geos_one/CASA
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added code to clear memory used to hold tokens since they contain data

Browse Source 
which is security sensitive.
This commit is contained in:
Juan Carlos Luciani 2007-01-04 10:18:40 +00:00
parent fbfa990210
commit 834c6e0add
5 changed files with 152 additions and 103 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CASA-auth-token/client/library/authmsg.c
View File

@ -364,7 +364,9 @@ ConsumeElementData(
memcpy(pNewBuf + pAuthRespParse->elementDataProcessed, s, len); memcpy(pNewBuf + pAuthRespParse->elementDataProcessed, s, len);
pAuthRespParse->elementDataProcessed += len; pAuthRespParse->elementDataProcessed += len;
// Swap the buffers // Swap the buffers after clearing and freeing the original
// buffer since it may contain sensitive information.
memset(*ppElementData, 0, pAuthRespParse->elementDataProcessed - len);
free(*ppElementData); free(*ppElementData);
*ppElementData = pNewBuf; *ppElementData = pNewBuf;
@ -842,7 +844,12 @@ RelAuthenticateResp(
// Free the resources associated with the object // Free the resources associated with the object
if (pAuthenticateResp->pToken) if (pAuthenticateResp->pToken)
{
// Clear the memory associated with the token since it is
// sensitive data.
memset(pAuthenticateResp->pToken, 0, pAuthenticateResp->tokenLen);
free(pAuthenticateResp->pToken); free(pAuthenticateResp->pToken);
}
free(pAuthenticateResp); free(pAuthenticateResp);

203
CASA-auth-token/client/library/cache.c
View File

@ -60,7 +60,7 @@ CreateAuthTokenCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t tokenSize, entrySize, keySize; int32_t tokenSize, entrySize, keySize;
@ -85,6 +85,9 @@ CreateAuthTokenCacheEntry(
pEntry = (AuthCacheEntry*) malloc(entrySize); pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry) if (pEntry)
{ {
// Save the entry size
pEntry->size = entrySize;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -120,32 +123,31 @@ CreateAuthTokenCacheEntry(
strncat(pKey, "@", keySize); strncat(pKey, "@", keySize);
strncat(pKey, pGroupOrHostName, keySize); strncat(pKey, pGroupOrHostName, keySize);
retStatus = miCASAWriteBinaryKey(g_hCASAContext, miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pKey, (SS_UTF8_T*) pKey,
keySize, keySize,
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &entrySize, (uint32_t*) &entrySize,
NULL, NULL,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateAuthTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
free(pKey); free(pKey);
} }
else else
{ {
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
} }
else else
{ {
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, DbgTrace(0, "-CreateAuthTokenCacheEntry- Memory allocation failure\n", 0);
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry); DbgTrace(1, "-CreateAuthTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
@ -175,7 +177,7 @@ CreateSessionTokenCacheEntry(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t tokenSize, entrySize; int32_t tokenSize, entrySize;
@ -199,6 +201,9 @@ CreateSessionTokenCacheEntry(
pEntry = (AuthCacheEntry*) malloc(entrySize); pEntry = (AuthCacheEntry*) malloc(entrySize);
if (pEntry) if (pEntry)
{ {
// Save the entry size
pEntry->size = entrySize;
// Set the status // Set the status
pEntry->status = status; pEntry->status = status;
@ -225,22 +230,24 @@ CreateSessionTokenCacheEntry(
pEntry->doesNotExpire = true; pEntry->doesNotExpire = true;
} }
retStatus = miCASAWriteBinaryKey(g_hCASAContext, miCasaStatus = miCASAWriteBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pCacheKey, (SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1, (uint32_t) strlen(pCacheKey) + 1,
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &entrySize, (uint32_t*) &entrySize,
NULL, NULL,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus != NSSCS_SUCCESS)
{
DbgTrace(0, "-CreateSessionTokenCacheEntry- miCASAWriteBinaryKey failure, status = %0X\n", miCasaStatus);
}
} }
else else
{ {
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, DbgTrace(0, "-CreateSessionTokenCacheEntry- Memory allocation failure\n", 0);
CASA_FACILITY_AUTHTOKEN,
CASA_STATUS_INSUFFICIENT_RESOURCES);
} }
DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry); DbgTrace(1, "-CreateSessionTokenCacheEntry- End, pEntry = %0lX\n", (long) pEntry);
@ -268,7 +275,9 @@ FreeAuthCacheEntry(
{ {
DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry); DbgTrace(1, "-FreeAuthCacheEntry- Start, pEntry = %0lX\n", (long) pEntry);
// Free the entry // Free the entry after clearing the memory holding it since it
// may contain security sensitive data.
memset(pEntry, 0, pEntry->size);
free(pEntry); free(pEntry);
DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0); DbgTrace(1, "-FreeAuthCacheEntry- End\n", 0);
@ -362,52 +371,51 @@ FindSessionTokenEntryInCache(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {20, "CASA_SESSION_TOKENS"};
int32_t valueLength, bytesRequired; int32_t valueLength, bytesRequired;
AuthCacheEntry *pEntry = NULL; AuthCacheEntry *pEntry = NULL;
DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0); DbgTrace(1, "-FindSessionTokenEntryInCache- Start\n", 0);
valueLength = 0; valueLength = 0;
bytesRequired = 0; bytesRequired = 0;
retStatus = miCASAReadBinaryKey(g_hCASAContext, miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pCacheKey, (SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1, (uint32_t) strlen(pCacheKey) + 1,
NULL, NULL,
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry) if (pEntry)
{ {
pEntry->size = bytesRequired;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;
retStatus = miCASAReadBinaryKey(g_hCASAContext, miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pCacheKey, (SS_UTF8_T*) pCacheKey,
(uint32_t) strlen(pCacheKey) + 1, (uint32_t) strlen(pCacheKey) + 1,
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (CASA_SUCCESS(retStatus)) if (miCasaStatus == NSSCS_SUCCESS)
{ {
if (pEntry->doesNotExpire == false if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
@ -415,14 +423,13 @@ FindSessionTokenEntryInCache(
// Remove the entry ??? // Remove the entry ???
//miCASARemoveBinaryKey(); //miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, FreeAuthCacheEntry(pEntry);
CASA_FACILITY_AUTHTOKEN, pEntry = NULL;
CASA_STATUS_UNSUCCESSFUL);
} }
} }
else
if (!CASA_SUCCESS(retStatus))
{ {
DbgTrace(0, "-FindSessionTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry); FreeAuthCacheEntry(pEntry);
pEntry = NULL; pEntry = NULL;
} }
@ -453,7 +460,7 @@ FindAuthTokenEntryInCache(
// L2 // L2
//=======================================================================-- //=======================================================================--
{ {
CasaStatus retStatus; int32_t miCasaStatus;
SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"}; SSCS_KEYCHAIN_ID_T sessionKeyChain = {26, "SSCS_SESSION_KEY_CHAIN_ID"};
SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"}; SSCS_SECRET_ID_T sharedId = {27, "CASA_AUTHENTICATION_TOKENS"};
int32_t valueLength, bytesRequired, keySize; int32_t valueLength, bytesRequired, keySize;
@ -475,55 +482,53 @@ FindAuthTokenEntryInCache(
valueLength = 0; valueLength = 0;
bytesRequired = 0; bytesRequired = 0;
retStatus = miCASAReadBinaryKey(g_hCASAContext, miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pKey, (SS_UTF8_T*) pKey,
keySize, keySize,
NULL, NULL,
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (miCasaStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
if (retStatus == NSSCS_E_ENUM_BUFF_TOO_SHORT
&& bytesRequired != 0) && bytesRequired != 0)
{ {
pEntry = (AuthCacheEntry*) malloc(bytesRequired); pEntry = (AuthCacheEntry*) malloc(bytesRequired);
if (pEntry) if (pEntry)
{ {
pEntry->size = bytesRequired;
valueLength = bytesRequired; valueLength = bytesRequired;
bytesRequired = 0; bytesRequired = 0;
retStatus = miCASAReadBinaryKey(g_hCASAContext, miCasaStatus = miCASAReadBinaryKey(g_hCASAContext,
0, 0,
&sessionKeyChain, &sessionKeyChain,
&sharedId, &sharedId,
(SS_UTF8_T*) pKey, (SS_UTF8_T*) pKey,
keySize, keySize,
(uint8_t *) pEntry, (uint8_t *) pEntry,
(uint32_t*) &valueLength, (uint32_t*) &valueLength,
(SSCS_PASSWORD_T*) NULL, (SSCS_PASSWORD_T*) NULL,
(uint32_t*) &bytesRequired, (uint32_t*) &bytesRequired,
(SSCS_EXT_T*) pCredStoreScope); (SSCS_EXT_T*) pCredStoreScope);
if (CASA_SUCCESS(retStatus)) if (miCasaStatus == NSSCS_SUCCESS)
{ {
if (pEntry->doesNotExpire == false if (pEntry->doesNotExpire == false
&& CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime)) && CacheEntryLifetimeExpired(pEntry->creationTime, pEntry->expirationTime))
{ {
// Remove the entry ??? // Remove the entry ???
//miCASARemoveBinaryKey(); //miCASARemoveBinaryKey();
retStatus = CasaStatusBuild(CASA_SEVERITY_ERROR, FreeAuthCacheEntry(pEntry);
CASA_FACILITY_AUTHTOKEN, pEntry = NULL;
CASA_STATUS_UNSUCCESSFUL);
} }
} }
else
if (!CASA_SUCCESS(retStatus))
{ {
DbgTrace(0, "-FindAuthTokenEntryInCache- miCASAReadBinaryKey error = %0X\n", miCasaStatus);
FreeAuthCacheEntry(pEntry); FreeAuthCacheEntry(pEntry);
pEntry = NULL; pEntry = NULL;
} }

32
CASA-auth-token/client/library/engine.c
View File

@ -192,10 +192,15 @@ ObtainSessionToken(
// Free resources that may be hanging around // Free resources that may be hanging around
if (pRespMsg) if (pRespMsg)
{
// Clear and free the memory associated with the response since it may contain
// security sensitive data.
memset(pRespMsg, 0, respLen);
free(pRespMsg); free(pRespMsg);
}
// Clear and free the memory associated with the request message since // Clear and free the memory associated with the request message since
// it may contain sensitive information. // it may contain security sensitive information.
memset(pReqMsg, 0, strlen(pReqMsg)); memset(pReqMsg, 0, strlen(pReqMsg));
free(pReqMsg); free(pReqMsg);
} }
@ -407,13 +412,28 @@ ObtainAuthTokenFromServer(
// Free resources that may be hanging around // Free resources that may be hanging around
if (pReqMsg) if (pReqMsg)
{
// Clear the memory before freeing up the request message since it
// may contain security sensitive data.
memset(pReqMsg, 0, strlen(pReqMsg));
free(pReqMsg); free(pReqMsg);
}
if (pRespMsg) if (pRespMsg)
{
// Clear the memory before freeing up the response message since it
// may contain security sensitive data.
memset(pRespMsg, 0, strlen(pRespMsg));
free(pRespMsg); free(pRespMsg);
}
if (pSessionToken) if (pSessionToken)
{
// Clear the memory before freeing up the token since it is
// security sensitive data.
memset(pSessionToken, 0, strlen(pSessionToken));
free(pSessionToken); free(pSessionToken);
}
if (pGetAuthTokenResp) if (pGetAuthTokenResp)
RelGetAuthTokenResp(pGetAuthTokenResp); RelGetAuthTokenResp(pGetAuthTokenResp);
@ -572,6 +592,7 @@ ObtainAuthTokenInt(
int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME; int cacheEntryLifetime = DEFAULT_RETRY_LIFETIME;
// Cache entry created, now try to obtain auth token from the CASA Server // Cache entry created, now try to obtain auth token from the CASA Server
pToken = NULL;
retStatus = ObtainAuthTokenFromServer(pServiceName, retStatus = ObtainAuthTokenFromServer(pServiceName,
pNormalizedHostName, pNormalizedHostName,
&pToken, &pToken,
@ -598,6 +619,15 @@ ObtainAuthTokenInt(
} }
} }
} }
// Release authentication token if present
if (pToken)
{
// Clear the memory before releasing the buffer since it contains
// security sensitive data.
memset(pToken, 0, strlen(pToken));
free(pToken);
}
} }
else else
{ {

10
CASA-auth-token/client/library/gettokenmsg.c
View File

@ -361,8 +361,9 @@ ConsumeElementData(
memcpy(pNewBuf + pGetAuthTokenRespParse->elementDataProcessed, s, len); memcpy(pNewBuf + pGetAuthTokenRespParse->elementDataProcessed, s, len);
pGetAuthTokenRespParse->elementDataProcessed += len; pGetAuthTokenRespParse->elementDataProcessed += len;
// Swap the buffers // Swap the buffers after clearing and freeing the original
free(*ppElementData); // buffer since it may contain sensitive information.
memset(*ppElementData, 0, pGetAuthTokenRespParse->elementDataProcessed - len);
*ppElementData = pNewBuf; *ppElementData = pNewBuf;
// Return the length of the element data buffer // Return the length of the element data buffer
@ -828,7 +829,12 @@ RelGetAuthTokenResp(
// Free the resources associated with the object // Free the resources associated with the object
if (pGetAuthTokenResp->pToken) if (pGetAuthTokenResp->pToken)
{
// Clear the memory associated with the token since it is
// sensitive data.
memset(pGetAuthTokenResp->pToken, 0, pGetAuthTokenResp->tokenLen);
free(pGetAuthTokenResp->pToken); free(pGetAuthTokenResp->pToken);
}
free(pGetAuthTokenResp); free(pGetAuthTokenResp);

1
CASA-auth-token/client/library/internal.h
View File

@ -101,6 +101,7 @@ typedef struct _AuthenticateResp
typedef struct _AuthCacheEntry typedef struct _AuthCacheEntry
{ {
int status; int status;
int size;
DWORD creationTime; DWORD creationTime;
DWORD expirationTime; DWORD expirationTime;
bool doesNotExpire; bool doesNotExpire;