X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_attr.cpp;h=48c4291444993fcea3dd8146027e8a8b26ff766b;hb=refs%2Fheads%2Fddf-name;hp=57af9cd8fb8c21892660737cf751219782e86f8e;hpb=852f7c96e5a37da077f66116d9884df3d3bd9542;p=moonshot.git diff --git a/mech_eap/util_attr.cpp b/mech_eap/util_attr.cpp index 57af9cd..48c4291 100644 --- a/mech_eap/util_attr.cpp +++ b/mech_eap/util_attr.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,10 +30,15 @@ * SUCH DAMAGE. */ +/* + * Attribute provider mechanism. + */ + #include "gssapiP_eap.h" #include #include +#include #include #include @@ -261,49 +266,132 @@ gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred, return ret; } -/* - * Initialize a context from an exported context or name token - */ +static DDF +findSourceForProvider(DDF &sources, const char *key) +{ + DDF source = sources.first(); + + while (!source.isnull()) { + DDF obj = source.getmember(key); + + if (strcmp(key, source.name()) == 0) + break; + + source = sources.next(); + } + + return source; +} + bool -gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +gss_eap_attr_ctx::unmarshallAndInit(DDF &obj) { - bool ret; - gss_eap_attr_provider *primaryProvider = getPrimaryProvider(); - gss_buffer_desc primaryBuf; + bool ret = false; + bool foundSource[ATTR_TYPE_MAX + 1]; + unsigned int type; - if (buffer->length < 4) - return false; + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) + foundSource[type] = false; - m_flags = load_uint32_be(buffer->value); + if (obj["version"].integer() != 1) + return false; - primaryBuf.length = buffer->length - 4; - primaryBuf.value = (char *)buffer->value + 4; + m_flags = obj["flags"].integer(); - ret = primaryProvider->initFromBuffer(this, &primaryBuf); - if (ret == false) - return ret; + DDF sources = obj["sources"]; - for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider; + /* Initialize providers from serialized state */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + if (!providerEnabled(type)) { + releaseProvider(type); + continue; + } - if (!providerEnabled(i)) { - releaseProvider(i); + gss_eap_attr_provider *provider = m_providers[type]; + const char *key = provider->marshallingKey(); + if (key == NULL) continue; + + DDF source = findSourceForProvider(sources, key); + if (source.isnull() || + !provider->unmarshallAndInit(this, source)) { + releaseProvider(type); + return false; } - provider = m_providers[i]; - if (provider == primaryProvider) + foundSource[type] = true; + } + + /* Initialize remaining providers from initialized providers */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + gss_eap_attr_provider *provider; + + if (foundSource[type] || !providerEnabled(type)) continue; + provider = m_providers[type]; + ret = provider->initFromGssContext(this, GSS_C_NO_CREDENTIAL, GSS_C_NO_CONTEXT); if (ret == false) { - releaseProvider(i); - break; + releaseProvider(type); + return false; } } + return true; +} + +DDF +gss_eap_attr_ctx::marshall(void) const +{ + DDF obj(NULL); + unsigned int i; + + obj.addmember("version").integer(1); + obj.addmember("flags").integer(m_flags); + + DDF sources = obj.addmember("sources").list(); + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; + + if (provider == NULL) + continue; /* provider not initialised */ + + const char *key = provider->marshallingKey(); + if (key == NULL) + continue; /* provider does not have state */ + + DDF source = provider->marshall(); + sources.add(source.name(key)); + } + + return obj; +} + +/* + * Initialize a context from an exported context or name token + */ +bool +gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +{ + bool ret; + + if (buffer->length == 0) + return false; + + DDF obj(NULL); + std::string str((const char *)buffer->value, buffer->length); + std::istringstream source(str); + + source >> obj; + + ret = unmarshallAndInit(obj); + + obj.destroy(); + return ret; } @@ -349,7 +437,7 @@ gss_eap_attr_ctx::getPrimaryProvider(void) const /* * Set an attribute */ -void +bool gss_eap_attr_ctx::setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value) @@ -357,34 +445,39 @@ gss_eap_attr_ctx::setAttribute(int complete, gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { - provider->setAttribute(complete, - (type == ATTR_TYPE_LOCAL) ? attr : &suffix, - value); - } else { - /* XXX TODO throw exception */ + ret = provider->setAttribute(complete, + (type == ATTR_TYPE_LOCAL) ? attr : &suffix, + value); } + + return ret; } /* * Delete an attrbiute */ -void +bool gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; - if (provider != NULL) - provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); + if (provider != NULL) { + ret = provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); + } + + return ret; } /* @@ -416,7 +509,7 @@ struct eap_gss_get_attr_types_args { }; static bool -addAttribute(const gss_eap_attr_provider *provider, +addAttribute(const gss_eap_attr_provider *provider GSSEAP_UNUSED, const gss_buffer_t attribute, void *data) { @@ -546,23 +639,15 @@ gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id, void gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const { - const gss_eap_attr_provider *primaryProvider = getPrimaryProvider(); - gss_buffer_desc tmp; - unsigned char *p; - OM_uint32 tmpMinor; + DDF obj = marshall(); + std::ostringstream sink; - primaryProvider->exportToBuffer(&tmp); + sink << obj; + std::string str = sink.str(); - buffer->length = 4 + tmp.length; - buffer->value = GSSEAP_MALLOC(buffer->length); - if (buffer->value == NULL) - throw new std::bad_alloc; - - p = (unsigned char *)buffer->value; - store_uint32_be(m_flags, p); - memcpy(p + 4, tmp.value, tmp.length); + duplicateBuffer(str, buffer); - gss_release_buffer(&tmpMinor, &tmp); + obj.destroy(); } /* @@ -592,25 +677,47 @@ gss_eap_attr_ctx::getExpiryTime(void) const return expiryTime; } -/* - * Map C++ exception to GSS status - */ -static OM_uint32 -mapException(OM_uint32 *minor, std::exception &e) +OM_uint32 +gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const { - OM_uint32 major = GSS_S_FAILURE; + unsigned int i; + OM_uint32 major; + + /* Errors we handle ourselves */ + major = GSS_S_FAILURE; - /* XXX TODO implement other mappings */ - if (typeid(e) == typeid(std::bad_alloc)) + if (typeid(e) == typeid(std::bad_alloc)) { *minor = ENOMEM; - else - *minor = 0; + goto cleanup; + } -#ifdef GSSEAP_DEBUG + /* Errors we delegate to providers */ + major = GSS_S_CONTINUE_NEEDED; + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; + + if (provider == NULL) + continue; + + major = provider->mapException(minor, e); + if (major != GSS_S_CONTINUE_NEEDED) + break; + } + + if (major == GSS_S_CONTINUE_NEEDED) { + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; + } + +cleanup: +#if 0 /* rethrow for now for debugging */ throw e; #endif + assert(GSS_ERROR(major)); + return major; } @@ -733,6 +840,18 @@ gssEapInquireName(OM_uint32 *minor, gss_OID *MN_mech, gss_buffer_set_t *attrs) { + OM_uint32 major; + + if (name_is_MN != NULL) + *name_is_MN = (name->mechanismUsed != GSS_C_NULL_OID); + + if (MN_mech != NULL) { + major = gssEapCanonicalizeOid(minor, name->mechanismUsed, + OID_FLAG_NULL_VALID, MN_mech); + if (GSS_ERROR(major)) + return major; + } + if (name->attrCtx == NULL) { *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; @@ -748,7 +867,7 @@ gssEapInquireName(OM_uint32 *minor, return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -795,7 +914,7 @@ gssEapGetNameAttribute(OM_uint32 *minor, return GSS_S_UNAVAILABLE; } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -815,9 +934,14 @@ gssEapDeleteNameAttribute(OM_uint32 *minor, return GSS_S_UNAVAILABLE; try { - name->attrCtx->deleteAttribute(attr); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->deleteAttribute(attr)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -839,9 +963,14 @@ gssEapSetNameAttribute(OM_uint32 *minor, return GSS_S_UNAVAILABLE; try { - name->attrCtx->setAttribute(complete, attr, value); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->setAttribute(complete, attr, value)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -865,7 +994,7 @@ gssEapExportAttrContext(OM_uint32 *minor, try { name->attrCtx->exportToBuffer(buffer); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -895,7 +1024,7 @@ gssEapImportAttrContext(OM_uint32 *minor, name->attrCtx = ctx; } catch (std::exception &e) { delete ctx; - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } } @@ -926,7 +1055,7 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, } } catch (std::exception &e) { delete ctx; - return mapException(minor, e); + return in->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -950,7 +1079,7 @@ gssEapMapNameToAny(OM_uint32 *minor, try { *output = name->attrCtx->mapToAny(authenticated, type_id); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -975,7 +1104,7 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, name->attrCtx->releaseAnyNameMapping(type_id, *input); *input = NULL; } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -988,6 +1117,7 @@ gssEapReleaseAttrContext(OM_uint32 *minor, if (name->attrCtx != NULL) delete name->attrCtx; + *minor = 0; return GSS_S_COMPLETE; } @@ -995,25 +1125,42 @@ gssEapReleaseAttrContext(OM_uint32 *minor, * Public accessor for initialisng a context from a GSS context. Also * sets expiry time on GSS context as a side-effect. */ -struct gss_eap_attr_ctx * -gssEapCreateAttrContext(gss_cred_id_t gssCred, - gss_ctx_id_t gssCtx) +OM_uint32 +gssEapCreateAttrContext(OM_uint32 *minor, + gss_cred_id_t gssCred, + gss_ctx_id_t gssCtx, + struct gss_eap_attr_ctx **pAttrContext, + time_t *pExpiryTime) { - gss_eap_attr_ctx *ctx; - OM_uint32 tmpMinor; + gss_eap_attr_ctx *ctx = NULL; + OM_uint32 major; assert(gssCtx != GSS_C_NO_CONTEXT); - if (GSS_ERROR(gssEapAttrProvidersInit(&tmpMinor))) - return NULL; + major = gssEapAttrProvidersInit(minor); + if (GSS_ERROR(major)) + return major; - ctx = new gss_eap_attr_ctx(); - if (!ctx->initFromGssContext(gssCred, gssCtx)) { - delete ctx; - return NULL; + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; + + try { + ctx = new gss_eap_attr_ctx(); + if (ctx->initFromGssContext(gssCred, gssCtx)) { + *minor = 0; + major = GSS_S_COMPLETE; + } else { + delete ctx; + } + } catch (std::exception &e) { + if (ctx != NULL) + major = ctx->mapException(minor, e); } - gssCtx->expiryTime = ctx->getExpiryTime(); + if (major == GSS_S_COMPLETE) { + *pAttrContext = ctx; + *pExpiryTime = ctx->getExpiryTime(); + } - return ctx; + return major; }