gss_map_name_to_any

diff --git a/mech_eap/map_name_to_any.c b/mech_eap/map_name_to_any.c
index ab5beda..afd6b37 100644 (file)
--- a/mech_eap/map_name_to_any.c
+++ b/mech_eap/map_name_to_any.c
@@ -39,6 +39,21 @@ gss_map_name_to_any(OM_uint32 *minor,
                     gss_buffer_t type_id,
                     gss_any_t *output)
 {
-    *minor = 0;
-    return GSS_S_UNAVAILABLE;
+    OM_uint32 major;
+
+    *output = (gss_any_t)NULL;
+
+    if (name == GSS_C_NO_NAME) {
+        *minor = EINVAL;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+    }
+
+    GSSEAP_MUTEX_LOCK(&name->mutex);
+
+    major = samlMapNameToAny(minor, name->samlCtx, authenticated,
+                             type_id, output);
+
+    GSSEAP_MUTEX_UNLOCK(&name->mutex);
+
+    return major;
 }

diff --git a/mech_eap/release_any_name_mapping.c b/mech_eap/release_any_name_mapping.c
index 51bed0b..1c157e3 100644 (file)
--- a/mech_eap/release_any_name_mapping.c
+++ b/mech_eap/release_any_name_mapping.c
@@ -38,6 +38,18 @@ gss_release_any_name_mapping(OM_uint32 *minor,
                              gss_buffer_t type_id,
                              gss_any_t *input)
 {
-    *minor = 0;
-    return GSS_S_UNAVAILABLE;
+    OM_uint32 major;
+
+    if (name == GSS_C_NO_NAME) {
+        *minor = EINVAL;
+        return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
+    }
+
+    GSSEAP_MUTEX_LOCK(&name->mutex);
+
+    major = samlReleaseAnyNameMapping(minor, name->samlCtx, type_id, input);
+
+    GSSEAP_MUTEX_UNLOCK(&name->mutex);
+
+    return major;
 }

diff --git a/mech_eap/util.h b/mech_eap/util.h
index 087dc1c..f2c992a 100644 (file)
--- a/mech_eap/util.h
+++ b/mech_eap/util.h
@@ -107,6 +107,24 @@ duplicateBuffer(OM_uint32 *minor,
                 const gss_buffer_t src,
                 gss_buffer_t dst);
 
+static inline int
+bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2)
+{
+    return (b1->length == b2->length &&
+            memcmp(b1->value, b2->value, b2->length) == 0);
+}
+
+static inline int
+bufferEqualString(const gss_buffer_t b1, const char *s)
+{
+    gss_buffer_desc b2;
+
+    b2.length = strlen(s);
+    b2.value = (char *)s;
+
+    return bufferEqual(b1, &b2);
+}
+
 /* util_cksum.c */
 int
 gssEapSign(krb5_context context,

diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c
index 8265d22..fc5a73f 100644 (file)
--- a/mech_eap/util_name.c
+++ b/mech_eap/util_name.c
@@ -450,12 +450,8 @@ gssEapAttributePrefixToType(const gss_buffer_t prefix)
          i < sizeof(attributePrefixes) / sizeof(attributePrefixes[0]);
          i++)
     {
-        gss_buffer_t p = &attributePrefixes[i];
-
-        if (p->length == prefix->length &&
-            memcmp(p->value, prefix->value, prefix->length) == 0) {
+        if (bufferEqual(&attributePrefixes[i], prefix))
             return i;
-        }
     }
 
     return ATTR_TYPE_NONE;

diff --git a/mech_eap/util_saml.cpp b/mech_eap/util_saml.cpp
index 71cf13a..1359dc2 100644 (file)
--- a/mech_eap/util_saml.cpp
+++ b/mech_eap/util_saml.cpp
@@ -171,7 +171,7 @@ private:
 eap_gss_saml_attr_ctx::eap_gss_saml_attr_ctx(const vector<Attribute*>& attributes,
                                              const Assertion *assertion)
 {
-    m_assertion = dynamic_cast<saml2::Assertion *>(assertion->clone());
+    m_assertion = dynamic_cast<Assertion *>(assertion->clone());
     setAttributes(attributes);
 }
 
@@ -207,7 +207,7 @@ eap_gss_saml_attr_ctx::parseAssertion(const gss_buffer_t buffer)
     elem = doc->getDocumentElement();
     xobj = b->buildOneFromElement(elem, true);
 
-    m_assertion = dynamic_cast<saml2::Assertion *>(xobj);
+    m_assertion = dynamic_cast<Assertion *>(xobj);
 
     return (m_assertion != NULL);
 }
@@ -331,17 +331,32 @@ eap_gss_saml_attr_ctx::getAssertion(gss_buffer_t buffer)
     return true;
 }
 
+static Attribute *
+duplicateAttribute(const Attribute *src)
+{
+    DDF obj = src->marshall();
+    return Attribute::unmarshall(obj);
+}
+
+static vector <Attribute *>
+duplicateAttributes(const vector <Attribute *>src)
+{
+    vector <Attribute *> dst;
+
+    for (vector<Attribute *>::const_iterator a = src.begin();
+         a != src.end();
+         ++a)
+        dst.push_back(duplicateAttribute(*a));
+
+    return dst;
+}
+
 void
 eap_gss_saml_attr_ctx::addAttribute(Attribute *attribute, bool copy)
 {
     Attribute *a;
 
-    if (copy) {
-        DDF obj = attribute->marshall();
-        a = Attribute::unmarshall(obj);
-    } else {
-        a = attribute;
-    }
+    a = copy ? duplicateAttribute(attribute) : attribute;
 
     m_attributes.push_back(a);
 }
@@ -349,10 +364,8 @@ eap_gss_saml_attr_ctx::addAttribute(Attribute *attribute, bool copy)
 void
 eap_gss_saml_attr_ctx::setAttributes(const vector<Attribute*> attributes)
 {
-    for (vector<Attribute *>::const_iterator a = attributes.begin();
-         a != attributes.end();
-         ++a)
-        addAttribute(*a);
+    for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup<Attribute>());
+    m_attributes = duplicateAttributes(attributes);
 }
 
 int
@@ -716,3 +729,43 @@ samlDuplicateAttrContext(OM_uint32 *minor,
 
     return GSS_S_COMPLETE;
 }
+
+OM_uint32
+samlMapNametoAny(OM_uint32 *minor,
+                 const struct eap_gss_saml_attr_ctx *ctx,
+                 int authenticated,
+                 gss_buffer_t type_id,
+                 gss_any_t *output)
+{
+    if (bufferEqualString(type_id, "shibsp::Attribute")) {
+        vector <Attribute *>v = duplicateAttributes(ctx->getAttributes());
+
+        *output = (gss_any_t)new vector <Attribute *>(v);
+    } else if (bufferEqualString(type_id, "opensaml::Assertion")) {
+        *output = (gss_any_t)ctx->getAssertion()->clone();
+    } else {
+        *output = (gss_any_t)NULL;
+        return GSS_S_UNAVAILABLE;
+    }
+
+    return GSS_S_COMPLETE;
+}
+
+OM_uint32
+samlReleaseAnyNameMapping(OM_uint32 *minor,
+                          const struct eap_gss_saml_attr_ctx *ctx,
+                          gss_buffer_t type_id,
+                          gss_any_t *input)
+{
+    if (bufferEqualString(type_id, "vector<shibsp::Attribute>")) {
+        vector <Attribute *> *v = ((vector <Attribute *> *)*input);
+        delete v;
+    } else if (bufferEqualString(type_id, "opensaml::Assertion")) {
+        delete (Assertion *)*input;
+    } else {
+        return GSS_S_UNAVAILABLE;
+    }
+
+    *input = (gss_any_t)NULL;
+    return GSS_S_COMPLETE;
+}

diff --git a/mech_eap/util_saml.h b/mech_eap/util_saml.h
index 5cd0d9d..d5c57bb 100644 (file)
--- a/mech_eap/util_saml.h
+++ b/mech_eap/util_saml.h
@@ -98,6 +98,20 @@ samlGetAssertion(OM_uint32 *minor,
                  struct eap_gss_saml_attr_ctx *ctx,
                  gss_buffer_t assertion);
  
+
+OM_uint32
+samlMapNametoAny(OM_uint32 *minor,
+                 const struct eap_gss_saml_attr_ctx *ctx,
+                 int authenticated,
+                 gss_buffer_t type_id,
+                 gss_any_t *output);
+
+OM_uint32
+samlReleaseAnyNameMapping(OM_uint32 *minor,
+                          const struct eap_gss_saml_attr_ctx *ctx,
+                          gss_buffer_t type_id,
+                          gss_any_t *input);
+
 #ifdef __cplusplus
 }
 #endif