mech_eap/util_attr.h

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Attribute provider interface.
  35  */
  36
  37 #ifndef _UTIL_ATTR_H_
  38 #define _UTIL_ATTR_H_ 1
  39
  40 #ifdef __cplusplus
  41 #include <string>
  42 #include <new>
  43
  44 struct gss_eap_attr_provider;
  45 struct gss_eap_attr_ctx;
  46
  47 typedef bool
  48 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx,
  49                                const gss_eap_attr_provider *source,
  50                                const gss_buffer_t attribute,
  51                                void *data);
  52
  53 #define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
  54 #define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
  55 #define ATTR_TYPE_SAML              2U                  /* SAML attributes */
  56 #define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
  57 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
  58 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
  59
  60 #define ATTR_FLAG_DISABLE_LOCAL     0x00000001
  61
  62 /*
  63  * Attribute provider: this represents a source of attributes derived
  64  * from the security context.
  65  */
  66 struct gss_eap_attr_provider
  67 {
  68 public:
  69     gss_eap_attr_provider(void) {}
  70     virtual ~gss_eap_attr_provider(void) {}
  71
  72     bool initWithManager(const gss_eap_attr_ctx *manager)
  73     {
  74         m_manager = manager;
  75         return true;
  76     }
  77
  78     virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager,
  79                                          const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
  80     {
  81         return initWithManager(manager);
  82     }
  83
  84     virtual bool initFromGssContext(const gss_eap_attr_ctx *manager,
  85                                     const gss_cred_id_t cred GSSEAP_UNUSED,
  86                                     const gss_ctx_id_t ctx GSSEAP_UNUSED)
  87     {
  88         return initWithManager(manager);
  89     }
  90
  91     virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
  92                                    void *data GSSEAP_UNUSED) const
  93     {
  94         return false;
  95     }
  96
  97     virtual bool setAttribute(int complete GSSEAP_UNUSED,
  98                               const gss_buffer_t attr GSSEAP_UNUSED,
  99                               const gss_buffer_t value GSSEAP_UNUSED)
 100     {
 101         return false;
 102     }
 103
 104     virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
 105     {
 106         return false;
 107     }
 108
 109     virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
 110                               int *authenticated GSSEAP_UNUSED,
 111                               int *complete GSSEAP_UNUSED,
 112                               gss_buffer_t value GSSEAP_UNUSED,
 113                               gss_buffer_t display_value GSSEAP_UNUSED,
 114                               int *more GSSEAP_UNUSED) const
 115     {
 116         return false;
 117     }
 118
 119     virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
 120                                gss_buffer_t type_id GSSEAP_UNUSED) const
 121     {
 122         return NULL;
 123     }
 124     virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
 125                                        gss_any_t input GSSEAP_UNUSED) const
 126     {
 127     }
 128
 129     virtual const char *prefix(void) const
 130     {
 131         return NULL;
 132     }
 133
 134     virtual void exportToBuffer(gss_buffer_t buffer GSSEAP_UNUSED) const
 135     {
 136     }
 137
 138     virtual bool initFromBuffer(const gss_eap_attr_ctx *manager,
 139                                 const gss_buffer_t buffer GSSEAP_UNUSED)
 140     {
 141         return initWithManager(manager);
 142     }
 143
 144     virtual time_t getExpiryTime(void) const { return 0; }
 145
 146     virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
 147                                    std::exception &e GSSEAP_UNUSED) const
 148     {
 149         return GSS_S_CONTINUE_NEEDED;
 150     }
 151
 152     static bool init(void) { return true; }
 153     static void finalize(void) {}
 154
 155     static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
 156
 157 protected:
 158     const gss_eap_attr_ctx *m_manager;
 159
 160 private:
 161     /* make non-copyable */
 162     gss_eap_attr_provider(const gss_eap_attr_provider&);
 163     gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
 164 };
 165
 166 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
 167
 168 /*
 169  * Attribute context: this manages a set of providers for a given
 170  * security context.
 171  */
 172 struct gss_eap_attr_ctx
 173 {
 174 public:
 175     gss_eap_attr_ctx(void);
 176     ~gss_eap_attr_ctx(void);
 177
 178     bool initFromExistingContext(const gss_eap_attr_ctx *manager);
 179     bool initFromGssContext(const gss_cred_id_t cred,
 180                             const gss_ctx_id_t ctx);
 181
 182     bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
 183     bool getAttributeTypes(gss_buffer_set_t *attrs);
 184
 185     bool setAttribute(int complete,
 186                       const gss_buffer_t attr,
 187                       const gss_buffer_t value);
 188     bool deleteAttribute(const gss_buffer_t value);
 189     bool getAttribute(const gss_buffer_t attr,
 190                       int *authenticated,
 191                       int *complete,
 192                       gss_buffer_t value,
 193                       gss_buffer_t display_value,
 194                       int *more) const;
 195     gss_any_t mapToAny(int authenticated,
 196                        gss_buffer_t type_id) const;
 197     void releaseAnyNameMapping(gss_buffer_t type_id,
 198                                gss_any_t input) const;
 199
 200     void exportToBuffer(gss_buffer_t buffer) const;
 201     bool initFromBuffer(const gss_buffer_t buffer);
 202
 203     static std::string
 204     composeAttributeName(const gss_buffer_t prefix,
 205                          const gss_buffer_t suffix);
 206     static void
 207     decomposeAttributeName(const gss_buffer_t attribute,
 208                            gss_buffer_t prefix,
 209                            gss_buffer_t suffix);
 210     static void
 211     composeAttributeName(const gss_buffer_t prefix,
 212                          const gss_buffer_t suffix,
 213                          gss_buffer_t attribute);
 214
 215     std::string
 216     composeAttributeName(unsigned int type,
 217                          const gss_buffer_t suffix);
 218     void
 219     decomposeAttributeName(const gss_buffer_t attribute,
 220                            unsigned int *type,
 221                            gss_buffer_t suffix) const;
 222     void
 223     composeAttributeName(unsigned int type,
 224                          const gss_buffer_t suffix,
 225                          gss_buffer_t attribute) const;
 226
 227     gss_eap_attr_provider *getProvider(unsigned int type) const;
 228
 229     static void
 230     registerProvider(unsigned int type,
 231                      gss_eap_attr_create_provider factory);
 232     static void
 233     unregisterProvider(unsigned int type);
 234
 235     time_t getExpiryTime(void) const;
 236     OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
 237
 238 private:
 239     bool providerEnabled(unsigned int type) const;
 240     void releaseProvider(unsigned int type);
 241
 242     unsigned int attributePrefixToType(const gss_buffer_t prefix) const;
 243     gss_buffer_desc attributeTypeToPrefix(unsigned int type) const;
 244
 245     gss_eap_attr_provider *getPrimaryProvider(void) const;
 246
 247     /* make non-copyable */
 248     gss_eap_attr_ctx(const gss_eap_attr_ctx&);
 249     gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
 250
 251     uint32_t m_flags;
 252     gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
 253 };
 254
 255 #endif /* __cplusplus */
 256
 257 #include "util_radius.h"
 258 #include "util_saml.h"
 259 #include "util_shib.h"
 260
 261 #ifdef __cplusplus
 262
 263 static inline void
 264 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
 265 {
 266     OM_uint32 minor;
 267
 268     if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
 269         throw new std::bad_alloc();
 270 }
 271
 272 static inline void
 273 duplicateBuffer(std::string &str, gss_buffer_t buffer)
 274 {
 275     gss_buffer_desc tmp;
 276
 277     tmp.length = str.length();
 278     tmp.value = (char *)str.c_str();
 279
 280     duplicateBuffer(tmp, buffer);
 281 }
 282
 283 #else
 284 struct gss_eap_attr_ctx;
 285 #endif
 286
 287 #ifdef __cplusplus
 288 extern "C" {
 289 #endif
 290
 291 /*
 292  * C wrappers for attribute context functions. These match their
 293  * GSS naming extension equivalents. The caller is required to
 294  * obtain the name mutex.
 295  */
 296
 297 OM_uint32
 298 gssEapCreateAttrContext(OM_uint32 *minor,
 299                         gss_cred_id_t acceptorCred,
 300                         gss_ctx_id_t acceptorCtx,
 301                         struct gss_eap_attr_ctx **pAttrCtx,
 302                         time_t *pExpiryTime);
 303
 304 OM_uint32
 305 gssEapInquireName(OM_uint32 *minor,
 306                   gss_name_t name,
 307                   int *name_is_MN,
 308                   gss_OID *MN_mech,
 309                   gss_buffer_set_t *attrs);
 310
 311 OM_uint32
 312 gssEapGetNameAttribute(OM_uint32 *minor,
 313                        gss_name_t name,
 314                        gss_buffer_t attr,
 315                        int *authenticated,
 316                        int *complete,
 317                        gss_buffer_t value,
 318                        gss_buffer_t display_value,
 319                        int *more);
 320
 321 OM_uint32
 322 gssEapDeleteNameAttribute(OM_uint32 *minor,
 323                           gss_name_t name,
 324                           gss_buffer_t attr);
 325
 326 OM_uint32
 327 gssEapSetNameAttribute(OM_uint32 *minor,
 328                        gss_name_t name,
 329                        int complete,
 330                        gss_buffer_t attr,
 331                        gss_buffer_t value);
 332
 333 OM_uint32
 334 gssEapExportAttrContext(OM_uint32 *minor,
 335                         gss_name_t name,
 336                         gss_buffer_t buffer);
 337
 338 OM_uint32
 339 gssEapImportAttrContext(OM_uint32 *minor,
 340                         gss_buffer_t buffer,
 341                         gss_name_t name);
 342
 343 OM_uint32
 344 gssEapDuplicateAttrContext(OM_uint32 *minor,
 345                            gss_name_t in,
 346                            gss_name_t out);
 347
 348 OM_uint32
 349 gssEapMapNameToAny(OM_uint32 *minor,
 350                    gss_name_t name,
 351                    int authenticated,
 352                    gss_buffer_t type_id,
 353                    gss_any_t *output);
 354
 355 OM_uint32
 356 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
 357                             gss_name_t name,
 358                             gss_buffer_t type_id,
 359                             gss_any_t *input);
 360
 361 OM_uint32
 362 gssEapReleaseAttrContext(OM_uint32 *minor,
 363                          gss_name_t name);
 364
 365 OM_uint32
 366 gssEapAttrProvidersFinalize(OM_uint32 *minor);
 367
 368 #ifdef __cplusplus
 369 }
 370 #endif
 371
 372 #endif /* _UTIL_ATTR_H_ */