X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_attr.h;h=1a427f7b15570d6bb3506afdb5cf462291b2ebb0;hb=e063ba4e45d12dbc1a397653f9e77228835e4a2b;hp=206e424a8f34d08f5babd21afa1e986e31ef09d7;hpb=dbc01ac138ba42daf099828365627ba4ea241def;p=mech_eap.git diff --git a/util_attr.h b/util_attr.h index 206e424..1a427f7 100644 --- a/util_attr.h +++ b/util_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,27 +30,41 @@ * SUCH DAMAGE. */ +/* + * Attribute provider interface. + */ + #ifndef _UTIL_ATTR_H_ #define _UTIL_ATTR_H_ 1 -#define ATTR_TYPE_RADIUS 0U -#define ATTR_TYPE_SAML_ASSERTION 1U -#define ATTR_TYPE_SAML 2U -#define ATTR_TYPE_LOCAL 3U -#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS -#define ATTR_TYPE_MAX (ATTR_TYPE_LOCAL + 1U) - #ifdef __cplusplus #include +#include + +#include struct gss_eap_attr_provider; struct gss_eap_attr_ctx; typedef bool -(*gss_eap_attr_enumeration_cb)(const gss_eap_attr_provider *source, +(*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx, + const gss_eap_attr_provider *source, const gss_buffer_t attribute, void *data); +#define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */ +#define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */ +#define ATTR_TYPE_SAML 2U /* SAML attributes */ +#define ATTR_TYPE_LOCAL 3U /* Local attributes */ +#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS +#define ATTR_TYPE_MAX ATTR_TYPE_LOCAL + +#define ATTR_FLAG_DISABLE_LOCAL 0x00000001 + +/* + * Attribute provider: this represents a source of attributes derived + * from the security context. + */ struct gss_eap_attr_provider { public: @@ -64,48 +78,91 @@ public: } virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager, - const gss_eap_attr_provider *ctx) + const gss_eap_attr_provider *ctx GSSEAP_UNUSED) { return initWithManager(manager); } virtual bool initFromGssContext(const gss_eap_attr_ctx *manager, - const gss_cred_id_t cred, - const gss_ctx_id_t ctx) + const gss_cred_id_t cred GSSEAP_UNUSED, + const gss_ctx_id_t ctx GSSEAP_UNUSED) { return initWithManager(manager); } - virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const + virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED, + void *data GSSEAP_UNUSED) const + { + return false; + } + + virtual bool setAttribute(int complete GSSEAP_UNUSED, + const gss_buffer_t attr GSSEAP_UNUSED, + const gss_buffer_t value GSSEAP_UNUSED) + { + return false; + } + + virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED) { return false; } - virtual void setAttribute(int complete, - const gss_buffer_t attr, - const gss_buffer_t value) {} - virtual void deleteAttribute(const gss_buffer_t value) {} - virtual bool getAttribute(const gss_buffer_t attr, - int *authenticated, - int *complete, - gss_buffer_t value, - gss_buffer_t display_value, - int *more) const { return false; } - - virtual gss_any_t mapToAny(int authenticated, - gss_buffer_t type_id) const { return NULL; } - virtual void releaseAnyNameMapping(gss_buffer_t type_id, - gss_any_t input) const {} - - virtual void exportToBuffer(gss_buffer_t buffer) const {} - virtual bool initFromBuffer(const gss_eap_attr_ctx *manager, - const gss_buffer_t buffer) + virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED, + int *authenticated GSSEAP_UNUSED, + int *complete GSSEAP_UNUSED, + gss_buffer_t value GSSEAP_UNUSED, + gss_buffer_t display_value GSSEAP_UNUSED, + int *more GSSEAP_UNUSED) const + { + return false; + } + + virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED, + gss_buffer_t type_id GSSEAP_UNUSED) const + { + return NULL; + } + + virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, + gss_any_t input GSSEAP_UNUSED) const + { + } + + /* prefix to be prepended to attributes emitted by gss_get_name_attribute */ + virtual const char *prefix(void) const + { + return NULL; + } + + /* optional key for storing JSON dictionary */ + virtual const char *name(void) const + { + return NULL; + } + + virtual bool initWithJsonObject(const gss_eap_attr_ctx *manager, + json_t *object GSSEAP_UNUSED) { return initWithManager(manager); } - static bool init() { return true; } - static void finalize() {} + + virtual json_t *jsonRepresentation(void) const + { + return NULL; + } + + virtual time_t getExpiryTime(void) const { return 0; } + + virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED, + std::exception &e GSSEAP_UNUSED) const + { + return GSS_S_CONTINUE_NEEDED; + } + + static bool init(void) { return true; } + static void finalize(void) {} static gss_eap_attr_provider *createAttrContext(void) { return NULL; } @@ -120,6 +177,10 @@ private: typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void); +/* + * Attribute context: this manages a set of providers for a given + * security context. + */ struct gss_eap_attr_ctx { public: @@ -133,10 +194,10 @@ public: bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool getAttributeTypes(gss_buffer_set_t *attrs); - void setAttribute(int complete, + bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); - void deleteAttribute(const gss_buffer_t value); + bool deleteAttribute(const gss_buffer_t value); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, @@ -151,12 +212,9 @@ public: void exportToBuffer(gss_buffer_t buffer) const; bool initFromBuffer(const gss_buffer_t buffer); - static unsigned int - attributePrefixToType(const gss_buffer_t prefix); - - static const gss_buffer_t - attributeTypeToPrefix(unsigned int type); - + static std::string + composeAttributeName(const gss_buffer_t prefix, + const gss_buffer_t suffix); static void decomposeAttributeName(const gss_buffer_t attribute, gss_buffer_t prefix, @@ -165,48 +223,57 @@ public: composeAttributeName(const gss_buffer_t prefix, const gss_buffer_t suffix, gss_buffer_t attribute); - static void + + std::string + composeAttributeName(unsigned int type, + const gss_buffer_t suffix); + void decomposeAttributeName(const gss_buffer_t attribute, unsigned int *type, - gss_buffer_t suffix); - static void + gss_buffer_t suffix) const; + void composeAttributeName(unsigned int type, const gss_buffer_t suffix, - gss_buffer_t attribute); - - static std::string - composeAttributeName(const gss_buffer_t prefix, - const gss_buffer_t suffix); - static std::string - composeAttributeName(unsigned int type, - const gss_buffer_t suffix); + gss_buffer_t attribute) const; gss_eap_attr_provider *getProvider(unsigned int type) const; - gss_eap_attr_provider *getProvider(const gss_buffer_t prefix) const; static void registerProvider(unsigned int type, - const char *prefix, gss_eap_attr_create_provider factory); static void unregisterProvider(unsigned int type); + time_t getExpiryTime(void) const; + OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const; + private: + bool providerEnabled(unsigned int type) const; + void releaseProvider(unsigned int type); + + unsigned int attributePrefixToType(const gss_buffer_t prefix) const; + gss_buffer_desc attributeTypeToPrefix(unsigned int type) const; + + bool initWithJsonObject(json_t *object); + json_t *jsonRepresentation(void) const; + gss_eap_attr_provider *getPrimaryProvider(void) const; /* make non-copyable */ gss_eap_attr_ctx(const gss_eap_attr_ctx&); gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&); - gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX]; + uint32_t m_flags; + gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1]; }; +#endif /* __cplusplus */ + #include "util_radius.h" #include "util_saml.h" #include "util_shib.h" -#include -#include +#ifdef __cplusplus static inline void duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst) @@ -236,9 +303,18 @@ struct gss_eap_attr_ctx; extern "C" { #endif -struct gss_eap_attr_ctx * -gssEapCreateAttrContext(gss_cred_id_t acceptorCred, - gss_ctx_id_t acceptorCtx); +/* + * C wrappers for attribute context functions. These match their + * GSS naming extension equivalents. The caller is required to + * obtain the name mutex. + */ + +OM_uint32 +gssEapCreateAttrContext(OM_uint32 *minor, + gss_cred_id_t acceptorCred, + gss_ctx_id_t acceptorCtx, + struct gss_eap_attr_ctx **pAttrCtx, + time_t *pExpiryTime); OM_uint32 gssEapInquireName(OM_uint32 *minor, @@ -302,9 +378,6 @@ gssEapReleaseAttrContext(OM_uint32 *minor, gss_name_t name); OM_uint32 -gssEapAttrProvidersInit(OM_uint32 *minor); - -OM_uint32 gssEapAttrProvidersFinalize(OM_uint32 *minor); #ifdef __cplusplus