2 * Copyright (c) 2014, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
34 // MRW -- Add proper copyright boilerplate to all files
36 #include "GSSInitSecContext.h"
37 #include "GSSException.h"
38 #include <cache/GSSContextCache.h>
39 #include <cache/GSSNameCache.h>
40 #include <datamodel/GSSName.h>
46 #include "util_base64.h"
48 typedef OM_uint32 (*init_sec_context)(
49 OM_uint32 *, /* minor_status */
50 gss_cred_id_t, /* claimant_cred_handle */
51 gss_ctx_id_t *, /* context_handle */
52 gss_name_t, /* target_name */
53 gss_OID, /* mech_type (used to be const) */
54 OM_uint32, /* req_flags */
55 OM_uint32, /* time_req */
56 gss_channel_bindings_t, /* input_chan_bindings */
57 gss_buffer_t, /* input_token */
58 gss_OID *, /* actual_mech_type */
59 gss_buffer_t, /* output_token */
60 OM_uint32 *, /* ret_flags */
61 OM_uint32 * /* time_req */
65 GSSInitSecContext::execute()
68 init_sec_context fn = (init_sec_context)function;
69 gss_OID actual_mech_type;
74 if (output_token.length > 0)
75 retVal = gss_release_buffer(&minor_status, &output_token);
78 // MRW -- fix so that this uses all of the vars from the object
87 GSS_C_NO_CHANNEL_BINDINGS,
94 if ( GSS_ERROR(this->retVal) )
96 // MRW -- steal code from import name
98 errMsg += "Cannot init_sec_context: ";
99 throw GSSException(errMsg.c_str(), this->retVal, this->minor_status, mechType.toGss());
102 actualMechType.setValue(actual_mech_type);
104 context.setContext(context_handle, true);
105 contextKey = GSSContextCache::instance()->store(context);
112 const char* GSSInitSecContext::getTargetDisplayName()
115 gss_buffer_desc output_name;
117 OM_uint32 major, minor;
125 major = gss_display_name(&minor, target_name, &output_name, &output_type);
126 if (major == GSS_S_COMPLETE)
127 ret = (const char *)output_name.value;
137 bool GSSInitSecContext::loadParameters(JSONObject *params)
144 if ( params->isNull() )
149 /* Main processing */
150 // MRW -- finish parsing all of the variables
151 // claimant_cred_handle
154 if (!(params->get("context_handle").isNull() ||
155 (params->get("context_handle").isString() &&
156 std::string("") == params->get("context_handle").string())))
158 this->context_handle = GSS_C_NO_CONTEXT;
159 if (params->get("context_handle").isString())
161 key = params->get("context_handle").string();
162 context = GSSContextCache::instance()->retrieve( key.c_str() );
163 this->context_handle = context.getContext();
165 if (GSS_C_NO_CONTEXT == this->context_handle)
166 throw std::invalid_argument( "Could not find the context_handle." );
170 if (! ( params->get("target_name").isNull() ||
171 (params->get("target_name").isString() &&
172 std::string("") == params->get("target_name").string())
176 this->target_name = GSS_C_NO_NAME;
177 if (params->get("target_name").isString())
179 key = params->get("target_name").string();
181 targetName = GSSNameCache::instance()->retrieve(key);
183 this->target_name = targetName.toGss();
185 if (GSS_C_NO_NAME == this->target_name)
186 throw std::invalid_argument( "Could not find the target_name" );
190 if (! ( params->get("mech_type").isNull() ||
192 params->get("mech_type").isString() &&
193 std::string("") == params->get("mech_type").string()
199 if (params->get("mech_type").isString())
201 key = params->get("mech_type").string();
202 mechType.setValue(key);
204 if (GSS_C_NO_OID == this->mechType.toGss() )
205 throw std::invalid_argument( std::string() + "Could not create a mech_type OID from '" + key + "'");
209 if (!params->get("req_flags").isNull() )
210 this->req_flags = params->get("req_flags").integer();
213 if (!params->get("time_req").isNull() )
214 this->time_req = params->get("time_req").integer();
217 if (! (params->get("input_token").isNull() ||
218 (params->get("input_token").isString() &&
219 std::string("") == params->get("input_token").string())))
221 token = params->get("input_token").string();
222 input_token.value = base64Decode(token.c_str(), &input_token.length);
231 bool GSSInitSecContext::zeroOut(bool initialized)
236 gss_buffer_desc output;
241 // Free up existing memory if it's been set.
244 if (this->context_handle != NULL)
245 gss_delete_sec_context(&minor, &(this->context_handle), &output);
247 if (this->target_name != NULL)
248 gss_release_name(&minor, &(this->target_name));
250 if (this->output_token.length > 0)
251 gss_release_buffer(&minor, &output_token);
253 if (this->input_token.value) {
254 base64Free(input_token.value);
255 input_token.value = NULL;
256 input_token.length = 0;
260 // Now set things to reasonable defaults
262 this->minor_status = 0;
268 this->context_handle = GSS_C_NO_CONTEXT;
269 this->target_name = GSS_C_NO_NAME;
270 this->mechType.setValue( (char *)"{ 1 3 6 1 5 5 15 1 1 18 }" );
271 this->input_token.length = 0;
272 this->input_token.value = NULL;
273 this->output_token.length = 0;
274 this->output_token.value = NULL;
281 JSONObject *GSSInitSecContext::toJSON()
284 // MRW -- values should be scoped to the class, so execute can set error values?
285 std::string output_str;
286 JSONObject *values = new JSONObject();
287 base64EncodeStr(output_token.value, output_token.length, output_str);
294 values->set("major_status", this->retVal);
295 values->set("minor_status", this->minor_status);
296 values->set("context_handle", this->contextKey.c_str());
297 values->set("actual_mech_type", this->getActualMechType().toString().c_str());
298 values->set("output_token", output_str.c_str());
299 values->set("ret_flags", this->ret_flags);
300 values->set("time_rec", this->time_rec);
301 // MRW -- modify for new error handling
309 GSSInitSecContext::GSSInitSecContext(
314 loadParameters(params);
318 GSSInitSecContext::GSSInitSecContext(void *fn)