2 * Copyright (c) 2014, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
23 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
24 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
25 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
26 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
27 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
29 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
30 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
31 * OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include "GSSAcquireCred.h"
36 #include "GSSException.h"
37 #include <cache/GSSNameCache.h>
41 GSSAcquireCred::GSSAcquireCred(gss_acq_cred_type fn) : function(fn)
43 desired_name = GSS_C_NO_NAME;
44 // Use OID for eap-aes128 by default
45 desiredMechs.addOID( GSSOID((char *)"{ 1 3 6 1 5 5 15 1 1 17 }") );
48 GSSAcquireCred::GSSAcquireCred ( const GSSAcquireCred& other )
53 GSSAcquireCred::~GSSAcquireCred()
58 GSSAcquireCred::GSSAcquireCred (
67 loadParameters(params);
74 bool GSSAcquireCred::loadParameters(JSONObject *params)
77 std::string sCredUsage;
85 // Easy stuff(*params)
86 this->time_req = (OM_uint32 )(*params)["time_req"].integer();
91 if ( ! params->get("cred_usage").isNull() )
93 if (params->get("cred_usage").isString())
95 sCredUsage = params->get("cred_usage").string();
96 if (sCredUsage == "GSS_C_BOTH")
97 this->cred_usage = GSS_C_BOTH;
98 else if (sCredUsage == "GSS_C_INITIATE")
99 this->cred_usage = GSS_C_INITIATE;
100 else if (sCredUsage == "GSS_C_ACCEPT")
101 this->cred_usage = GSS_C_ACCEPT;
103 throw std::invalid_argument( std::string("Invalid cred_usage type given: ") + sCredUsage );
104 } else if (params->get("cred_usage").isInteger())
105 this->cred_usage = (gss_cred_usage_t)( params->get("cred_usage").integer() );
107 throw std::invalid_argument( "Unrecognized argument type for cred_usage." );
113 if ( ! params->get("desired_mechs").isNull() )
115 if ( params->get("desired_mechs").isArray() )
117 for (nDesiredMechs = 0;
118 nDesiredMechs < params->get("desired_mechs").size();
121 std::string mechStr = params->get("desired_mechs")[nDesiredMechs].string();
122 desiredMechs.addOID( GSSOID(mechStr).toGss() );
125 throw std::invalid_argument("Unrecognized desired_mechs array.");
131 if ( ! params->get("desired_name").isNull() )
133 std::string key = params->get("desired_name").string();
134 this->desired_name = GSSNameCache::instance()->retrieve(key);
145 void GSSAcquireCred::execute()
148 gss_cred_id_t output_cred_handle;
149 gss_OID_set actual_mechs;
154 this->retVal = function(
156 this->desired_name.toGss(),
158 this->desiredMechs.toGss(),
165 if (GSS_ERROR(this->retVal) )
167 std::string err("Error acquiring credential for user '");
168 err += desired_name.toString();
170 throw GSSException(err, this->retVal, this->minor_status);
173 this->cred.setValue(output_cred_handle);
174 this->actualMechs = actual_mechs;
180 /* Desired JSON output:
185 * "cred_handle": "###########",
193 JSONObject *GSSAcquireCred::toJSON()
196 JSONObject *values = new JSONObject();
206 values->set("major_status", this->retVal);
207 values->set("minor_status", this->minor_status);
208 values->set("time_rec", (int)this->time_rec );
210 // Objects that generate their own JSONObject
211 temp = this->cred.toJSONValue();
212 values->set("output_cred_handle", *temp );
214 temp = this->actualMechs.toJSONValue();
215 values->set("actual_mechs", *temp);