* Local attribute provider implementation.
*/
+#include "gssapiP_eap.h"
+
#include <xmltooling/XMLObject.h>
+#ifndef HAVE_OPENSAML
+#include <xmltooling/XMLToolingConfig.h>
+#include <xmltooling/util/ParserPool.h>
+#endif
#include <saml/saml2/core/Assertions.h>
#include <shibsp/exceptions.h>
#include <shibsp/attribute/SimpleAttribute.h>
+#include <shibsp/attribute/BinaryAttribute.h>
+#include <shibsp/attribute/ScopedAttribute.h>
#include <shibresolver/resolver.h>
#include <sstream>
-#include "gssapiP_eap.h"
-
using namespace shibsp;
using namespace shibresolver;
-using namespace opensaml::saml2md;
-using namespace opensaml;
using namespace xmltooling;
using namespace std;
+#ifdef HAVE_OPENSAML
+using namespace opensaml::saml2md;
+using namespace opensaml;
+#else
+using namespace xercesc;
+#endif
gss_eap_shib_attr_provider::gss_eap_shib_attr_provider(void)
{
gss_release_buffer(&minor, &mechName);
}
+#ifdef HAVE_OPENSAML
const gss_eap_saml_assertion_provider *saml;
saml = static_cast<const gss_eap_saml_assertion_provider *>
(m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION));
if (saml != NULL && saml->getAssertion() != NULL) {
resolver->addToken(saml->getAssertion());
}
+#else
+ /* If no OpenSAML, parse the XML assertion explicitly */
+ const gss_eap_radius_attr_provider *radius;
+ int authenticated, complete;
+ gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
+
+ radius = static_cast<const gss_eap_radius_attr_provider *>
+ (m_manager->getProvider(ATTR_TYPE_RADIUS));
+ if (radius != NULL &&
+ radius->getFragmentedAttribute(PW_SAML_AAA_ASSERTION,
+ VENDORPEC_UKERNA,
+ &authenticated, &complete, &value)) {
+ string str((char *)value.value, value.length);
+ istringstream istream(str);
+ DOMDocument *doc = XMLToolingConfig::getConfig().getParser().parse(istream);
+ const XMLObjectBuilder *b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
+ resolver->addToken(b->buildFromDocument(doc));
+ gss_release_buffer(&minor, &value);
+ }
+#endif /* HAVE_OPENSAML */
try {
resolver->resolve();
{
string attrStr((char *)attr->value, attr->length);
vector <string> ids(1, attrStr);
- SimpleAttribute *a = new SimpleAttribute(ids);
+ BinaryAttribute *a = new BinaryAttribute(ids);
assert(m_initialized);
int *more) const
{
const Attribute *shibAttr = NULL;
- gss_buffer_desc buf;
+ const BinaryAttribute *binaryAttr;
+ gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc displayValueBuf = GSS_C_EMPTY_BUFFER;
int nvalues, i = *more;
assert(m_initialized);
if (i >= nvalues)
return false;
- buf.value = (void *)shibAttr->getSerializedValues()[*more].c_str();
- buf.length = strlen((char *)buf.value);
+ binaryAttr = dynamic_cast<const BinaryAttribute *>(shibAttr);
+ if (binaryAttr != NULL) {
+ std::string str = binaryAttr->getValues()[*more];
+
+ valueBuf.value = (void *)str.data();
+ valueBuf.length = str.size();
+ } else {
+ std::string str = shibAttr->getSerializedValues()[*more];
- if (buf.length != 0) {
- if (value != NULL)
- duplicateBuffer(buf, value);
+ valueBuf.value = (void *)str.c_str();
+ valueBuf.length = str.length();
- if (display_value != NULL)
- duplicateBuffer(buf, display_value);
+ const SimpleAttribute *simpleAttr =
+ dynamic_cast<const SimpleAttribute *>(shibAttr);
+ const ScopedAttribute *scopedAttr =
+ dynamic_cast<const ScopedAttribute *>(shibAttr);
+ if (simpleAttr != NULL || scopedAttr != NULL)
+ displayValueBuf = valueBuf;
}
if (authenticated != NULL)
*authenticated = m_authenticated;
if (complete != NULL)
- *complete = false;
-
+ *complete = true;
+ if (value != NULL)
+ duplicateBuffer(valueBuf, value);
+ if (display_value != NULL)
+ duplicateBuffer(displayValueBuf, display_value);
if (nvalues > ++i)
*more = i;
bool
gss_eap_shib_attr_provider::init(void)
{
- if (SPConfig::getConfig().getFeatures() == 0 &&
- ShibbolethResolver::init() == false)
- return false;
+ bool ret = false;
+
+ try {
+ ret = ShibbolethResolver::init();
+ } catch (exception &e) {
+ }
- gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext);
+ if (ret)
+ gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext);
- return true;
+ return ret;
}
void