X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_attr.h;h=90a8c91c3c35c61f0cb06d808c45ea3995dc0887;hb=ae79fdae047f980d01b2b4e84ccea52e24d8c7a0;hp=206e424a8f34d08f5babd21afa1e986e31ef09d7;hpb=dbc01ac138ba42daf099828365627ba4ea241def;p=mech_eap.orig diff --git a/util_attr.h b/util_attr.h index 206e424..90a8c91 100644 --- a/util_attr.h +++ b/util_attr.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -30,18 +30,16 @@ * SUCH DAMAGE. */ +/* + * Attribute provider interface. + */ + #ifndef _UTIL_ATTR_H_ #define _UTIL_ATTR_H_ 1 -#define ATTR_TYPE_RADIUS 0U -#define ATTR_TYPE_SAML_ASSERTION 1U -#define ATTR_TYPE_SAML 2U -#define ATTR_TYPE_LOCAL 3U -#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS -#define ATTR_TYPE_MAX (ATTR_TYPE_LOCAL + 1U) - #ifdef __cplusplus #include +#include struct gss_eap_attr_provider; struct gss_eap_attr_ctx; @@ -51,6 +49,19 @@ typedef bool const gss_buffer_t attribute, void *data); +#define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */ +#define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */ +#define ATTR_TYPE_SAML 2U /* SAML attributes */ +#define ATTR_TYPE_LOCAL 3U /* Local attributes */ +#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS +#define ATTR_TYPE_MAX ATTR_TYPE_LOCAL + +#define ATTR_FLAG_DISABLE_LOCAL 0x00000001 + +/* + * Attribute provider: this represents a source of attributes derived + * from the security context. + */ struct gss_eap_attr_provider { public: @@ -64,48 +75,76 @@ public: } virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager, - const gss_eap_attr_provider *ctx) + const gss_eap_attr_provider *ctx GSSEAP_UNUSED) { return initWithManager(manager); } virtual bool initFromGssContext(const gss_eap_attr_ctx *manager, - const gss_cred_id_t cred, - const gss_ctx_id_t ctx) + const gss_cred_id_t cred GSSEAP_UNUSED, + const gss_ctx_id_t ctx GSSEAP_UNUSED) { return initWithManager(manager); } - virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const + virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED, + void *data GSSEAP_UNUSED) const { return false; } - virtual void setAttribute(int complete, - const gss_buffer_t attr, - const gss_buffer_t value) {} - virtual void deleteAttribute(const gss_buffer_t value) {} - virtual bool getAttribute(const gss_buffer_t attr, - int *authenticated, - int *complete, - gss_buffer_t value, - gss_buffer_t display_value, - int *more) const { return false; } - - virtual gss_any_t mapToAny(int authenticated, - gss_buffer_t type_id) const { return NULL; } - virtual void releaseAnyNameMapping(gss_buffer_t type_id, - gss_any_t input) const {} - - virtual void exportToBuffer(gss_buffer_t buffer) const {} + virtual bool setAttribute(int complete GSSEAP_UNUSED, + const gss_buffer_t attr GSSEAP_UNUSED, + const gss_buffer_t value GSSEAP_UNUSED) + { + return false; + } + + virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED) + { + return false; + } + + virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED, + int *authenticated GSSEAP_UNUSED, + int *complete GSSEAP_UNUSED, + gss_buffer_t value GSSEAP_UNUSED, + gss_buffer_t display_value GSSEAP_UNUSED, + int *more GSSEAP_UNUSED) const + { + return false; + } + + virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED, + gss_buffer_t type_id GSSEAP_UNUSED) const + { + return NULL; + } + virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, + gss_any_t input GSSEAP_UNUSED) const + { + } + + virtual void exportToBuffer(gss_buffer_t buffer GSSEAP_UNUSED) const + { + } + virtual bool initFromBuffer(const gss_eap_attr_ctx *manager, - const gss_buffer_t buffer) + const gss_buffer_t buffer GSSEAP_UNUSED) { return initWithManager(manager); } - static bool init() { return true; } - static void finalize() {} + virtual time_t getExpiryTime(void) const { return 0; } + + virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED, + std::exception &e GSSEAP_UNUSED) const + { + return GSS_S_CONTINUE_NEEDED; + } + + static bool init(void) { return true; } + static void finalize(void) {} static gss_eap_attr_provider *createAttrContext(void) { return NULL; } @@ -120,6 +159,10 @@ private: typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void); +/* + * Attribute context: this manages a set of providers for a given + * security context. + */ struct gss_eap_attr_ctx { public: @@ -133,10 +176,10 @@ public: bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const; bool getAttributeTypes(gss_buffer_set_t *attrs); - void setAttribute(int complete, + bool setAttribute(int complete, const gss_buffer_t attr, const gss_buffer_t value); - void deleteAttribute(const gss_buffer_t value); + bool deleteAttribute(const gss_buffer_t value); bool getAttribute(const gss_buffer_t attr, int *authenticated, int *complete, @@ -191,22 +234,30 @@ public: static void unregisterProvider(unsigned int type); + time_t getExpiryTime(void) const; + OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const; + private: + bool providerEnabled(unsigned int type) const; + void releaseProvider(unsigned int type); + gss_eap_attr_provider *getPrimaryProvider(void) const; /* make non-copyable */ gss_eap_attr_ctx(const gss_eap_attr_ctx&); gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&); - gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX]; + uint32_t m_flags; + gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1]; }; +#endif /* __cplusplus */ + #include "util_radius.h" #include "util_saml.h" #include "util_shib.h" -#include -#include +#ifdef __cplusplus static inline void duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst) @@ -236,9 +287,18 @@ struct gss_eap_attr_ctx; extern "C" { #endif -struct gss_eap_attr_ctx * -gssEapCreateAttrContext(gss_cred_id_t acceptorCred, - gss_ctx_id_t acceptorCtx); +/* + * C wrappers for attribute context functions. These match their + * GSS naming extension equivalents. The caller is required to + * obtain the name mutex. + */ + +OM_uint32 +gssEapCreateAttrContext(OM_uint32 *minor, + gss_cred_id_t acceptorCred, + gss_ctx_id_t acceptorCtx, + struct gss_eap_attr_ctx **pAttrCtx, + time_t *pExpiryTime); OM_uint32 gssEapInquireName(OM_uint32 *minor, @@ -302,9 +362,6 @@ gssEapReleaseAttrContext(OM_uint32 *minor, gss_name_t name); OM_uint32 -gssEapAttrProvidersInit(OM_uint32 *minor); - -OM_uint32 gssEapAttrProvidersFinalize(OM_uint32 *minor); #ifdef __cplusplus