X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_attr.cpp;h=9973a00b7e533e6b7c1b10de09b81e4a3cfa7a73;hb=refs%2Fheads%2Fjson-name;hp=441745ae8a61afe1530efcecc91bbe45dd3d36ce;hpb=5a511d614cd7ad2945e011a312129c17627414cc;p=mech_eap.orig diff --git a/util_attr.cpp b/util_attr.cpp index 441745a..9973a00 100644 --- a/util_attr.cpp +++ b/util_attr.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,22 +30,79 @@ * SUCH DAMAGE. */ +/* + * Attribute provider mechanism. + */ + #include "gssapiP_eap.h" #include #include +#include #include +#include #include +/* lazy initialisation */ +static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER; +static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; + +static void +gssEapAttrProvidersInitInternal(void) +{ + OM_uint32 major, minor; + + assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE); + + major = gssEapRadiusAttrProviderInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersInit(&minor); + if (major == GSS_S_COMPLETE) + major = gssEapLocalAttrProviderInit(&minor); + +#ifdef GSSEAP_DEBUG + assert(major == GSS_S_COMPLETE); +#endif + + gssEapAttrProvidersInitStatus = major; +} + +static OM_uint32 +gssEapAttrProvidersInit(OM_uint32 *minor) +{ + GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal); + + if (GSS_ERROR(gssEapAttrProvidersInitStatus)) + *minor = GSSEAP_NO_ATTR_PROVIDERS; + + return gssEapAttrProvidersInitStatus; +} + +OM_uint32 +gssEapAttrProvidersFinalize(OM_uint32 *minor) +{ + OM_uint32 major = GSS_S_COMPLETE; + + if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) { + major = gssEapLocalAttrProviderFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapSamlAttrProvidersFinalize(minor); + if (major == GSS_S_COMPLETE) + major = gssEapRadiusAttrProviderFinalize(minor); + + gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE; + } + + return major; +} + static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1]; -static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1]; /* * Register a provider for a particular type and prefix */ void gss_eap_attr_ctx::registerProvider(unsigned int type, - const char *prefix, gss_eap_attr_create_provider factory) { assert(type <= ATTR_TYPE_MAX); @@ -53,13 +110,6 @@ gss_eap_attr_ctx::registerProvider(unsigned int type, assert(gssEapAttrFactories[type] == NULL); gssEapAttrFactories[type] = factory; - if (prefix != NULL) { - gssEapAttrPrefixes[type].value = (void *)prefix; - gssEapAttrPrefixes[type].length = strlen(prefix); - } else { - gssEapAttrPrefixes[type].value = NULL; - gssEapAttrPrefixes[type].length = 0; - } } /* @@ -71,8 +121,6 @@ gss_eap_attr_ctx::unregisterProvider(unsigned int type) assert(type <= ATTR_TYPE_MAX); gssEapAttrFactories[type] = NULL; - gssEapAttrPrefixes[type].value = NULL; - gssEapAttrPrefixes[type].length = 0; } /* @@ -80,6 +128,8 @@ gss_eap_attr_ctx::unregisterProvider(unsigned int type) */ gss_eap_attr_ctx::gss_eap_attr_ctx(void) { + m_flags = 0; + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { gss_eap_attr_provider *provider; @@ -88,7 +138,7 @@ gss_eap_attr_ctx::gss_eap_attr_ctx(void) } else { provider = NULL; } - + m_providers[i] = provider; } } @@ -97,12 +147,22 @@ gss_eap_attr_ctx::gss_eap_attr_ctx(void) * Convert an attribute prefix to a type */ unsigned int -gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) +gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) const { unsigned int i; for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) { - if (bufferEqual(&gssEapAttrPrefixes[i], prefix)) + const char *pprefix; + + if (!providerEnabled(i)) + continue; + + pprefix = m_providers[i]->prefix(); + if (pprefix == NULL) + continue; + + if (strlen(pprefix) == prefix->length && + memcmp(pprefix, prefix->value, prefix->length) == 0) return i; } @@ -112,13 +172,42 @@ gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix) /* * Convert a type to an attribute prefix */ -const gss_buffer_t -gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) +gss_buffer_desc +gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type) const { + gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; + if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX) - return GSS_C_NO_BUFFER; + return prefix; - return &gssEapAttrPrefixes[type]; + if (!providerEnabled(type)) + return prefix; + + prefix.value = (void *)m_providers[type]->prefix(); + if (prefix.value != NULL) + prefix.length = strlen((char *)prefix.value); + + return prefix; +} + +bool +gss_eap_attr_ctx::providerEnabled(unsigned int type) const +{ + if (type == ATTR_TYPE_LOCAL && + (m_flags & ATTR_FLAG_DISABLE_LOCAL)) + return false; + + if (m_providers[type] == NULL) + return false; + + return true; +} + +void +gss_eap_attr_ctx::releaseProvider(unsigned int type) +{ + delete m_providers[type]; + m_providers[type] = NULL; } /* @@ -129,16 +218,24 @@ gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager) { bool ret = true; + m_flags = manager->m_flags; + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider = m_providers[i]; + gss_eap_attr_provider *provider; - if (provider == NULL) + if (!providerEnabled(i)) { + releaseProvider(i); continue; + } + + provider = m_providers[i]; ret = provider->initFromExistingContext(this, manager->m_providers[i]); - if (ret == false) + if (ret == false) { + releaseProvider(i); break; + } } return ret; @@ -153,46 +250,147 @@ gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred, { bool ret = true; + if (cred != GSS_C_NO_CREDENTIAL && + (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) { + m_flags |= ATTR_FLAG_DISABLE_LOCAL; + } + for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider = m_providers[i]; + gss_eap_attr_provider *provider; - if (provider == NULL) + if (!providerEnabled(i)) { + releaseProvider(i); continue; + } + + provider = m_providers[i]; ret = provider->initFromGssContext(this, cred, ctx); - if (ret == false) + if (ret == false) { + releaseProvider(i); break; + } } return ret; } -/* - * Initialize a context from an exported context or name token - */ bool -gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj) { - bool ret; - gss_eap_attr_provider *primaryProvider = getPrimaryProvider(); + bool ret = false; + bool foundSource[ATTR_TYPE_MAX + 1]; + unsigned int type; - ret = primaryProvider->initFromBuffer(this, buffer); - if (ret == false) - return ret; + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) + foundSource[type] = false; - for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { - gss_eap_attr_provider *provider = m_providers[i]; + if (obj["version"].integer() != 1) + return false; + + m_flags = obj["flags"].integer(); + + JSONObject sources = obj["sources"]; + + /* Initialize providers from serialized state */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + gss_eap_attr_provider *provider; + const char *key; + + if (!providerEnabled(type)) { + releaseProvider(type); + continue; + } + + provider = m_providers[type]; + key = provider->name(); + if (key == NULL) + continue; + + JSONObject source = sources.get(key); + if (!source.isnull() && + !provider->initWithJsonObject(this, source)) { + releaseProvider(type); + return false; + } + + foundSource[type] = true; + } + + /* Initialize remaining providers from initialized providers */ + for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) { + gss_eap_attr_provider *provider; - if (provider == primaryProvider) + if (foundSource[type] || !providerEnabled(type)) continue; + provider = m_providers[type]; + ret = provider->initFromGssContext(this, GSS_C_NO_CREDENTIAL, GSS_C_NO_CONTEXT); - if (ret == false) - break; + if (ret == false) { + releaseProvider(type); + return false; + } } + return true; +} + +JSONObject +gss_eap_attr_ctx::jsonRepresentation(void) const +{ + JSONObject obj, sources; + unsigned int i; + + obj.set("version", 1); + obj.set("flags", m_flags); + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider; + const char *key; + + provider = m_providers[i]; + if (provider == NULL) + continue; /* provider not initialised */ + + key = provider->name(); + if (key == NULL) + continue; /* provider does not have state */ + + JSONObject source = provider->jsonRepresentation(); + sources.set(key, source); + } + + obj.set("sources", sources); + + return obj; +} + +/* + * Initialize a context from an exported context or name token + */ +bool +gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer) +{ + OM_uint32 major, minor; + bool ret; + char *s; + json_error_t error; + + major = bufferToString(&minor, buffer, &s); + if (GSS_ERROR(major)) + return false; + + JSONObject obj = JSONObject::load(s, 0, &error); + if (!obj.isnull()) { + ret = initWithJsonObject(obj); + } else + ret = false; + + GSSEAP_FREE(s); + return ret; } @@ -213,32 +411,19 @@ gss_eap_attr_ctx::getProvider(unsigned int type) const } /* - * Locate provider for a given prefix - */ -gss_eap_attr_provider * -gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const -{ - unsigned int type; - - type = attributePrefixToType(prefix); - - return m_providers[type]; -} - -/* * Get primary provider. Only the primary provider is serialised when * gss_export_sec_context() or gss_export_name_composite() is called. */ gss_eap_attr_provider * gss_eap_attr_ctx::getPrimaryProvider(void) const { - return m_providers[ATTR_TYPE_RADIUS]; + return m_providers[ATTR_TYPE_MIN]; } /* * Set an attribute */ -void +bool gss_eap_attr_ctx::setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value) @@ -246,34 +431,39 @@ gss_eap_attr_ctx::setAttribute(int complete, gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; if (provider != NULL) { - provider->setAttribute(complete, - (type == ATTR_TYPE_LOCAL) ? attr : &suffix, - value); - } else { - /* XXX TODO throw exception */ + ret = provider->setAttribute(complete, + (type == ATTR_TYPE_LOCAL) ? attr : &suffix, + value); } + + return ret; } /* * Delete an attrbiute */ -void +bool gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr) { gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER; unsigned int type; gss_eap_attr_provider *provider; + bool ret = false; decomposeAttributeName(attr, &type, &suffix); provider = m_providers[type]; - if (provider != NULL) - provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); + if (provider != NULL) { + ret = provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix); + } + + return ret; } /* @@ -305,7 +495,8 @@ struct eap_gss_get_attr_types_args { }; static bool -addAttribute(const gss_eap_attr_provider *provider, +addAttribute(const gss_eap_attr_ctx *manager, + const gss_eap_attr_provider *provider GSSEAP_UNUSED, const gss_buffer_t attribute, void *data) { @@ -314,7 +505,7 @@ addAttribute(const gss_eap_attr_provider *provider, OM_uint32 major, minor; if (args->type != ATTR_TYPE_LOCAL) { - gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified); + manager->composeAttributeName(args->type, attribute, &qualified); major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs); gss_release_buffer(&minor, &qualified); } else { @@ -336,10 +527,8 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs) unsigned int i; major = gss_create_empty_buffer_set(&minor, attrs); - if (GSS_ERROR(major)) { + if (GSS_ERROR(major)) throw new std::bad_alloc; - return false; - } args.attrs = *attrs; @@ -435,7 +624,19 @@ gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id, void gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const { - getPrimaryProvider()->exportToBuffer(buffer); + OM_uint32 minor; + char *s; + + JSONObject obj = jsonRepresentation(); + +#if 0 + obj.dump(stdout, JSON_INDENT(3)); +#endif + + s = obj.dump(JSON_COMPACT); + + if (GSS_ERROR(makeStringBuffer(&minor, s, buffer))) + throw new std::bad_alloc; } /* @@ -465,25 +666,47 @@ gss_eap_attr_ctx::getExpiryTime(void) const return expiryTime; } -/* - * Map C++ exception to GSS status - */ -static OM_uint32 -mapException(OM_uint32 *minor, std::exception &e) +OM_uint32 +gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const { - OM_uint32 major = GSS_S_FAILURE; + unsigned int i; + OM_uint32 major; - /* XXX TODO implement other mappings */ - if (typeid(e) == typeid(std::bad_alloc)) + /* Errors we handle ourselves */ + major = GSS_S_FAILURE; + + if (typeid(e) == typeid(std::bad_alloc)) { *minor = ENOMEM; - else - *minor = 0; + goto cleanup; + } -#ifdef GSSEAP_DEBUG + /* Errors we delegate to providers */ + major = GSS_S_CONTINUE_NEEDED; + + for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) { + gss_eap_attr_provider *provider = m_providers[i]; + + if (provider == NULL) + continue; + + major = provider->mapException(minor, e); + if (major != GSS_S_CONTINUE_NEEDED) + break; + } + + if (major == GSS_S_CONTINUE_NEEDED) { + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; + } + +cleanup: +#if 0 /* rethrow for now for debugging */ throw e; #endif + assert(GSS_ERROR(major)); + return major; } @@ -523,7 +746,7 @@ gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, void gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute, unsigned int *type, - gss_buffer_t suffix) + gss_buffer_t suffix) const { gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER; @@ -560,9 +783,9 @@ std::string gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix) { - const gss_buffer_t prefix = attributeTypeToPrefix(type); + gss_buffer_desc prefix = attributeTypeToPrefix(type); - return composeAttributeName(prefix, suffix); + return composeAttributeName(&prefix, suffix); } /* @@ -589,11 +812,11 @@ gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix, void gss_eap_attr_ctx::composeAttributeName(unsigned int type, const gss_buffer_t suffix, - gss_buffer_t attribute) + gss_buffer_t attribute) const { - gss_buffer_t prefix = attributeTypeToPrefix(type); + gss_buffer_desc prefix = attributeTypeToPrefix(type); - return composeAttributeName(prefix, suffix, attribute); + return composeAttributeName(&prefix, suffix, attribute); } /* @@ -606,14 +829,34 @@ gssEapInquireName(OM_uint32 *minor, gss_OID *MN_mech, gss_buffer_set_t *attrs) { - if (name->attrCtx == NULL) + OM_uint32 major; + + if (name_is_MN != NULL) + *name_is_MN = (name->mechanismUsed != GSS_C_NULL_OID); + + if (MN_mech != NULL) { + major = gssEapCanonicalizeOid(minor, name->mechanismUsed, + OID_FLAG_NULL_VALID, MN_mech); + if (GSS_ERROR(major)) + return major; + } + + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { return GSS_S_UNAVAILABLE; + } try { - if (!name->attrCtx->getAttributeTypes(attrs)) + if (!name->attrCtx->getAttributeTypes(attrs)) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -642,15 +885,25 @@ gssEapGetNameAttribute(OM_uint32 *minor, display_value->value = NULL; } - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) { + return GSS_S_UNAVAILABLE; + } try { if (!name->attrCtx->getAttribute(attr, authenticated, complete, - value, display_value, more)) + value, display_value, more)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); return GSS_S_UNAVAILABLE; + } } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -661,13 +914,23 @@ gssEapDeleteNameAttribute(OM_uint32 *minor, gss_name_t name, gss_buffer_t attr) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { - name->attrCtx->deleteAttribute(attr); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->deleteAttribute(attr)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -680,13 +943,23 @@ gssEapSetNameAttribute(OM_uint32 *minor, gss_buffer_t attr, gss_buffer_t value) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { - name->attrCtx->setAttribute(complete, attr, value); - } catch (std::exception &ex) { - return mapException(minor, ex); + if (!name->attrCtx->setAttribute(complete, attr, value)) { + *minor = GSSEAP_NO_SUCH_ATTR; + gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s", + (int)attr->length, (char *)attr->value); + return GSS_S_UNAVAILABLE; + } + } catch (std::exception &e) { + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -704,10 +977,13 @@ gssEapExportAttrContext(OM_uint32 *minor, return GSS_S_COMPLETE; } + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { name->attrCtx->exportToBuffer(buffer); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -722,18 +998,22 @@ gssEapImportAttrContext(OM_uint32 *minor, assert(name->attrCtx == NULL); + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + if (buffer->length != 0) { try { ctx = new gss_eap_attr_ctx(); if (!ctx->initFromBuffer(buffer)) { delete ctx; + *minor = GSSEAP_BAD_ATTR_TOKEN; return GSS_S_DEFECTIVE_TOKEN; } name->attrCtx = ctx; } catch (std::exception &e) { delete ctx; - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } } @@ -749,18 +1029,22 @@ gssEapDuplicateAttrContext(OM_uint32 *minor, assert(out->attrCtx == NULL); + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) + return GSS_S_UNAVAILABLE; + try { if (in->attrCtx != NULL) { ctx = new gss_eap_attr_ctx(); if (!ctx->initFromExistingContext(in->attrCtx)) { delete ctx; + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; return GSS_S_FAILURE; } out->attrCtx = ctx; } } catch (std::exception &e) { delete ctx; - return mapException(minor, e); + return in->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -773,13 +1057,18 @@ gssEapMapNameToAny(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *output) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { *output = name->attrCtx->mapToAny(authenticated, type_id); } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -791,7 +1080,12 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *input) { - if (name->attrCtx == NULL) + if (name->attrCtx == NULL) { + *minor = GSSEAP_NO_ATTR_CONTEXT; + return GSS_S_UNAVAILABLE; + } + + if (GSS_ERROR(gssEapAttrProvidersInit(minor))) return GSS_S_UNAVAILABLE; try { @@ -799,7 +1093,7 @@ gssEapReleaseAnyNameMapping(OM_uint32 *minor, name->attrCtx->releaseAnyNameMapping(type_id, *input); *input = NULL; } catch (std::exception &e) { - return mapException(minor, e); + return name->attrCtx->mapException(minor, e); } return GSS_S_COMPLETE; @@ -812,37 +1106,7 @@ gssEapReleaseAttrContext(OM_uint32 *minor, if (name->attrCtx != NULL) delete name->attrCtx; - return GSS_S_COMPLETE; -} - -OM_uint32 -gssEapAttrProvidersInit(OM_uint32 *minor) -{ - try { - if (gss_eap_radius_attr_provider::init() && - gss_eap_saml_assertion_provider::init() && - gss_eap_saml_attr_provider::init() && - gss_eap_shib_attr_provider::init()) - return GSS_S_COMPLETE; - } catch (std::exception &e) { - return mapException(minor, e); - } - - return GSS_S_FAILURE; -} - -OM_uint32 -gssEapAttrProvidersFinalize(OM_uint32 *minor) -{ - try { - gss_eap_shib_attr_provider::finalize(); - gss_eap_saml_attr_provider::finalize(); - gss_eap_saml_assertion_provider::finalize(); - gss_eap_radius_attr_provider::finalize(); - } catch (std::exception &e) { - return mapException(minor, e); - } - + *minor = 0; return GSS_S_COMPLETE; } @@ -850,21 +1114,42 @@ gssEapAttrProvidersFinalize(OM_uint32 *minor) * Public accessor for initialisng a context from a GSS context. Also * sets expiry time on GSS context as a side-effect. */ -struct gss_eap_attr_ctx * -gssEapCreateAttrContext(gss_cred_id_t gssCred, - gss_ctx_id_t gssCtx) +OM_uint32 +gssEapCreateAttrContext(OM_uint32 *minor, + gss_cred_id_t gssCred, + gss_ctx_id_t gssCtx, + struct gss_eap_attr_ctx **pAttrContext, + time_t *pExpiryTime) { - gss_eap_attr_ctx *ctx; + gss_eap_attr_ctx *ctx = NULL; + OM_uint32 major; assert(gssCtx != GSS_C_NO_CONTEXT); - ctx = new gss_eap_attr_ctx(); - if (!ctx->initFromGssContext(gssCred, gssCtx)) { - delete ctx; - return NULL; + major = gssEapAttrProvidersInit(minor); + if (GSS_ERROR(major)) + return major; + + *minor = GSSEAP_ATTR_CONTEXT_FAILURE; + major = GSS_S_FAILURE; + + try { + ctx = new gss_eap_attr_ctx(); + if (ctx->initFromGssContext(gssCred, gssCtx)) { + *minor = 0; + major = GSS_S_COMPLETE; + } else { + delete ctx; + } + } catch (std::exception &e) { + if (ctx != NULL) + major = ctx->mapException(minor, e); } - gssCtx->expiryTime = ctx->getExpiryTime(); + if (major == GSS_S_COMPLETE) { + *pAttrContext = ctx; + *pExpiryTime = ctx->getExpiryTime(); + } - return ctx; + return major; }