X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_attr.cpp;h=28e63569021762f3ed3165161c5e2f4836ab07c3;hb=e063ba4e45d12dbc1a397653f9e77228835e4a2b;hp=2686f24cebf75793b0b7c568743a2a4e020a7680;hpb=81378d116795fa8a7a56dc8e00c3b2666126682d;p=mech_eap.orig diff --git a/util_attr.cpp b/util_attr.cpp index 2686f24..28e6356 100644 --- a/util_attr.cpp +++ b/util_attr.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,91 +30,416 @@ * SUCH DAMAGE. */ +/* + * Attribute provider mechanism. + */ + #include "gssapiP_eap.h" +#include #include +#include #include +#include #include -static gss_eap_attr_create_cb -gss_eap_attr_factories[ATTR_TYPE_MAX] = { - gss_eap_radius_attr_provider::createAttrContext, - gss_eap_saml_assertion_provider::createAttrContext, - gss_eap_saml_attr_provider::createAttrContext, - gss_eap_shib_attr_provider::createAttrContext -}; +/* lazy initialisation */ +static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER; +static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; + +static void +gssEapAttrProvidersInitInternal(void) +{ + OM_uint32 major, minor; + + assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE); + + major = gssEapRadiusAttrProviderInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapLocalAttrProviderInit(&minor); + +#ifdef GSSEAP_DEBUG + assert(major == GSS_S_COMPLETE); +#endif + + gssEapAttrProvidersInitStatus = major; +} + +static OM_uint32 +gssEapAttrProvidersInit(OM_uint32 *minor) +{ + GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal); + + if (GSS_ERROR(gssEapAttrProvidersInitStatus)) + *minor = GSSEAP_NO_ATTR_PROVIDERS; + + return gssEapAttrProvidersInitStatus; +} + +OM_uint32 +gssEapAttrProvidersFinalize(OM_uint32 *minor) +{ + OM_uint32 major = GSS_S_COMPLETE; + + if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) { + major = gssEapLocalAttrProviderFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapRadiusAttrProviderFinalize(minor); + + gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; + } + + return major; +} + +static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1]; -gss_eap_attr_ctx * -gss_eap_attr_ctx::createAttrContext(gss_cred_id_t gssCred, - gss_ctx_id_t gssCtx) +/* + * Register a provider for a particular type and prefix + */ +void +gss_eap_attr_ctx::registerProvider(unsigned int type, + gss_eap_attr_create_provider factory) { - gss_eap_attr_ctx *ctx; + assert(type <= ATTR_TYPE_MAX); - ctx = new gss_eap_attr_ctx(NULL, gssCred, gssCtx); + assert(gssEapAttrFactories[type] == NULL); - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) { + gssEapAttrFactories[type] = factory; +} + +/* + * Unregister a provider + */ +void +gss_eap_attr_ctx::unregisterProvider(unsigned int type) +{ + assert(type <= ATTR_TYPE_MAX); + + gssEapAttrFactories[type] = NULL; +} + +/* + * Create an attribute context, that manages instances of providers + */ +gss_eap_attr_ctx::gss_eap_attr_ctx(void) +{ + m_flags = 0; + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; - provider = (gss_eap_attr_factories[i])(ctx, gssCred, gssCtx); - if (provider != NULL) - ctx->m_providers[i] = provider; + if (gssEapAttrFactories[i] != NULL) { + provider = (gssEapAttrFactories[i])(); + } else { + provider = NULL; + } + + m_providers[i] = provider; } +} - return ctx; +/* + * Convert an attribute prefix to a type + */ +unsigned int +gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) const +{ + unsigned int i; + + for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) { + const char *pprefix; + + if (!providerEnabled(i)) + continue; + + pprefix = m_providers[i]->prefix(); + if (pprefix == NULL) + continue; + + if (strlen(pprefix) == prefix->length && + memcmp(pprefix, prefix->value, prefix->length) == 0) + return i; + } + + return ATTR_TYPE_LOCAL; } -gss_eap_attr_ctx::~gss_eap_attr_ctx(void) +/* + * Convert a type to an attribute prefix + */ +gss_buffer_desc +gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) const { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) - delete m_providers[i]; + gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; + + if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX) + return prefix; + + if (!providerEnabled(type)) + return prefix; + + prefix.value = (void *)m_providers[type]->prefix(); + if (prefix.value != NULL) + prefix.length = strlen((char *)prefix.value); + + return prefix; } bool -gss_eap_attr_ctx::init(void) +gss_eap_attr_ctx::providerEnabled(unsigned int type) const { - return gss_eap_radius_attr_provider::init() && - gss_eap_saml_assertion_provider::init() && - gss_eap_saml_attr_provider::init() && - gss_eap_shib_attr_provider::init(); + if (type == ATTR_TYPE_LOCAL && + (m_flags & ATTR_FLAG_DISABLE_LOCAL)) + return false; + + if (m_providers[type] == NULL) + return false; + + return true; } void -gss_eap_attr_ctx::finalize(void) +gss_eap_attr_ctx::releaseProvider(unsigned int type) { - gss_eap_shib_attr_provider::finalize(); - gss_eap_saml_attr_provider::finalize(); - gss_eap_saml_assertion_provider::finalize(); - gss_eap_radius_attr_provider::finalize(); + delete m_providers[type]; + m_providers[type] = NULL; } -gss_eap_attr_provider * -gss_eap_attr_ctx::getProvider(unsigned int type) const +/* + * Initialize a context from an existing context. + */ +bool +gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager) { - return m_providers[type]; + bool ret = true; + + m_flags = manager->m_flags; + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider; + + if (!providerEnabled(i)) { + releaseProvider(i); + continue; + } + + provider = m_providers[i]; + + ret = provider->initFromExistingContext(this, + manager->m_providers[i]); + if (ret == false) { + releaseProvider(i); + break; + } + } + + return ret; } -gss_eap_attr_provider * -gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const +/* + * Initialize a context from a GSS credential and context. + */ +bool +gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred, + const gss_ctx_id_t ctx) { - unsigned int type; + bool ret = true; - type = attributePrefixToType(prefix); + if (cred != GSS_C_NO_CREDENTIAL && + (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) { + m_flags |= ATTR_FLAG_DISABLE_LOCAL; + } - return m_providers[type]; + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider; + + if (!providerEnabled(i)) { + releaseProvider(i); + continue; + } + + provider = m_providers[i]; + + ret = provider->initFromGssContext(this, cred, ctx); + if (ret == false) { + releaseProvider(i); + break; + } + } + + return ret; } -gss_eap_attr_ctx::gss_eap_attr_ctx(const gss_eap_attr_ctx &ctx) - : gss_eap_attr_provider(ctx) +bool +gss_eap_attr_ctx::initWithJsonObject(json_t *obj) { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) { - if (ctx.m_providers[i] != NULL) { - m_providers[i] = (gss_eap_attr_factories[i])(&ctx, GSS_C_NO_CREDENTIAL, - GSS_C_NO_CONTEXT); + bool ret = false; + bool foundSource[ATTR_TYPE_MAX + 1]; + unsigned int type; + json_t *sources; + + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) + foundSource[type] = false; + + if (json_integer_value(json_object_get(obj, "version")) != 1) + return false; + + m_flags = json_integer_value(json_object_get(obj, "flags")); + + sources = json_object_get(obj, "sources"); + + /* Initialize providers from serialized state */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + gss_eap_attr_provider *provider; + const char *key; + json_t *source; + + if (!providerEnabled(type)) { + releaseProvider(type); + continue; + } + + provider = m_providers[type]; + key = provider->name(); + if (key == NULL) + continue; + + source = json_object_get(sources, key); + if (source != NULL && + !provider->initWithJsonObject(this, source)) { + releaseProvider(type); + return false; + } + + foundSource[type] = true; + } + + /* Initialize remaining providers from initialized providers */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + gss_eap_attr_provider *provider; + + if (foundSource[type] || !providerEnabled(type)) + continue; + + provider = m_providers[type]; + + ret = provider->initFromGssContext(this, + GSS_C_NO_CREDENTIAL, + GSS_C_NO_CONTEXT); + if (ret == false) { + releaseProvider(type); + return false; } } + + return true; } -void +json_t * +gss_eap_attr_ctx::jsonRepresentation(void) const +{ + json_t *obj, *sources; + unsigned int i; + + obj = json_object(); + if (obj == NULL) { + throw new std::bad_alloc; + } + + /* FIXME check json_object_set_new return value */ + json_object_set_new(obj, "version", json_integer(1)); + json_object_set_new(obj, "flags", json_integer(m_flags)); + + sources = json_object(); + if (sources == NULL) { + json_decref(obj); + throw new std::bad_alloc; + } + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider; + const char *key; + + provider = m_providers[i]; + if (provider == NULL) + continue; /* provider not initialised */ + + key = provider->name(); + if (key == NULL) + continue; /* provider does not have state */ + + json_t *source = provider->jsonRepresentation(); + json_object_set_new(sources, key, source); + } + + json_object_set_new(obj, "sources", sources); + + return obj; +} + +/* + * Initialize a context from an exported context or name token + */ +bool +gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +{ + OM_uint32 major, minor; + bool ret; + char *s; + json_error_t error; + json_t *obj; + + major = bufferToString(&minor, buffer, &s); + if (GSS_ERROR(major)) + return false; + + obj = json_loads(s, 0, &error); + if (obj != NULL) { + ret = initWithJsonObject(obj); + json_decref(obj); + } else + ret = false; + + GSSEAP_FREE(s); + + return ret; +} + +gss_eap_attr_ctx::~gss_eap_attr_ctx(void) +{ + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) + delete m_providers[i]; +} + +/* + * Locate provider for a given type + */ +gss_eap_attr_provider * +gss_eap_attr_ctx::getProvider(unsigned int type) const +{ + assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX); + return m_providers[type]; +} + +/* + * Get primary provider. Only the primary provider is serialised when + * gss_export_sec_context() or gss_export_name_composite() is called. + */ +gss_eap_attr_provider * +gss_eap_attr_ctx::getPrimaryProvider(void) const +{ + return m_providers[ATTR_TYPE_MIN]; +} + +/* + * Set an attribute + */ +bool gss_eap_attr_ctx::setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value) @@ -122,43 +447,53 @@ gss_eap_attr_ctx::setAttribute(int complete, gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { - provider->setAttribute(complete, - (type == ATTR_TYPE_LOCAL) ? attr : &suffix, - value); - + ret = provider->setAttribute(complete, + (type == ATTR_TYPE_LOCAL) ? attr : &suffix, + value); } + + return ret; } -void +/* + * Delete an attrbiute + */ +bool gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { - provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); + ret = provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); } + + return ret; } +/* + * Enumerate attribute types with callback + */ bool gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const { bool ret = false; size_t i; - for (i = 0; i < ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider; + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; - provider = m_providers[i]; if (provider == NULL) continue; @@ -176,26 +511,29 @@ struct eap_gss_get_attr_types_args { }; static bool -addAttribute(const gss_eap_attr_provider *provider, +addAttribute(const gss_eap_attr_ctx *manager, + const gss_eap_attr_provider *provider GSSEAP_UNUSED, const gss_buffer_t attribute, void *data) { eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data; - gss_buffer_t prefix = GSS_C_NO_BUFFER; gss_buffer_desc qualified; OM_uint32 major, minor; if (args->type != ATTR_TYPE_LOCAL) { - gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified); + manager->composeAttributeName(args->type, attribute, &qualified); major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs); gss_release_buffer(&minor, &qualified); } else { - major = gss_add_buffer_set_member(&minor, prefix, &args->attrs); + major = gss_add_buffer_set_member(&minor, attribute, &args->attrs); } - return GSS_ERROR(major) ? false : true; + return GSS_ERROR(major) == false; } +/* + * Enumerate attribute types, output is buffer set + */ bool gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) { @@ -205,19 +543,16 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) unsigned int i; major = gss_create_empty_buffer_set(&minor, attrs); - if (GSS_ERROR(major)) { + if (GSS_ERROR(major)) throw new std::bad_alloc; - return false; - } args.attrs = *attrs; - for (i = 0; i < ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider; + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; args.type = i; - provider = m_providers[i]; if (provider == NULL) continue; @@ -226,13 +561,15 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) break; } - if (ret == false) { + if (ret == false) gss_release_buffer_set(&minor, attrs); - } return ret; } +/* + * Get attribute with given name + */ bool gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, int *authenticated, @@ -249,10 +586,8 @@ gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; - if (provider == NULL) { - *more = 0; + if (provider == NULL) return false; - } ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix, authenticated, complete, @@ -261,78 +596,153 @@ gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, return ret; } +/* + * Map attribute context to C++ object + */ gss_any_t gss_eap_attr_ctx::mapToAny(int authenticated, gss_buffer_t type_id) const { - return NULL; + unsigned int type; + gss_eap_attr_provider *provider; + gss_buffer_desc suffix; + + decomposeAttributeName(type_id, &type, &suffix); + + provider = m_providers[type]; + if (provider == NULL) + return (gss_any_t)NULL; + + return provider->mapToAny(authenticated, &suffix); } +/* + * Release mapped context + */ void gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const { + unsigned int type; + gss_eap_attr_provider *provider; + gss_buffer_desc suffix; + + decomposeAttributeName(type_id, &type, &suffix); + + provider = m_providers[type]; + if (provider != NULL) + provider->releaseAnyNameMapping(&suffix, input); } +/* + * Export attribute context to buffer + */ void -gss_eap_attr_ctx::marshall(gss_buffer_t buffer) const +gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const { + OM_uint32 minor; + json_t *obj; + char *s; + + obj = jsonRepresentation(); + if (obj == NULL) { + std::string error("gss_eap_attr_ctx::exportToBuffer::jsonRepresentation"); + throw new std::runtime_error(error); /* XXX */ + } + +#if 0 + json_dumpf(obj, stdout, JSON_INDENT(3)); +#endif + + s = json_dumps(obj, JSON_COMPACT); + if (s == NULL) { + json_decref(obj); + std::string error("gss_eap_attr_ctx::exportToBuffer: json_dumps"); + throw new std::runtime_error(error); /* XXX */ + } + + if (GSS_ERROR(makeStringBuffer(&minor, s, buffer))) { + json_decref(obj); + throw new std::bad_alloc; + } + + json_decref(obj); } /* - * C wrappers + * Return soonest expiry time of providers */ - -static OM_uint32 -mapException(OM_uint32 *minor, std::exception &e) -{ - *minor = 0; - return GSS_S_FAILURE; -} - -static gss_buffer_desc attributePrefixes[] = { - { - /* ATTR_TYPE_RADIUS_AVP */ - sizeof("urn:ietf:params:gss-eap:radius-avp"), - (void *)"urn:ietf:params:gss-eap:radius-avp", - }, - { - /* ATTR_TYPE_SAML_AAA_ASSERTION */ - sizeof("urn:ietf:params:gss-eap:saml-aaa-assertion"), - (void *)"urn:ietf:params:gss-eap:saml-aaa-assertion" - }, - { - /* ATTR_TYPE_SAML_ATTR */ - sizeof("urn:ietf:params:gss-eap:saml-attr"), - (void *)"urn:ietf:params:gss-eap:saml-attr" - }, -}; - -unsigned int -gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) +time_t +gss_eap_attr_ctx::getExpiryTime(void) const { unsigned int i; + time_t expiryTime = 0; - for (i = ATTR_TYPE_MIN; - i < sizeof(attributePrefixes) / sizeof(attributePrefixes[0]); - i++) - { - if (bufferEqual(&attributePrefixes[i], prefix)) - return i; + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; + time_t providerExpiryTime; + + if (provider == NULL) + continue; + + providerExpiryTime = provider->getExpiryTime(); + if (providerExpiryTime == 0) + continue; + + if (expiryTime == 0 || providerExpiryTime < expiryTime) + expiryTime = providerExpiryTime; } - return ATTR_TYPE_LOCAL; + return expiryTime; } -gss_buffer_t -gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) +OM_uint32 +gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const { - if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_LOCAL) - return GSS_C_NO_BUFFER; + unsigned int i; + OM_uint32 major; - return &attributePrefixes[type]; + /* Errors we handle ourselves */ + major = GSS_S_FAILURE; + + if (typeid(e) == typeid(std::bad_alloc)) { + *minor = ENOMEM; + goto cleanup; + } + + /* Errors we delegate to providers */ + major = GSS_S_CONTINUE_NEEDED; + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; + + if (provider == NULL) + continue; + + major = provider->mapException(minor, e); + if (major != GSS_S_CONTINUE_NEEDED) + break; + } + + if (major == GSS_S_CONTINUE_NEEDED) { + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; + } + +cleanup: +#if 0 + /* rethrow for now for debugging */ + throw e; +#endif + + assert(GSS_ERROR(major)); + + return major; } +/* + * Decompose attribute name into prefix and suffix + */ void gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, gss_buffer_t prefix, @@ -360,62 +770,88 @@ gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, } } +/* + * Decompose attribute name into type and suffix + */ void -gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, - const gss_buffer_t suffix, - gss_buffer_t attribute) +gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, + unsigned int *type, + gss_buffer_t suffix) const { - size_t len = 0; - char *p; + gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; - attribute->length = 0; - attribute->value = NULL; + decomposeAttributeName(attribute, &prefix, suffix); + *type = attributePrefixToType(&prefix); +} + +/* + * Compose attribute name from prefix, suffix; returns C++ string + */ +std::string +gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, + const gss_buffer_t suffix) +{ + std::string str; if (prefix == GSS_C_NO_BUFFER || prefix->length == 0) - return; + return str; + + str.append((const char *)prefix->value, prefix->length); - len = prefix->length; if (suffix != GSS_C_NO_BUFFER) { - len += 1 + suffix->length; + str.append(" "); + str.append((const char *)suffix->value, suffix->length); } - attribute->value = GSSEAP_MALLOC(len + 1); - if (attribute->value == NULL) { - throw new std::bad_alloc; - } - attribute->length = len; + return str; +} - p = (char *)attribute->value; - memcpy(p, prefix->value, prefix->length); - if (suffix != NULL) { - p[prefix->length] = ' '; - memcpy(p + prefix->length + 1, suffix->value, suffix->length); - } +/* + * Compose attribute name from type, suffix; returns C++ string + */ +std::string +gss_eap_attr_ctx::composeAttributeName(unsigned int type, + const gss_buffer_t suffix) +{ + gss_buffer_desc prefix = attributeTypeToPrefix(type); - p[attribute->length] = '\0'; + return composeAttributeName(&prefix, suffix); } +/* + * Compose attribute name from prefix, suffix; returns GSS buffer + */ void -gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, - unsigned int*type, - gss_buffer_t suffix) +gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, + const gss_buffer_t suffix, + gss_buffer_t attribute) { - gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; + std::string str = composeAttributeName(prefix, suffix); - decomposeAttributeName(attribute, &prefix, suffix); - *type = attributePrefixToType(&prefix); + if (str.length() != 0) { + return duplicateBuffer(str, attribute); + } else { + attribute->length = 0; + attribute->value = NULL; + } } +/* + * Compose attribute name from type, suffix; returns GSS buffer + */ void gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix, - gss_buffer_t attribute) + gss_buffer_t attribute) const { - gss_buffer_t prefix = attributeTypeToPrefix(type); + gss_buffer_desc prefix = attributeTypeToPrefix(type); - composeAttributeName(prefix, suffix, attribute); + return composeAttributeName(&prefix, suffix, attribute); } +/* + * C wrappers + */ OM_uint32 gssEapInquireName(OM_uint32 *minor, gss_name_t name, @@ -423,19 +859,34 @@ gssEapInquireName(OM_uint32 *minor, gss_OID *MN_mech, gss_buffer_set_t *attrs) { - *minor = 0; - *name_is_MN = false; - *MN_mech = GSS_EAP_MECHANISM; - *attrs = GSS_C_NO_BUFFER_SET; + OM_uint32 major; + + if (name_is_MN != NULL) + *name_is_MN = (name->mechanismUsed != GSS_C_NULL_OID); - if (name->attrCtx == NULL) + if (MN_mech != NULL) { + major = gssEapCanonicalizeOid(minor, name->mechanismUsed, + OID_FLAG_NULL_VALID, MN_mech); + if (GSS_ERROR(major)) + return major; + } + + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { - if (!name->attrCtx->getAttributeTypes(attrs)) + if (!name->attrCtx->getAttributeTypes(attrs)) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -454,25 +905,35 @@ gssEapGetNameAttribute(OM_uint32 *minor, *authenticated = 0; *complete = 0; - value->length = 0; - value->value = NULL; + if (value != NULL) { + value->length = 0; + value->value = NULL; + } if (display_value != NULL) { display_value->length = 0; display_value->value = NULL; } - *more = -1; + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } - if (name->attrCtx == NULL) + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { if (!name->attrCtx->getAttribute(attr, authenticated, complete, - value, display_value, more)) + value, display_value, more)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -483,13 +944,23 @@ gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { - name->attrCtx->deleteAttribute(attr); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->deleteAttribute(attr)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -502,13 +973,23 @@ gssEapSetNameAttribute(OM_uint32 *minor, gss_buffer_t attr, gss_buffer_t value) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { - name->attrCtx->setAttribute(complete, attr, value); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->setAttribute(complete, attr, value)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -519,13 +1000,20 @@ gssEapExportAttrContext(OM_uint32 *minor, gss_name_t name, gss_buffer_t buffer) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + buffer->length = 0; + buffer->value = NULL; + + return GSS_S_COMPLETE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { - name->attrCtx->marshall(buffer); + name->attrCtx->exportToBuffer(buffer); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -536,7 +1024,30 @@ gssEapImportAttrContext(OM_uint32 *minor, gss_buffer_t buffer, gss_name_t name) { - GSSEAP_NOT_IMPLEMENTED; + gss_eap_attr_ctx *ctx = NULL; + + assert(name->attrCtx == NULL); + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + + if (buffer->length != 0) { + try { + ctx = new gss_eap_attr_ctx(); + + if (!ctx->initFromBuffer(buffer)) { + delete ctx; + *minor = GSSEAP_BAD_ATTR_TOKEN; + return GSS_S_DEFECTIVE_TOKEN; + } + name->attrCtx = ctx; + } catch (std::exception &e) { + delete ctx; + return name->attrCtx->mapException(minor, e); + } + } + + return GSS_S_COMPLETE; } OM_uint32 @@ -544,13 +1055,26 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, gss_name_t in, gss_name_t out) { + gss_eap_attr_ctx *ctx = NULL; + + assert(out->attrCtx == NULL); + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { - if (in->attrCtx != NULL) - out->attrCtx = new gss_eap_attr_ctx(*(in->attrCtx)); - else - out->attrCtx = NULL; + if (in->attrCtx != NULL) { + ctx = new gss_eap_attr_ctx(); + if (!ctx->initFromExistingContext(in->attrCtx)) { + delete ctx; + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + return GSS_S_FAILURE; + } + out->attrCtx = ctx; + } } catch (std::exception &e) { - return mapException(minor, e); + delete ctx; + return in->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -563,10 +1087,18 @@ gssEapMapNameToAny(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *output) { + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { *output = name->attrCtx->mapToAny(authenticated, type_id); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -578,7 +1110,12 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *input) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -586,7 +1123,7 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, name->attrCtx->releaseAnyNameMapping(type_id, *input); *input = NULL; } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -599,37 +1136,50 @@ gssEapReleaseAttrContext(OM_uint32 *minor, if (name->attrCtx != NULL) delete name->attrCtx; + *minor = 0; return GSS_S_COMPLETE; } +/* + * Public accessor for initialisng a context from a GSS context. Also + * sets expiry time on GSS context as a side-effect. + */ OM_uint32 -gssEapAttrProvidersInit(OM_uint32 *minor) +gssEapCreateAttrContext(OM_uint32 *minor, + gss_cred_id_t gssCred, + gss_ctx_id_t gssCtx, + struct gss_eap_attr_ctx **pAttrContext, + time_t *pExpiryTime) { - try { - gss_eap_attr_ctx::init(); - } catch (std::exception &e) { - return mapException(minor, e); - } + gss_eap_attr_ctx *ctx = NULL; + OM_uint32 major; - return GSS_S_COMPLETE; -} + assert(gssCtx != GSS_C_NO_CONTEXT); + + major = gssEapAttrProvidersInit(minor); + if (GSS_ERROR(major)) + return major; + + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; -OM_uint32 -gssEapAttrProvidersFinalize(OM_uint32 *minor) -{ try { - gss_eap_attr_ctx::finalize(); + ctx = new gss_eap_attr_ctx(); + if (ctx->initFromGssContext(gssCred, gssCtx)) { + *minor = 0; + major = GSS_S_COMPLETE; + } else { + delete ctx; + } } catch (std::exception &e) { - return mapException(minor, e); + if (ctx != NULL) + major = ctx->mapException(minor, e); } - return GSS_S_COMPLETE; -} + if (major == GSS_S_COMPLETE) { + *pAttrContext = ctx; + *pExpiryTime = ctx->getExpiryTime(); + } -struct gss_eap_attr_ctx * -gssEapCreateAttrContext(gss_cred_id_t cred, - gss_ctx_id_t ctx) -{ - assert(ctx != GSS_C_NO_CONTEXT); - return gss_eap_attr_ctx::createAttrContext(cred, ctx); + return major; }