2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
40 /* lazy initialisation */
41 static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER;
42 static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE;
45 gssEapAttrProvidersInitInternal(void)
47 OM_uint32 major, minor;
49 major = gssEapRadiusAttrProviderInit(&minor);
50 assert(major == GSS_S_COMPLETE);
52 major = gssEapSamlAttrProvidersInit(&minor);
53 assert(major == GSS_S_COMPLETE);
55 major = gssEapLocalAttrProviderInit(&minor);
56 assert(major == GSS_S_COMPLETE);
58 gssEapAttrProvidersInitStatus = major;
62 gssEapAttrProvidersInit(void)
64 GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal);
68 gssEapAttrProvidersFinalize(OM_uint32 *minor)
70 OM_uint32 major = GSS_S_COMPLETE;
72 if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) {
73 major = gssEapLocalAttrProviderFinalize(minor);
74 major = gssEapSamlAttrProvidersFinalize(minor);
75 major = gssEapRadiusAttrProviderFinalize(minor);
78 return GSS_S_COMPLETE;
81 static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1];
82 static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1];
85 * Register a provider for a particular type and prefix
88 gss_eap_attr_ctx::registerProvider(unsigned int type,
90 gss_eap_attr_create_provider factory)
92 assert(type <= ATTR_TYPE_MAX);
94 assert(gssEapAttrFactories[type] == NULL);
96 gssEapAttrFactories[type] = factory;
98 gssEapAttrPrefixes[type].value = (void *)prefix;
99 gssEapAttrPrefixes[type].length = strlen(prefix);
101 gssEapAttrPrefixes[type].value = NULL;
102 gssEapAttrPrefixes[type].length = 0;
107 * Unregister a provider
110 gss_eap_attr_ctx::unregisterProvider(unsigned int type)
112 assert(type <= ATTR_TYPE_MAX);
114 gssEapAttrFactories[type] = NULL;
115 gssEapAttrPrefixes[type].value = NULL;
116 gssEapAttrPrefixes[type].length = 0;
120 * Create an attribute context, that manages instances of providers
122 gss_eap_attr_ctx::gss_eap_attr_ctx(void)
126 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
127 gss_eap_attr_provider *provider;
129 if (gssEapAttrFactories[i] != NULL) {
130 provider = (gssEapAttrFactories[i])();
135 m_providers[i] = provider;
140 * Convert an attribute prefix to a type
143 gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix)
147 for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) {
148 if (bufferEqual(&gssEapAttrPrefixes[i], prefix))
152 return ATTR_TYPE_LOCAL;
156 * Convert a type to an attribute prefix
159 gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type)
161 if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX)
162 return GSS_C_NO_BUFFER;
164 return &gssEapAttrPrefixes[type];
168 gss_eap_attr_ctx::providerEnabled(unsigned int type) const
170 if (type == ATTR_TYPE_LOCAL &&
171 (m_flags & ATTR_FLAG_DISABLE_LOCAL))
174 if (m_providers[type] == NULL)
181 gss_eap_attr_ctx::releaseProvider(unsigned int type)
183 delete m_providers[type];
184 m_providers[type] = NULL;
188 * Initialize a context from an existing context.
191 gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager)
195 m_flags = manager->m_flags;
197 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
198 gss_eap_attr_provider *provider;
200 if (!providerEnabled(i)) {
205 provider = m_providers[i];
207 ret = provider->initFromExistingContext(this,
208 manager->m_providers[i]);
219 * Initialize a context from a GSS credential and context.
222 gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred,
223 const gss_ctx_id_t ctx)
227 if (cred != GSS_C_NO_CREDENTIAL &&
228 (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) {
229 m_flags |= ATTR_FLAG_DISABLE_LOCAL;
232 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
233 gss_eap_attr_provider *provider;
235 if (!providerEnabled(i)) {
240 provider = m_providers[i];
242 ret = provider->initFromGssContext(this, cred, ctx);
253 * Initialize a context from an exported context or name token
256 gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
259 gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
260 gss_buffer_desc primaryBuf;
262 if (buffer->length < 4)
265 m_flags = load_uint32_be(buffer->value);
267 primaryBuf.length = buffer->length - 4;
268 primaryBuf.value = (char *)buffer->value + 4;
270 ret = primaryProvider->initFromBuffer(this, &primaryBuf);
274 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
275 gss_eap_attr_provider *provider;
277 if (!providerEnabled(i)) {
282 provider = m_providers[i];
283 if (provider == primaryProvider)
286 ret = provider->initFromGssContext(this,
298 gss_eap_attr_ctx::~gss_eap_attr_ctx(void)
300 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++)
301 delete m_providers[i];
305 * Locate provider for a given type
307 gss_eap_attr_provider *
308 gss_eap_attr_ctx::getProvider(unsigned int type) const
310 assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX);
311 return m_providers[type];
315 * Locate provider for a given prefix
317 gss_eap_attr_provider *
318 gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const
322 type = attributePrefixToType(prefix);
324 return m_providers[type];
328 * Get primary provider. Only the primary provider is serialised when
329 * gss_export_sec_context() or gss_export_name_composite() is called.
331 gss_eap_attr_provider *
332 gss_eap_attr_ctx::getPrimaryProvider(void) const
334 return m_providers[ATTR_TYPE_MIN];
341 gss_eap_attr_ctx::setAttribute(int complete,
342 const gss_buffer_t attr,
343 const gss_buffer_t value)
345 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
347 gss_eap_attr_provider *provider;
349 decomposeAttributeName(attr, &type, &suffix);
351 provider = m_providers[type];
352 if (provider != NULL) {
353 provider->setAttribute(complete,
354 (type == ATTR_TYPE_LOCAL) ? attr : &suffix,
357 /* XXX TODO throw exception */
362 * Delete an attrbiute
365 gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr)
367 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
369 gss_eap_attr_provider *provider;
371 decomposeAttributeName(attr, &type, &suffix);
373 provider = m_providers[type];
374 if (provider != NULL)
375 provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix);
379 * Enumerate attribute types with callback
382 gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const
387 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
388 gss_eap_attr_provider *provider = m_providers[i];
390 if (provider == NULL)
393 ret = provider->getAttributeTypes(cb, data);
401 struct eap_gss_get_attr_types_args {
403 gss_buffer_set_t attrs;
407 addAttribute(const gss_eap_attr_provider *provider,
408 const gss_buffer_t attribute,
411 eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data;
412 gss_buffer_desc qualified;
413 OM_uint32 major, minor;
415 if (args->type != ATTR_TYPE_LOCAL) {
416 gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified);
417 major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs);
418 gss_release_buffer(&minor, &qualified);
420 major = gss_add_buffer_set_member(&minor, attribute, &args->attrs);
423 return GSS_ERROR(major) == false;
427 * Enumerate attribute types, output is buffer set
430 gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs)
432 eap_gss_get_attr_types_args args;
433 OM_uint32 major, minor;
437 major = gss_create_empty_buffer_set(&minor, attrs);
438 if (GSS_ERROR(major)) {
439 throw new std::bad_alloc;
445 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
446 gss_eap_attr_provider *provider = m_providers[i];
450 if (provider == NULL)
453 ret = provider->getAttributeTypes(addAttribute, (void *)&args);
459 gss_release_buffer_set(&minor, attrs);
465 * Get attribute with given name
468 gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr,
472 gss_buffer_t display_value,
475 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
477 gss_eap_attr_provider *provider;
480 decomposeAttributeName(attr, &type, &suffix);
482 provider = m_providers[type];
483 if (provider == NULL)
486 ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix,
487 authenticated, complete,
488 value, display_value, more);
494 * Map attribute context to C++ object
497 gss_eap_attr_ctx::mapToAny(int authenticated,
498 gss_buffer_t type_id) const
501 gss_eap_attr_provider *provider;
502 gss_buffer_desc suffix;
504 decomposeAttributeName(type_id, &type, &suffix);
506 provider = m_providers[type];
507 if (provider == NULL)
508 return (gss_any_t)NULL;
510 return provider->mapToAny(authenticated, &suffix);
514 * Release mapped context
517 gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id,
518 gss_any_t input) const
521 gss_eap_attr_provider *provider;
522 gss_buffer_desc suffix;
524 decomposeAttributeName(type_id, &type, &suffix);
526 provider = m_providers[type];
527 if (provider != NULL)
528 provider->releaseAnyNameMapping(&suffix, input);
532 * Export attribute context to buffer
535 gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
537 const gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
542 primaryProvider->exportToBuffer(&tmp);
544 buffer->length = 4 + tmp.length;
545 buffer->value = GSSEAP_MALLOC(buffer->length);
546 if (buffer->value == NULL)
547 throw new std::bad_alloc;
549 p = (unsigned char *)buffer->value;
550 store_uint32_be(m_flags, p);
551 memcpy(p + 4, tmp.value, tmp.length);
553 gss_release_buffer(&tmpMinor, &tmp);
557 * Return soonest expiry time of providers
560 gss_eap_attr_ctx::getExpiryTime(void) const
563 time_t expiryTime = 0;
565 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
566 gss_eap_attr_provider *provider = m_providers[i];
567 time_t providerExpiryTime;
569 if (provider == NULL)
572 providerExpiryTime = provider->getExpiryTime();
573 if (providerExpiryTime == 0)
576 if (expiryTime == 0 || providerExpiryTime < expiryTime)
577 expiryTime = providerExpiryTime;
584 * Map C++ exception to GSS status
587 mapException(OM_uint32 *minor, std::exception &e)
589 OM_uint32 major = GSS_S_FAILURE;
591 /* XXX TODO implement other mappings */
592 if (typeid(e) == typeid(std::bad_alloc))
598 /* rethrow for now for debugging */
606 * Decompose attribute name into prefix and suffix
609 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
616 for (i = 0; i < attribute->length; i++) {
617 if (((char *)attribute->value)[i] == ' ') {
618 p = (char *)attribute->value + i + 1;
623 prefix->value = attribute->value;
626 if (p != NULL && *p != '\0') {
627 suffix->length = attribute->length - 1 - prefix->length;
631 suffix->value = NULL;
636 * Decompose attribute name into type and suffix
639 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
643 gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER;
645 decomposeAttributeName(attribute, &prefix, suffix);
646 *type = attributePrefixToType(&prefix);
650 * Compose attribute name from prefix, suffix; returns C++ string
653 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
654 const gss_buffer_t suffix)
658 if (prefix == GSS_C_NO_BUFFER || prefix->length == 0)
661 str.append((const char *)prefix->value, prefix->length);
663 if (suffix != GSS_C_NO_BUFFER) {
665 str.append((const char *)suffix->value, suffix->length);
672 * Compose attribute name from type, suffix; returns C++ string
675 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
676 const gss_buffer_t suffix)
678 const gss_buffer_t prefix = attributeTypeToPrefix(type);
680 return composeAttributeName(prefix, suffix);
684 * Compose attribute name from prefix, suffix; returns GSS buffer
687 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
688 const gss_buffer_t suffix,
689 gss_buffer_t attribute)
691 std::string str = composeAttributeName(prefix, suffix);
693 if (str.length() != 0) {
694 return duplicateBuffer(str, attribute);
696 attribute->length = 0;
697 attribute->value = NULL;
702 * Compose attribute name from type, suffix; returns GSS buffer
705 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
706 const gss_buffer_t suffix,
707 gss_buffer_t attribute)
709 gss_buffer_t prefix = attributeTypeToPrefix(type);
711 return composeAttributeName(prefix, suffix, attribute);
718 gssEapInquireName(OM_uint32 *minor,
722 gss_buffer_set_t *attrs)
724 if (name->attrCtx == NULL)
725 return GSS_S_UNAVAILABLE;
727 gssEapAttrProvidersInit();
730 if (!name->attrCtx->getAttributeTypes(attrs))
731 return GSS_S_UNAVAILABLE;
732 } catch (std::exception &e) {
733 return mapException(minor, e);
736 return GSS_S_COMPLETE;
740 gssEapGetNameAttribute(OM_uint32 *minor,
746 gss_buffer_t display_value,
757 if (display_value != NULL) {
758 display_value->length = 0;
759 display_value->value = NULL;
762 if (name->attrCtx == NULL)
763 return GSS_S_UNAVAILABLE;
765 gssEapAttrProvidersInit();
768 if (!name->attrCtx->getAttribute(attr, authenticated, complete,
769 value, display_value, more))
770 return GSS_S_UNAVAILABLE;
771 } catch (std::exception &e) {
772 return mapException(minor, e);
775 return GSS_S_COMPLETE;
779 gssEapDeleteNameAttribute(OM_uint32 *minor,
783 if (name->attrCtx == NULL)
784 return GSS_S_UNAVAILABLE;
786 gssEapAttrProvidersInit();
789 name->attrCtx->deleteAttribute(attr);
790 } catch (std::exception &ex) {
791 return mapException(minor, ex);
794 return GSS_S_COMPLETE;
798 gssEapSetNameAttribute(OM_uint32 *minor,
804 if (name->attrCtx == NULL)
805 return GSS_S_UNAVAILABLE;
807 gssEapAttrProvidersInit();
810 name->attrCtx->setAttribute(complete, attr, value);
811 } catch (std::exception &ex) {
812 return mapException(minor, ex);
815 return GSS_S_COMPLETE;
819 gssEapExportAttrContext(OM_uint32 *minor,
823 if (name->attrCtx == NULL) {
825 buffer->value = NULL;
827 return GSS_S_COMPLETE;
830 gssEapAttrProvidersInit();
833 name->attrCtx->exportToBuffer(buffer);
834 } catch (std::exception &e) {
835 return mapException(minor, e);
838 return GSS_S_COMPLETE;
842 gssEapImportAttrContext(OM_uint32 *minor,
846 gss_eap_attr_ctx *ctx = NULL;
848 assert(name->attrCtx == NULL);
850 gssEapAttrProvidersInit();
852 if (buffer->length != 0) {
854 ctx = new gss_eap_attr_ctx();
856 if (!ctx->initFromBuffer(buffer)) {
858 return GSS_S_DEFECTIVE_TOKEN;
861 } catch (std::exception &e) {
863 return mapException(minor, e);
867 return GSS_S_COMPLETE;
871 gssEapDuplicateAttrContext(OM_uint32 *minor,
875 gss_eap_attr_ctx *ctx = NULL;
877 assert(out->attrCtx == NULL);
879 gssEapAttrProvidersInit();
882 if (in->attrCtx != NULL) {
883 ctx = new gss_eap_attr_ctx();
884 if (!ctx->initFromExistingContext(in->attrCtx)) {
886 return GSS_S_FAILURE;
890 } catch (std::exception &e) {
892 return mapException(minor, e);
895 return GSS_S_COMPLETE;
899 gssEapMapNameToAny(OM_uint32 *minor,
902 gss_buffer_t type_id,
905 if (name->attrCtx == NULL)
906 return GSS_S_UNAVAILABLE;
908 gssEapAttrProvidersInit();
911 *output = name->attrCtx->mapToAny(authenticated, type_id);
912 } catch (std::exception &e) {
913 return mapException(minor, e);
916 return GSS_S_COMPLETE;
920 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
922 gss_buffer_t type_id,
925 if (name->attrCtx == NULL)
926 return GSS_S_UNAVAILABLE;
928 gssEapAttrProvidersInit();
932 name->attrCtx->releaseAnyNameMapping(type_id, *input);
934 } catch (std::exception &e) {
935 return mapException(minor, e);
938 return GSS_S_COMPLETE;
942 gssEapReleaseAttrContext(OM_uint32 *minor,
945 if (name->attrCtx != NULL)
946 delete name->attrCtx;
948 return GSS_S_COMPLETE;
952 * Public accessor for initialisng a context from a GSS context. Also
953 * sets expiry time on GSS context as a side-effect.
955 struct gss_eap_attr_ctx *
956 gssEapCreateAttrContext(gss_cred_id_t gssCred,
959 gss_eap_attr_ctx *ctx;
961 assert(gssCtx != GSS_C_NO_CONTEXT);
963 gssEapAttrProvidersInit();
965 ctx = new gss_eap_attr_ctx();
966 if (!ctx->initFromGssContext(gssCred, gssCtx)) {
971 gssCtx->expiryTime = ctx->getExpiryTime();