X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_shib.cpp;h=3d2aa2cd55fc53b9c10a5d7e93060aca085d4ea9;hb=7f40c69dab3cb792b9d01ce600257b5541f65eac;hp=2f6e54d5550fa4cdcd0426bec7bdc64b4e3bf4d4;hpb=e25ba0e8d50d063594a79692aa5020c264e3dc05;p=moonshot.git diff --git a/mech_eap/util_shib.cpp b/mech_eap/util_shib.cpp index 2f6e54d..3d2aa2c 100644 --- a/mech_eap/util_shib.cpp +++ b/mech_eap/util_shib.cpp @@ -83,12 +83,12 @@ gss_eap_shib_attr_provider::~gss_eap_shib_attr_provider(void) } bool -gss_eap_shib_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager, +gss_eap_shib_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx) { const gss_eap_shib_attr_provider *shib; - if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx)) { + if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx)) { return false; } @@ -106,23 +106,13 @@ gss_eap_shib_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *mana } bool -gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, +gss_eap_shib_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { - const gss_eap_saml_assertion_provider *saml; - gss_buffer_desc exportedCtx = GSS_C_EMPTY_BUFFER; - OM_uint32 major, minor; - -#if 0 - gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; -#endif - if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx)) + if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx)) return false; - saml = static_cast - (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); - auto_ptr resolver(ShibbolethResolver::create()); /* @@ -132,6 +122,7 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, * acceptor. */ #if 0 + gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; if (gssCred != GSS_C_NO_CREDENTIAL && gssEapDisplayName(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE) { resolver->setApplicationID((const char *)nameBuf.value); @@ -139,15 +130,22 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, } #endif - major = gssEapExportSecContext(&minor, gssCtx, &exportedCtx); + gss_buffer_desc mechName = GSS_C_EMPTY_BUFFER; + OM_uint32 major, minor; + + major = gssEapExportNameInternal(&minor, gssCtx->initiatorName, &mechName, + EXPORT_NAME_FLAG_OID | + EXPORT_NAME_FLAG_COMPOSITE); if (major == GSS_S_COMPLETE) { - resolver->addToken(&exportedCtx); - gss_release_buffer(&minor, &exportedCtx); + resolver->addToken(&mechName); + gss_release_buffer(&minor, &mechName); } + const gss_eap_saml_assertion_provider *saml; + saml = static_cast + (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); if (saml != NULL && saml->getAssertion() != NULL) { resolver->addToken(saml->getAssertion()); - m_authenticated = saml->authenticated(); } try { @@ -155,11 +153,10 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, m_attributes = resolver->getResolvedAttributes(); resolver->getResolvedAttributes().clear(); } catch (exception &e) { -#if 0 - fprintf(stderr, "%s", e.what()); -#endif + return false; } + m_authenticated = true; m_initialized = true; return true; @@ -301,7 +298,7 @@ gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr, if (i == -1) i = 0; - else if (i >= nvalues) + if (i >= nvalues) return false; buf.value = (void *)shibAttr->getSerializedValues()[*more].c_str(); @@ -374,16 +371,16 @@ gss_eap_shib_attr_provider::jsonRepresentation(void) const if (m_initialized == false) return obj; /* don't export incomplete context */ - JSONObject attrs = JSONObject::array(); + JSONObject jattrs = JSONObject::array(); for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); ++a) { DDF attr = (*a)->marshall(); - JSONObject jobj(attr); - attrs.append(jobj); + JSONObject jattr = JSONObject::ddf(attr); + jattrs.append(jattr); } - obj.set("attributes", attrs); + obj.set("attributes", jattrs); obj.set("authenticated", m_authenticated); @@ -400,11 +397,13 @@ gss_eap_shib_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, assert(m_authenticated == false); assert(m_attributes.size() == 0); - JSONObject attrs = obj["attributes"]; - size_t nelems = attrs.size(); + JSONObject jattrs = obj["attributes"]; + size_t nelems = jattrs.size(); for (size_t i = 0; i < nelems; i++) { - DDF attr = attrs.get(i).ddf(); + JSONObject jattr = jattrs.get(i); + + DDF attr = jattr.ddf(); Attribute *attribute = Attribute::unmarshall(attr); m_attributes.push_back(attribute); } @@ -418,7 +417,8 @@ gss_eap_shib_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, bool gss_eap_shib_attr_provider::init(void) { - if (!ShibbolethResolver::init()) + if (SPConfig::getConfig().getFeatures() == 0 && + ShibbolethResolver::init() == false) return false; gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, createAttrContext); @@ -452,6 +452,8 @@ gss_eap_shib_attr_provider::mapException(OM_uint32 *minor, else return GSS_S_CONTINUE_NEEDED; + gssEapSaveStatusInfo(*minor, "%s", e.what()); + return GSS_S_FAILURE; }