X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=util_shib.cpp;h=a37329fe822e81ec203740112f838afd05e355e3;hb=15c93f06ee6ddefa7e7b095351f6e66698c7cc9e;hp=32c066ba268d8b32ccc87bbac8d8f6e239034748;hpb=c93b3e71c12d6520a582f3a34e001faab778f1e4;p=mech_eap.git diff --git a/util_shib.cpp b/util_shib.cpp index 32c066b..a37329f 100644 --- a/util_shib.cpp +++ b/util_shib.cpp @@ -31,7 +31,7 @@ */ /* * Copyright 2001-2009 Internet2 - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -45,66 +45,69 @@ * limitations under the License. */ -#include "gssapiP_eap.h" - -#include #include -#include -#include -#include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include -#include "resolver.h" +#include + +#include "gssapiP_eap.h" using namespace shibsp; using namespace shibresolver; using namespace opensaml::saml2md; using namespace opensaml; -using namespace xmltooling::logging; using namespace xmltooling; -using namespace xercesc; using namespace std; +gss_eap_shib_attr_provider::gss_eap_shib_attr_provider(void) +{ + m_authenticated = false; +} + +gss_eap_shib_attr_provider::~gss_eap_shib_attr_provider(void) +{ + for_each(m_attributes.begin(), + m_attributes.end(), + xmltooling::cleanup()) + ; +} + bool -gss_eap_shib_attr_source::initFromExistingContext(const gss_eap_attr_ctx *manager, - const gss_eap_attr_source *ctx) +gss_eap_shib_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager, + const gss_eap_attr_provider *ctx) { - const gss_eap_shib_attr_source *shib; + const gss_eap_shib_attr_provider *shib; - if (!gss_eap_attr_source::initFromExistingContext(manager, ctx)) + if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx)) { return false; + } + + m_authenticated = false; - shib = dynamic_cast(ctx); - if (shib != NULL) + shib = static_cast(ctx); + if (shib != NULL) { m_attributes = duplicateAttributes(shib->getAttributes()); + m_authenticated = shib->authenticated(); + } return true; } bool -addRadiusAttribute(const gss_eap_attr_source *provider, +addRadiusAttribute(const gss_eap_attr_provider *provider, const gss_buffer_t attribute, void *data) { - const gss_eap_shib_attr_source *shib; - const gss_eap_radius_attr_source *radius; + const gss_eap_shib_attr_provider *shib; + const gss_eap_radius_attr_provider *radius; int authenticated, complete, more = -1; vector attributeIds(1); SimpleAttribute *a; - radius = dynamic_cast(provider); - shib = static_cast(data); + radius = static_cast(provider); + shib = static_cast(data); assert(radius != NULL && shib != NULL); @@ -140,35 +143,47 @@ addRadiusAttribute(const gss_eap_attr_source *provider, } bool -gss_eap_shib_attr_source::initFromGssContext(const gss_eap_attr_ctx *manager, - const gss_cred_id_t gssCred, - const gss_ctx_id_t gssCtx) +gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, + const gss_cred_id_t gssCred, + const gss_ctx_id_t gssCtx) { - const gss_eap_saml_assertion_source *saml; - const gss_eap_radius_attr_source *radius; + const gss_eap_saml_assertion_provider *saml; + const gss_eap_radius_attr_provider *radius; gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER; - ShibbolethResolver *resolver = NULL; + ShibbolethResolver *resolver; OM_uint32 minor; - if (!gss_eap_attr_source::initFromGssContext(manager, gssCred, gssCtx)) + if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx)) return false; - saml = dynamic_cast - (manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); - radius = dynamic_cast - (manager->getProvider(ATTR_TYPE_RADIUS)); + saml = static_cast + (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); + radius = static_cast + (m_manager->getProvider(ATTR_TYPE_RADIUS)); + + resolver = ShibbolethResolver::create(); if (gssCred != GSS_C_NO_CREDENTIAL && - gss_display_name(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE) + gssEapDisplayName(&minor, gssCred->name, &nameBuf, NULL) == GSS_S_COMPLETE) resolver->setApplicationID((const char *)nameBuf.value); - if (saml != NULL && saml->getAssertion() != NULL) - resolver->addToken(saml->getAssertion()); + m_authenticated = false; - if (radius != NULL) + if (radius != NULL) { radius->getAttributeTypes(addRadiusAttribute, (void *)this); + m_authenticated = radius->authenticated(); + } + + if (saml != NULL && saml->getAssertion() != NULL) { + resolver->addToken(saml->getAssertion()); + if (m_authenticated) + m_authenticated = saml->authenticated(); + } - resolver->resolveAttributes(m_attributes); + resolver->resolve(); + + m_attributes = resolver->getResolvedAttributes(); + resolver->getResolvedAttributes().clear(); gss_release_buffer(&minor, &nameBuf); @@ -177,16 +192,8 @@ gss_eap_shib_attr_source::initFromGssContext(const gss_eap_attr_ctx *manager, return true; } -gss_eap_shib_attr_source::~gss_eap_shib_attr_source(void) -{ - for_each(m_attributes.begin(), - m_attributes.end(), - xmltooling::cleanup()) - ; -} - int -gss_eap_shib_attr_source::getAttributeIndex(const gss_buffer_t attr) const +gss_eap_shib_attr_provider::getAttributeIndex(const gss_buffer_t attr) const { int i = 0; @@ -208,39 +215,39 @@ gss_eap_shib_attr_source::getAttributeIndex(const gss_buffer_t attr) const } void -gss_eap_shib_attr_source::setAttribute(int complete, - const gss_buffer_t attr, - const gss_buffer_t value) +gss_eap_shib_attr_provider::setAttribute(int complete, + const gss_buffer_t attr, + const gss_buffer_t value) { string attrStr((char *)attr->value, attr->length); - vector ids(1); - - ids.push_back(attrStr); - + vector ids(1, attrStr); SimpleAttribute *a = new SimpleAttribute(ids); if (value->length != 0) { string valueStr((char *)value->value, value->length); - a->getValues().push_back(valueStr); + a->getValues().push_back(valueStr); } m_attributes.push_back(a); + m_authenticated = false; } void -gss_eap_shib_attr_source::deleteAttribute(const gss_buffer_t attr) +gss_eap_shib_attr_provider::deleteAttribute(const gss_buffer_t attr) { int i; i = getAttributeIndex(attr); if (i >= 0) m_attributes.erase(m_attributes.begin() + i); + + m_authenticated = false; } bool -gss_eap_shib_attr_source::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, - void *data) const +gss_eap_shib_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, + void *data) const { for (vector::const_iterator a = m_attributes.begin(); a != m_attributes.end(); @@ -259,7 +266,7 @@ gss_eap_shib_attr_source::getAttributeTypes(gss_eap_attr_enumeration_cb addAttri } const Attribute * -gss_eap_shib_attr_source::getAttribute(const gss_buffer_t attr) const +gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr) const { const Attribute *ret = NULL; @@ -284,47 +291,61 @@ gss_eap_shib_attr_source::getAttribute(const gss_buffer_t attr) const } bool -gss_eap_shib_attr_source::getAttribute(const gss_buffer_t attr, - int *authenticated, - int *complete, - gss_buffer_t value, - gss_buffer_t display_value, - int *more) const +gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr, + int *authenticated, + int *complete, + gss_buffer_t value, + gss_buffer_t display_value, + int *more) const { const Attribute *shibAttr = NULL; gss_buffer_desc buf; + int nvalues, i = *more; + + *more = 0; shibAttr = getAttribute(attr); if (shibAttr == NULL) return false; - if (*more == -1) { - *more = 0; - } else if (*more >= (int)shibAttr->valueCount()) { - *more = 0; - return true; - } + nvalues = shibAttr->valueCount(); + + if (i == -1) + i = 0; + else if (i >= nvalues) + return false; buf.value = (void *)shibAttr->getString(*more); buf.length = strlen((char *)buf.value); - duplicateBuffer(buf, value); + if (buf.length != 0) { + if (value != NULL) + duplicateBuffer(buf, value); + + if (display_value != NULL) + duplicateBuffer(buf, display_value); + } + + if (authenticated != NULL) + *authenticated = m_authenticated; + if (complete != NULL) + *complete = false; - if (display_value != NULL) - duplicateBuffer(buf, display_value); - - *authenticated = TRUE; - *complete = FALSE; + if (nvalues > ++i) + *more = i; return true; } gss_any_t -gss_eap_shib_attr_source::mapToAny(int authenticated, - gss_buffer_t type_id) const +gss_eap_shib_attr_provider::mapToAny(int authenticated, + gss_buffer_t type_id) const { gss_any_t output; + if (authenticated && !m_authenticated) + return (gss_any_t)NULL; + vector v = duplicateAttributes(m_attributes); output = (gss_any_t)new vector (v); @@ -333,62 +354,116 @@ gss_eap_shib_attr_source::mapToAny(int authenticated, } void -gss_eap_shib_attr_source::releaseAnyNameMapping(gss_buffer_t type_id, - gss_any_t input) const +gss_eap_shib_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id, + gss_any_t input) const { vector *v = ((vector *)input); delete v; } void -gss_eap_shib_attr_source::exportToBuffer(gss_buffer_t buffer) const +gss_eap_shib_attr_provider::exportToBuffer(gss_buffer_t buffer) const { + DDF obj(NULL); + DDF attrs(NULL); + buffer->length = 0; buffer->value = NULL; + + obj.addmember("version").integer(1); + obj.addmember("authenticated").integer(m_authenticated); + + attrs = obj.addmember("attributes").list(); + for (vector::const_iterator a = m_attributes.begin(); + a != m_attributes.end(); ++a) { + DDF attr = (*a)->marshall(); + attrs.add(attr); + } + + ostringstream sink; + sink << attrs; + string str = sink.str(); + + duplicateBuffer(str, buffer); + + attrs.destroy(); } bool -gss_eap_shib_attr_source::initFromBuffer(const gss_eap_attr_ctx *ctx, - const gss_buffer_t buffer) +gss_eap_shib_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx, + const gss_buffer_t buffer) { - if (!gss_eap_attr_source::initFromBuffer(ctx, buffer)) + if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer)) return false; + if (buffer->length == 0) + return true; + + assert(m_authenticated == false); + assert(m_attributes.size() == 0); + + DDF obj(NULL); + string str((const char *)buffer->value, buffer->length); + istringstream source(str); + + source >> obj; + + if (obj["version"].integer() != 1) + return false; + + m_authenticated = (obj["authenticated"].integer() != 0); + + DDF attrs = obj["attributes"]; + DDF attr = attrs.first(); + while (!attr.isnull()) { + Attribute *attribute = Attribute::unmarshall(attr); + m_attributes.push_back(attribute); + attr = attrs.next(); + } + + attrs.destroy(); + return true; } bool -gss_eap_shib_attr_source::init(void) +gss_eap_shib_attr_provider::init(void) { - return ShibbolethResolver::init(); + if (!ShibbolethResolver::init()) + return false; + + gss_eap_attr_ctx::registerProvider(ATTR_TYPE_LOCAL, + NULL, + gss_eap_shib_attr_provider::createAttrContext); + + return true; } void -gss_eap_shib_attr_source::finalize(void) +gss_eap_shib_attr_provider::finalize(void) { + gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_LOCAL); ShibbolethResolver::term(); } -gss_eap_attr_source * -gss_eap_shib_attr_source::createAttrContext(void) +gss_eap_attr_provider * +gss_eap_shib_attr_provider::createAttrContext(void) { - return new gss_eap_shib_attr_source; + return new gss_eap_shib_attr_provider; } Attribute * -gss_eap_shib_attr_source::duplicateAttribute(const Attribute *src) +gss_eap_shib_attr_provider::duplicateAttribute(const Attribute *src) { - Attribute *attribute; - DDF obj = src->marshall(); - attribute = Attribute::unmarshall(obj); + Attribute *attribute = Attribute::unmarshall(obj); obj.destroy(); return attribute; } vector -gss_eap_shib_attr_source::duplicateAttributes(const vector src) +gss_eap_shib_attr_provider::duplicateAttributes(const vector src) { vector dst; @@ -399,3 +474,20 @@ gss_eap_shib_attr_source::duplicateAttributes(const vector src) return dst; } + +OM_uint32 +gssEapLocalAttrProviderInit(OM_uint32 *minor) +{ + if (!gss_eap_shib_attr_provider::init()) { + *minor = GSSEAP_SHIB_INIT_FAILURE; + return GSS_S_FAILURE; + } + return GSS_S_COMPLETE; +} + +OM_uint32 +gssEapLocalAttrProviderFinalize(OM_uint32 *minor) +{ + gss_eap_shib_attr_provider::finalize(); + return GSS_S_COMPLETE; +}