entrySize, keySize; int32_t tokenSize, wrapperEntrySize, entrySize, keySize;
AuthCacheEntry *pEntry = NULL; WrapperAuthCacheEntry *pWrapperEntry = NULL;
char *pKey; AuthCacheEntry *pEntry = NULL;
char *pKey;
DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0); DbgTrace(1, "-CreateAuthTokenCacheEntry- Start\n", 0);
@ -78,15 +90,20 @@ CreateAuthTokenCacheEntry(
tokenSize = 0; tokenSize = 0;
} }
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry // Allocate space for the entry wrapper
// The AuthCacheEntry structure contains room for the tokens NULL terminator //
pEntry = (AuthCacheEntry*) malloc(entrySize); // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
// Save the entry size // Save the entry size
pEntry->size = entrySize; pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -177,11 +194,12 @@ CreateSessionTokenCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t tokenSize, entrySize; int32_t tokenSize, wrapperEntrySize, entrySize;
AuthCacheEntry *pEntry = NULL; WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0); DbgTrace(1, "-CreateSessionTokenCacheEntry- Start\n", 0);
@ -194,15 +212,20 @@ CreateSessionTokenCacheEntry(
tokenSize = 0; tokenSize = 0;
} }
wrapperEntrySize = tokenSize + sizeof(WrapperAuthCacheEntry);
entrySize = tokenSize + sizeof(AuthCacheEntry); entrySize = tokenSize + sizeof(AuthCacheEntry);
// Allocate space for the entry // Allocate space for the entry wrapper
// The AuthCacheEntry structure contains room for the tokens NULL terminator //
pEntry = (AuthCacheEntry*) malloc(entrySize); // The WrapperAuthCacheEntry structure contains room for the tokens NULL terminator
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
// Save the entry size // Save the entry size
pEntry->size = entrySize; pWrapperEntry->size = wrapperEntrySize;
// Set the AuthCacheEntry pointer
pEntry = &pWrapperEntry->entry;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -273,12 +296,14 @@ FreeAuthCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
WrapperAuthCacheEntry *pWrapperEntry = CONTAINING_RECORD(pEntry, WrapperAuthCacheEntry, entry);
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry); DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
// Free the entry after clearing the memory holding it since it // Free the entry after clearing the memory holding it since it
// may contain security sensitive data. // may contain security sensitive data.
memset(pEntry, 0, pEntry->size); memset(pWrapperEntry, 0, pWrapperEntry->size);
free(pEntry); free(pWrapperEntry);
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0); DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
} }
@ -371,11 +396,12 @@ FindSessionTokenEntryInCache(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t valueLength, bytesRequired; int32_t valueLength, wrapperEntrySize, bytesRequired;
AuthCacheEntry *pEntry = NULL; WrapperAuthCacheEntry *pWrapperEntry = NULL;
AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0); DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
@ -397,10 +423,12 @@ FindSessionTokenEntryInCache(
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
pEntry->size = bytesRequired; pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;
@ -460,12 +488,13 @@ FindAuthTokenEntryInCache(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
int32_t miCasaStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t valueLength, bytesRequired, keySize; int32_t valueLength, wrapperEntrySize, bytesRequired, keySize;
AuthCacheEntry *pEntry = NULL; WrapperAuthCacheEntry *pWrapperEntry = NULL;
char *pKey; AuthCacheEntry *pEntry = NULL;
char *pKey;
DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0); DbgTrace(1, "-FindAuthTokenEntryInCache- Start\n", 0);
@ -496,10 +525,12 @@ FindAuthTokenEntryInCache(
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); wrapperEntrySize = bytesRequired + sizeof(WrapperAuthCacheEntry) - sizeof(AuthCacheEntry);
if (pEntry) pWrapperEntry = (WrapperAuthCacheEntry*) malloc(wrapperEntrySize);
if (pWrapperEntry)
{ {
pEntry->size = bytesRequired; pWrapperEntry->size = wrapperEntrySize;
pEntry = &pWrapperEntry->entry;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;

13
CASA-auth-token/client/library/engine.c
View File

@ -208,8 +208,8 @@ ObtainSessionToken(
{ {
DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0); DbgTrace(0, "-ObtainSessionToken- Error building Authenticate msg\n", 0);
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR,
CASA_FACILITY_AUTHTOKEN, CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES); CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
// Add the entry to the cache if successful or if the reason that we failed // Add the entry to the cache if successful or if the reason that we failed
@ -225,9 +225,12 @@ ObtainSessionToken(
} }
// Release the cache entry if the resulting status is not successful // Release the cache entry if the resulting status is not successful
if (!CASA_SUCCESS(retStatus)) if (pCacheEntry)
{ {
FreeAuthCacheEntry(pCacheEntry); if (!CASA_SUCCESS(retStatus))
{
FreeAuthCacheEntry(pCacheEntry);
}
} }
// Free up the buffer associated with the authentication mechanism token // Free up the buffer associated with the authentication mechanism token
@ -423,7 +426,7 @@ ObtainAuthTokenFromServer(
{ {
// Clear the memory before freeing up the response message since it // Clear the memory before freeing up the response message since it
// may contain security sensitive data. // may contain security sensitive data.
memset(pRespMsg, 0, strlen(pRespMsg)); memset(pRespMsg, 0, respLen);
free(pRespMsg); free(pRespMsg);
} }

5
CASA-auth-token/client/library/internal.h
View File

@ -98,10 +98,13 @@ typedef struct _AuthenticateResp
// //
// Auth Cache Entry definition // Auth Cache Entry definition
// //
// IMPORTANT NOTE - If changes are made to this structure then you
// will need to deal with compatibility issues with cached tokens
// since the entries are stored binarily in the miCASA cache.
//
typedef struct _AuthCacheEntry typedef struct _AuthCacheEntry
{ {
int status; int status;
int size;
DWORD creationTime; DWORD creationTime;
DWORD expirationTime; DWORD expirationTime;
bool doesNotExpire; bool doesNotExpire;

2
CASA-auth-token/client/library/test/CASA_Auth.cpp
View File

@ -251,7 +251,7 @@ void NonHttpTest(void)
} }
else else
{ {
printf("-NonHttpTest- ObtainAuthToken failed with status %d\n", retStatus); printf("-NonHttpTest- ObtainAuthToken failed with status %0X\n", retStatus);
} }
} }