From a1eb0e40f6dfb3b35579edb0409f176fc474d7ef Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 29 Mar 2011 02:10:42 +1100 Subject: [PATCH] send exported GSS context token to shibresolver --- mech_eap/util_attr.h | 2 +- mech_eap/util_shib.cpp | 62 +++----------------------------------------------- shibboleth/resolver | 2 +- 3 files changed, 5 insertions(+), 61 deletions(-) diff --git a/mech_eap/util_attr.h b/mech_eap/util_attr.h index ad35c78..bdc8766 100644 --- a/mech_eap/util_attr.h +++ b/mech_eap/util_attr.h @@ -254,7 +254,7 @@ private: gss_buffer_desc attributeTypeToPrefix(unsigned int type) const; bool initWithJsonObject(JSONObject &object); - JSONObject jsonRepresentation(uint32_t flags) const; + JSONObject jsonRepresentation(uint32_t flags = 0) const; gss_eap_attr_provider *getPrimaryProvider(void) const; diff --git a/mech_eap/util_shib.cpp b/mech_eap/util_shib.cpp index 7285aed..4358578 100644 --- a/mech_eap/util_shib.cpp +++ b/mech_eap/util_shib.cpp @@ -103,60 +103,11 @@ gss_eap_shib_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *mana } bool -addRadiusAttribute(const gss_eap_attr_ctx *manager, - const gss_eap_attr_provider *provider, - const gss_buffer_t attribute, - void *data) -{ - const gss_eap_radius_attr_provider *radius; - const gss_eap_shib_attr_provider *shib; - int authenticated, complete, more = -1; - vector attributeIds(1); - SimpleAttribute *a; - - radius = static_cast(provider); - shib = static_cast(data); - - assert(radius != NULL && shib != NULL); - - string attributeName = - manager->composeAttributeName(ATTR_TYPE_RADIUS, attribute); - - attributeIds.push_back(attributeName); - a = new SimpleAttribute(attributeIds); - if (a == NULL) - return false; - - while (more != 0) { - gss_buffer_desc value = GSS_C_EMPTY_BUFFER; - OM_uint32 minor; - - if (!radius->getAttribute(attribute, - &authenticated, - &complete, - &value, - NULL, - &more)) - return false; - - string attributeValue((char *)value.value, value.length); - a->getValues().push_back(attributeValue); - - gss_release_buffer(&minor, &value); - } - - shib->getAttributes().push_back(a); - - return true; -} - -bool gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { const gss_eap_saml_assertion_provider *saml; - const gss_eap_radius_attr_provider *radius; gss_buffer_desc exportedCtx = GSS_C_EMPTY_BUFFER; OM_uint32 major, minor; @@ -168,8 +119,6 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, saml = static_cast (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION)); - radius = static_cast - (m_manager->getProvider(ATTR_TYPE_RADIUS)); auto_ptr resolver(ShibbolethResolver::create()); @@ -187,23 +136,18 @@ gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, } #endif - m_authenticated = false; - major = gssEapExportSecContext(&minor, gssCtx, &exportedCtx, EXPORT_CTX_FLAG_DISABLE_LOCAL_ATTRS); if (major == GSS_S_COMPLETE) { + resolver->addToken(&exportedCtx); gss_release_buffer(&minor, &exportedCtx); } - if (radius != NULL) { - radius->getAttributeTypes(addRadiusAttribute, (void *)this); - m_authenticated = radius->authenticated(); - } + m_authenticated = true; if (saml != NULL && saml->getAssertion() != NULL) { resolver->addToken(saml->getAssertion()); - if (m_authenticated) - m_authenticated = saml->authenticated(); + m_authenticated = saml->authenticated(); } try { diff --git a/shibboleth/resolver b/shibboleth/resolver index b08a23a..7fc1f89 160000 --- a/shibboleth/resolver +++ b/shibboleth/resolver @@ -1 +1 @@ -Subproject commit b08a23ae0714acf9f6dd7859cfb9f6b2ddcc2af3 +Subproject commit 7fc1f89b1f83104ae035cd56248010b329f1cf8b -- 2.1.4