/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * Attribute provider interface.
+ */
+
#ifndef _UTIL_ATTR_H_
#define _UTIL_ATTR_H_ 1
-#define ATTR_TYPE_RADIUS 0U
-#define ATTR_TYPE_SAML_ASSERTION 1U
-#define ATTR_TYPE_SAML 2U
-#define ATTR_TYPE_LOCAL 3U
-#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
-#define ATTR_TYPE_MAX (ATTR_TYPE_LOCAL + 1U)
-
#ifdef __cplusplus
#include <string>
+#include <new>
struct gss_eap_attr_provider;
struct gss_eap_attr_ctx;
const gss_buffer_t attribute,
void *data);
+#define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */
+#define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */
+#define ATTR_TYPE_SAML 2U /* SAML attributes */
+#define ATTR_TYPE_LOCAL 3U /* Local attributes */
+#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
+#define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
+
+#define ATTR_FLAG_DISABLE_LOCAL 0x00000001
+
+/*
+ * Attribute provider: this represents a source of attributes derived
+ * from the security context.
+ */
struct gss_eap_attr_provider
{
public:
return false;
}
- virtual void setAttribute(int complete,
+ virtual bool setAttribute(int complete,
const gss_buffer_t attr,
- const gss_buffer_t value) {}
- virtual void deleteAttribute(const gss_buffer_t value) {}
+ const gss_buffer_t value) { return false; }
+ virtual bool deleteAttribute(const gss_buffer_t value) { return false; }
virtual bool getAttribute(const gss_buffer_t attr,
int *authenticated,
int *complete,
return initWithManager(manager);
}
- static bool init() { return true; }
- static void finalize() {}
+ virtual time_t getExpiryTime(void) const { return 0; }
+
+ virtual OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const
+ { return GSS_S_CONTINUE_NEEDED; }
+
+ static bool init(void) { return true; }
+ static void finalize(void) {}
static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
+/*
+ * Attribute context: this manages a set of providers for a given
+ * security context.
+ */
struct gss_eap_attr_ctx
{
public:
bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
bool getAttributeTypes(gss_buffer_set_t *attrs);
- void setAttribute(int complete,
+ bool setAttribute(int complete,
const gss_buffer_t attr,
const gss_buffer_t value);
- void deleteAttribute(const gss_buffer_t value);
+ bool deleteAttribute(const gss_buffer_t value);
bool getAttribute(const gss_buffer_t attr,
int *authenticated,
int *complete,
static void
unregisterProvider(unsigned int type);
+ time_t getExpiryTime(void) const;
+ OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
+
private:
+ bool providerEnabled(unsigned int type) const;
+ void releaseProvider(unsigned int type);
+
+ gss_eap_attr_provider *getPrimaryProvider(void) const;
+
/* make non-copyable */
gss_eap_attr_ctx(const gss_eap_attr_ctx&);
gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
- gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX];
+ uint32_t m_flags;
+ gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
};
+#endif /* __cplusplus */
+
#include "util_radius.h"
#include "util_saml.h"
#include "util_shib.h"
-#include <string>
-#include <new>
+#ifdef __cplusplus
static inline void
duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
extern "C" {
#endif
-struct gss_eap_attr_ctx *
-gssEapCreateAttrContext(gss_cred_id_t acceptorCred,
- gss_ctx_id_t acceptorCtx);
+/*
+ * C wrappers for attribute context functions. These match their
+ * GSS naming extension equivalents. The caller is required to
+ * obtain the name mutex.
+ */
+
+OM_uint32
+gssEapCreateAttrContext(OM_uint32 *minor,
+ gss_cred_id_t acceptorCred,
+ gss_ctx_id_t acceptorCtx,
+ struct gss_eap_attr_ctx **pAttrCtx,
+ time_t *pExpiryTime);
OM_uint32
gssEapInquireName(OM_uint32 *minor,
gss_name_t name);
OM_uint32
-gssEapAttrProvidersInit(OM_uint32 *minor);
-
-OM_uint32
gssEapAttrProvidersFinalize(OM_uint32 *minor);
#ifdef __cplusplus