X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_attr.cpp;h=57af9cd8fb8c21892660737cf751219782e86f8e;hb=15c93f06ee6ddefa7e7b095351f6e66698c7cc9e;hp=92f8cc9b5b1bd7b19cd0bdff117a179b740a97a6;hpb=cbad0222b6d0c5e281e974497fee9c259291cd5d;p=mech_eap.git diff --git a/util_attr.cpp b/util_attr.cpp index 92f8cc9..57af9cd 100644 --- a/util_attr.cpp +++ b/util_attr.cpp @@ -32,19 +32,76 @@ #include "gssapiP_eap.h" +#include #include #include #include -static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX]; -static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX]; +/* lazy initialisation */ +static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER; +static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; +static void +gssEapAttrProvidersInitInternal(void) +{ + OM_uint32 major, minor; + + assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE); + + major = gssEapRadiusAttrProviderInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapLocalAttrProviderInit(&minor); + +#ifdef GSSEAP_DEBUG + assert(major == GSS_S_COMPLETE); +#endif + + gssEapAttrProvidersInitStatus = major; +} + +static OM_uint32 +gssEapAttrProvidersInit(OM_uint32 *minor) +{ + GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal); + + if (GSS_ERROR(gssEapAttrProvidersInitStatus)) + *minor = GSSEAP_NO_ATTR_PROVIDERS; + + return gssEapAttrProvidersInitStatus; +} + +OM_uint32 +gssEapAttrProvidersFinalize(OM_uint32 *minor) +{ + OM_uint32 major = GSS_S_COMPLETE; + + if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) { + major = gssEapLocalAttrProviderFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapRadiusAttrProviderFinalize(minor); + + gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; + } + + return major; +} + +static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1]; +static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1]; + +/* + * Register a provider for a particular type and prefix + */ void gss_eap_attr_ctx::registerProvider(unsigned int type, const char *prefix, gss_eap_attr_create_provider factory) { - assert(type < ATTR_TYPE_MAX); + assert(type <= ATTR_TYPE_MAX); assert(gssEapAttrFactories[type] == NULL); @@ -58,33 +115,48 @@ gss_eap_attr_ctx::registerProvider(unsigned int type, } } +/* + * Unregister a provider + */ void gss_eap_attr_ctx::unregisterProvider(unsigned int type) { - assert(type < ATTR_TYPE_MAX); + assert(type <= ATTR_TYPE_MAX); gssEapAttrFactories[type] = NULL; gssEapAttrPrefixes[type].value = NULL; gssEapAttrPrefixes[type].length = 0; } +/* + * Create an attribute context, that manages instances of providers + */ gss_eap_attr_ctx::gss_eap_attr_ctx(void) { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) { + m_flags = 0; + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; - provider = (gssEapAttrFactories[i])(); + if (gssEapAttrFactories[i] != NULL) { + provider = (gssEapAttrFactories[i])(); + } else { + provider = NULL; + } m_providers[i] = provider; } } +/* + * Convert an attribute prefix to a type + */ unsigned int gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) { unsigned int i; - for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_LOCAL; i++) { + for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) { if (bufferEqual(&gssEapAttrPrefixes[i], prefix)) return i; } @@ -92,60 +164,168 @@ gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) return ATTR_TYPE_LOCAL; } +/* + * Convert a type to an attribute prefix + */ const gss_buffer_t gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) { - if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_LOCAL) + if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX) return GSS_C_NO_BUFFER; return &gssEapAttrPrefixes[type]; } bool +gss_eap_attr_ctx::providerEnabled(unsigned int type) const +{ + if (type == ATTR_TYPE_LOCAL && + (m_flags & ATTR_FLAG_DISABLE_LOCAL)) + return false; + + if (m_providers[type] == NULL) + return false; + + return true; +} + +void +gss_eap_attr_ctx::releaseProvider(unsigned int type) +{ + delete m_providers[type]; + m_providers[type] = NULL; +} + +/* + * Initialize a context from an existing context. + */ +bool gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager) { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) { + bool ret = true; + + m_flags = manager->m_flags; + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; + if (!providerEnabled(i)) { + releaseProvider(i); + continue; + } + provider = m_providers[i]; - if (provider != NULL) { - if (!provider->initFromExistingContext(this, manager->m_providers[i])) - return false; + + ret = provider->initFromExistingContext(this, + manager->m_providers[i]); + if (ret == false) { + releaseProvider(i); + break; } } - return true; + return ret; } +/* + * Initialize a context from a GSS credential and context. + */ bool gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred, const gss_ctx_id_t ctx) { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) { + bool ret = true; + + if (cred != GSS_C_NO_CREDENTIAL && + (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) { + m_flags |= ATTR_FLAG_DISABLE_LOCAL; + } + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider; + + if (!providerEnabled(i)) { + releaseProvider(i); + continue; + } + + provider = m_providers[i]; + + ret = provider->initFromGssContext(this, cred, ctx); + if (ret == false) { + releaseProvider(i); + break; + } + } + + return ret; +} + +/* + * Initialize a context from an exported context or name token + */ +bool +gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +{ + bool ret; + gss_eap_attr_provider *primaryProvider = getPrimaryProvider(); + gss_buffer_desc primaryBuf; + + if (buffer->length < 4) + return false; + + m_flags = load_uint32_be(buffer->value); + + primaryBuf.length = buffer->length - 4; + primaryBuf.value = (char *)buffer->value + 4; + + ret = primaryProvider->initFromBuffer(this, &primaryBuf); + if (ret == false) + return ret; + + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; + if (!providerEnabled(i)) { + releaseProvider(i); + continue; + } + provider = m_providers[i]; - if (provider != NULL) { - if (!provider->initFromGssContext(this, cred, ctx)) - return false; + if (provider == primaryProvider) + continue; + + ret = provider->initFromGssContext(this, + GSS_C_NO_CREDENTIAL, + GSS_C_NO_CONTEXT); + if (ret == false) { + releaseProvider(i); + break; } } - return true; + return ret; } gss_eap_attr_ctx::~gss_eap_attr_ctx(void) { - for (unsigned int i = 0; i < ATTR_TYPE_MAX; i++) + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) delete m_providers[i]; } +/* + * Locate provider for a given type + */ gss_eap_attr_provider * gss_eap_attr_ctx::getProvider(unsigned int type) const { + assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX); return m_providers[type]; } +/* + * Locate provider for a given prefix + */ gss_eap_attr_provider * gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const { @@ -156,6 +336,19 @@ gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const return m_providers[type]; } +/* + * Get primary provider. Only the primary provider is serialised when + * gss_export_sec_context() or gss_export_name_composite() is called. + */ +gss_eap_attr_provider * +gss_eap_attr_ctx::getPrimaryProvider(void) const +{ + return m_providers[ATTR_TYPE_MIN]; +} + +/* + * Set an attribute + */ void gss_eap_attr_ctx::setAttribute(int complete, const gss_buffer_t attr, @@ -172,10 +365,14 @@ gss_eap_attr_ctx::setAttribute(int complete, provider->setAttribute(complete, (type == ATTR_TYPE_LOCAL) ? attr : &suffix, value); - + } else { + /* XXX TODO throw exception */ } } +/* + * Delete an attrbiute + */ void gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) { @@ -186,21 +383,22 @@ gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; - if (provider != NULL) { + if (provider != NULL) provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); - } } +/* + * Enumerate attribute types with callback + */ bool gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const { bool ret = false; size_t i; - for (i = 0; i < ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider; + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; - provider = m_providers[i]; if (provider == NULL) continue; @@ -223,7 +421,6 @@ addAttribute(const gss_eap_attr_provider *provider, void *data) { eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data; - gss_buffer_t prefix = GSS_C_NO_BUFFER; gss_buffer_desc qualified; OM_uint32 major, minor; @@ -232,12 +429,15 @@ addAttribute(const gss_eap_attr_provider *provider, major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs); gss_release_buffer(&minor, &qualified); } else { - major = gss_add_buffer_set_member(&minor, prefix, &args->attrs); + major = gss_add_buffer_set_member(&minor, attribute, &args->attrs); } - return GSS_ERROR(major) ? false : true; + return GSS_ERROR(major) == false; } +/* + * Enumerate attribute types, output is buffer set + */ bool gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) { @@ -254,12 +454,11 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) args.attrs = *attrs; - for (i = 0; i < ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider; + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; args.type = i; - provider = m_providers[i]; if (provider == NULL) continue; @@ -268,13 +467,15 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) break; } - if (ret == false) { + if (ret == false) gss_release_buffer_set(&minor, attrs); - } return ret; } +/* + * Get attribute with given name + */ bool gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, int *authenticated, @@ -291,10 +492,8 @@ gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; - if (provider == NULL) { - *more = 0; + if (provider == NULL) return false; - } ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix, authenticated, complete, @@ -303,74 +502,121 @@ gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr, return ret; } +/* + * Map attribute context to C++ object + */ gss_any_t gss_eap_attr_ctx::mapToAny(int authenticated, gss_buffer_t type_id) const { unsigned int type; gss_eap_attr_provider *provider; + gss_buffer_desc suffix; - type = attributePrefixToType(type_id); + decomposeAttributeName(type_id, &type, &suffix); provider = m_providers[type]; + if (provider == NULL) + return (gss_any_t)NULL; - return provider->mapToAny(authenticated, type_id); + return provider->mapToAny(authenticated, &suffix); } +/* + * Release mapped context + */ void gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id, gss_any_t input) const { unsigned int type; gss_eap_attr_provider *provider; + gss_buffer_desc suffix; - type = attributePrefixToType(type_id); + decomposeAttributeName(type_id, &type, &suffix); provider = m_providers[type]; - - provider->releaseAnyNameMapping(type_id, input); + if (provider != NULL) + provider->releaseAnyNameMapping(&suffix, input); } +/* + * Export attribute context to buffer + */ void gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const { - m_providers[ATTR_TYPE_RADIUS]->exportToBuffer(buffer); + const gss_eap_attr_provider *primaryProvider = getPrimaryProvider(); + gss_buffer_desc tmp; + unsigned char *p; + OM_uint32 tmpMinor; + + primaryProvider->exportToBuffer(&tmp); + + buffer->length = 4 + tmp.length; + buffer->value = GSSEAP_MALLOC(buffer->length); + if (buffer->value == NULL) + throw new std::bad_alloc; + + p = (unsigned char *)buffer->value; + store_uint32_be(m_flags, p); + memcpy(p + 4, tmp.value, tmp.length); + + gss_release_buffer(&tmpMinor, &tmp); } -bool -gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +/* + * Return soonest expiry time of providers + */ +time_t +gss_eap_attr_ctx::getExpiryTime(void) const { unsigned int i; - bool ret; + time_t expiryTime = 0; - ret = m_providers[ATTR_TYPE_RADIUS]->initFromBuffer(this, buffer); - if (!ret) - return false; - - for (i = ATTR_TYPE_RADIUS + 1; i < ATTR_TYPE_MAX; i++) { + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider = m_providers[i]; + time_t providerExpiryTime; - ret = provider->initFromGssContext(this, - GSS_C_NO_CREDENTIAL, - GSS_C_NO_CONTEXT); - if (!ret) - break; + if (provider == NULL) + continue; + + providerExpiryTime = provider->getExpiryTime(); + if (providerExpiryTime == 0) + continue; + + if (expiryTime == 0 || providerExpiryTime < expiryTime) + expiryTime = providerExpiryTime; } - return ret; + return expiryTime; } /* - * C wrappers + * Map C++ exception to GSS status */ - static OM_uint32 mapException(OM_uint32 *minor, std::exception &e) { - *minor = 0; - return GSS_S_FAILURE; + OM_uint32 major = GSS_S_FAILURE; + + /* XXX TODO implement other mappings */ + if (typeid(e) == typeid(std::bad_alloc)) + *minor = ENOMEM; + else + *minor = 0; + +#ifdef GSSEAP_DEBUG + /* rethrow for now for debugging */ + throw e; +#endif + + return major; } +/* + * Decompose attribute name into prefix and suffix + */ void gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, gss_buffer_t prefix, @@ -398,6 +644,23 @@ gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, } } +/* + * Decompose attribute name into type and suffix + */ +void +gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, + unsigned int *type, + gss_buffer_t suffix) +{ + gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; + + decomposeAttributeName(attribute, &prefix, suffix); + *type = attributePrefixToType(&prefix); +} + +/* + * Compose attribute name from prefix, suffix; returns C++ string + */ std::string gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix) @@ -417,6 +680,9 @@ gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, return str; } +/* + * Compose attribute name from type, suffix; returns C++ string + */ std::string gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix) @@ -426,6 +692,9 @@ gss_eap_attr_ctx::composeAttributeName(unsigned int type, return composeAttributeName(prefix, suffix); } +/* + * Compose attribute name from prefix, suffix; returns GSS buffer + */ void gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix, @@ -441,17 +710,9 @@ gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, } } -void -gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, - unsigned int *type, - gss_buffer_t suffix) -{ - gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; - - decomposeAttributeName(attribute, &prefix, suffix); - *type = attributePrefixToType(&prefix); -} - +/* + * Compose attribute name from type, suffix; returns GSS buffer + */ void gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix, @@ -462,6 +723,9 @@ gss_eap_attr_ctx::composeAttributeName(unsigned int type, return composeAttributeName(prefix, suffix, attribute); } +/* + * C wrappers + */ OM_uint32 gssEapInquireName(OM_uint32 *minor, gss_name_t name, @@ -469,12 +733,20 @@ gssEapInquireName(OM_uint32 *minor, gss_OID *MN_mech, gss_buffer_set_t *attrs) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { + return GSS_S_UNAVAILABLE; + } try { - if (!name->attrCtx->getAttributeTypes(attrs)) + if (!name->attrCtx->getAttributeTypes(attrs)) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { return mapException(minor, e); } @@ -505,13 +777,23 @@ gssEapGetNameAttribute(OM_uint32 *minor, display_value->value = NULL; } - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { if (!name->attrCtx->getAttribute(attr, authenticated, complete, - value, display_value, more)) + value, display_value, more)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { return mapException(minor, e); } @@ -524,7 +806,12 @@ gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -543,7 +830,12 @@ gssEapSetNameAttribute(OM_uint32 *minor, gss_buffer_t attr, gss_buffer_t value) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -567,10 +859,11 @@ gssEapExportAttrContext(OM_uint32 *minor, return GSS_S_COMPLETE; } + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { name->attrCtx->exportToBuffer(buffer); - if (buffer->length == 0) - return GSS_S_FAILURE; } catch (std::exception &e) { return mapException(minor, e); } @@ -587,12 +880,16 @@ gssEapImportAttrContext(OM_uint32 *minor, assert(name->attrCtx == NULL); + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + if (buffer->length != 0) { try { ctx = new gss_eap_attr_ctx(); if (!ctx->initFromBuffer(buffer)) { delete ctx; + *minor = GSSEAP_BAD_ATTR_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } name->attrCtx = ctx; @@ -614,11 +911,15 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, assert(out->attrCtx == NULL); + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { if (in->attrCtx != NULL) { ctx = new gss_eap_attr_ctx(); if (!ctx->initFromExistingContext(in->attrCtx)) { delete ctx; + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; return GSS_S_FAILURE; } out->attrCtx = ctx; @@ -638,6 +939,14 @@ gssEapMapNameToAny(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *output) { + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { *output = name->attrCtx->mapToAny(authenticated, type_id); } catch (std::exception &e) { @@ -653,7 +962,12 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *input) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -677,50 +991,29 @@ gssEapReleaseAttrContext(OM_uint32 *minor, return GSS_S_COMPLETE; } -OM_uint32 -gssEapAttrProvidersInit(OM_uint32 *minor) -{ - try { - if (gss_eap_radius_attr_provider::init() && - gss_eap_saml_assertion_provider::init() && - gss_eap_saml_attr_provider::init() && - gss_eap_shib_attr_provider::init()) - return GSS_S_COMPLETE; - } catch (std::exception &e) { - return mapException(minor, e); - } - - return GSS_S_FAILURE; -} - -OM_uint32 -gssEapAttrProvidersFinalize(OM_uint32 *minor) -{ - try { - gss_eap_shib_attr_provider::finalize(); - gss_eap_saml_attr_provider::finalize(); - gss_eap_saml_assertion_provider::finalize(); - gss_eap_radius_attr_provider::finalize(); - } catch (std::exception &e) { - return mapException(minor, e); - } - - return GSS_S_COMPLETE; -} - +/* + * Public accessor for initialisng a context from a GSS context. Also + * sets expiry time on GSS context as a side-effect. + */ struct gss_eap_attr_ctx * gssEapCreateAttrContext(gss_cred_id_t gssCred, gss_ctx_id_t gssCtx) { gss_eap_attr_ctx *ctx; + OM_uint32 tmpMinor; assert(gssCtx != GSS_C_NO_CONTEXT); + if (GSS_ERROR(gssEapAttrProvidersInit(&tmpMinor))) + return NULL; + ctx = new gss_eap_attr_ctx(); if (!ctx->initFromGssContext(gssCred, gssCtx)) { delete ctx; return NULL; } + gssCtx->expiryTime = ctx->getExpiryTime(); + return ctx; }