2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * Attribute provider interface.
38 #define _UTIL_ATTR_H_ 1
44 #ifndef HAVE_HEIMDAL_VERSION
45 #include "gssapi_headerfix.h"
48 using namespace gss_eap_util;
50 struct gss_eap_attr_provider;
51 struct gss_eap_attr_ctx;
54 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx,
55 const gss_eap_attr_provider *source,
56 const gss_buffer_t attribute,
59 #define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */
61 #define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */
62 #define ATTR_TYPE_SAML 2U /* SAML attributes */
64 #define ATTR_TYPE_LOCAL 3U /* Local attributes */
65 #define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
66 #define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
68 #define ATTR_FLAG_DISABLE_LOCAL 0x00000001
71 * Attribute provider: this represents a source of attributes derived
72 * from the security context.
74 struct gss_eap_attr_provider
77 gss_eap_attr_provider(void) {}
78 virtual ~gss_eap_attr_provider(void) {}
80 bool initWithManager(const gss_eap_attr_ctx *manager)
86 virtual bool initWithExistingContext(const gss_eap_attr_ctx *manager,
87 const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
89 return initWithManager(manager);
92 virtual bool initWithGssContext(const gss_eap_attr_ctx *manager,
93 const gss_cred_id_t cred GSSEAP_UNUSED,
94 const gss_ctx_id_t ctx GSSEAP_UNUSED)
96 return initWithManager(manager);
99 virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
100 void *data GSSEAP_UNUSED) const
105 virtual bool setAttribute(int complete GSSEAP_UNUSED,
106 const gss_buffer_t attr GSSEAP_UNUSED,
107 const gss_buffer_t value GSSEAP_UNUSED)
112 virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
117 virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
118 int *authenticated GSSEAP_UNUSED,
119 int *complete GSSEAP_UNUSED,
120 gss_buffer_t value GSSEAP_UNUSED,
121 gss_buffer_t display_value GSSEAP_UNUSED,
122 int *more GSSEAP_UNUSED) const
127 virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
128 gss_buffer_t type_id GSSEAP_UNUSED) const
133 virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
134 gss_any_t input GSSEAP_UNUSED) const
138 /* prefix to be prepended to attributes emitted by gss_get_name_attribute */
139 virtual const char *prefix(void) const
144 /* optional key for storing JSON dictionary */
145 virtual const char *name(void) const
150 virtual bool initWithJsonObject(const gss_eap_attr_ctx *manager,
151 JSONObject &object GSSEAP_UNUSED)
153 return initWithManager(manager);
157 virtual JSONObject jsonRepresentation(void) const
159 return JSONObject::null();
162 virtual time_t getExpiryTime(void) const { return 0; }
164 virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
165 std::exception &e GSSEAP_UNUSED) const
167 return GSS_S_CONTINUE_NEEDED;
170 static bool init(void) { return true; }
171 static void finalize(void) {}
173 static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
176 const gss_eap_attr_ctx *m_manager;
179 /* make non-copyable */
180 gss_eap_attr_provider(const gss_eap_attr_provider&);
181 gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
184 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
187 * Attribute context: this manages a set of providers for a given
190 struct gss_eap_attr_ctx
193 gss_eap_attr_ctx(void);
194 ~gss_eap_attr_ctx(void);
196 bool initWithExistingContext(const gss_eap_attr_ctx *manager);
197 bool initWithGssContext(const gss_cred_id_t cred,
198 const gss_ctx_id_t ctx);
200 bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
201 bool getAttributeTypes(gss_buffer_set_t *attrs);
203 bool setAttribute(int complete,
204 const gss_buffer_t attr,
205 const gss_buffer_t value);
206 bool deleteAttribute(const gss_buffer_t value);
207 bool getAttribute(const gss_buffer_t attr,
211 gss_buffer_t display_value,
213 gss_any_t mapToAny(int authenticated,
214 gss_buffer_t type_id) const;
215 void releaseAnyNameMapping(gss_buffer_t type_id,
216 gss_any_t input) const;
218 void exportToBuffer(gss_buffer_t buffer) const;
219 bool initWithBuffer(const gss_buffer_t buffer);
222 composeAttributeName(const gss_buffer_t prefix,
223 const gss_buffer_t suffix);
225 decomposeAttributeName(const gss_buffer_t attribute,
227 gss_buffer_t suffix);
229 composeAttributeName(const gss_buffer_t prefix,
230 const gss_buffer_t suffix,
231 gss_buffer_t attribute);
234 composeAttributeName(unsigned int type,
235 const gss_buffer_t suffix);
237 decomposeAttributeName(const gss_buffer_t attribute,
239 gss_buffer_t suffix) const;
241 composeAttributeName(unsigned int type,
242 const gss_buffer_t suffix,
243 gss_buffer_t attribute) const;
245 gss_eap_attr_provider *getProvider(unsigned int type) const;
248 registerProvider(unsigned int type,
249 gss_eap_attr_create_provider factory);
251 unregisterProvider(unsigned int type);
253 time_t getExpiryTime(void) const;
254 OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
257 bool providerEnabled(unsigned int type) const;
258 void releaseProvider(unsigned int type);
260 unsigned int attributePrefixToType(const gss_buffer_t prefix) const;
261 gss_buffer_desc attributeTypeToPrefix(unsigned int type) const;
263 bool initWithJsonObject(JSONObject &object);
264 JSONObject jsonRepresentation(void) const;
266 gss_eap_attr_provider *getPrimaryProvider(void) const;
268 /* make non-copyable */
269 gss_eap_attr_ctx(const gss_eap_attr_ctx&);
270 gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
273 gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
276 #endif /* __cplusplus */
278 #include "util_radius.h"
279 #include "util_saml.h"
280 #include "util_shib.h"
285 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
289 if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
290 throw std::bad_alloc();
294 duplicateBuffer(std::string &str, gss_buffer_t buffer)
298 tmp.length = str.length();
299 tmp.value = (char *)str.c_str();
301 duplicateBuffer(tmp, buffer);
305 struct gss_eap_attr_ctx;
313 * C wrappers for attribute context functions. These match their
314 * GSS naming extension equivalents. The caller is required to
315 * obtain the name mutex.
319 gssEapCreateAttrContext(OM_uint32 *minor,
320 gss_cred_id_t acceptorCred,
321 gss_ctx_id_t acceptorCtx,
322 struct gss_eap_attr_ctx **pAttrCtx,
323 time_t *pExpiryTime);
326 gssEapInquireName(OM_uint32 *minor,
330 gss_buffer_set_t *attrs);
333 gssEapGetNameAttribute(OM_uint32 *minor,
339 gss_buffer_t display_value,
343 gssEapDeleteNameAttribute(OM_uint32 *minor,
348 gssEapSetNameAttribute(OM_uint32 *minor,
355 gssEapExportAttrContext(OM_uint32 *minor,
356 gss_const_name_t name,
357 gss_buffer_t buffer);
360 gssEapImportAttrContext(OM_uint32 *minor,
365 gssEapDuplicateAttrContext(OM_uint32 *minor,
370 gssEapMapNameToAny(OM_uint32 *minor,
373 gss_buffer_t type_id,
377 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
379 gss_buffer_t type_id,
383 gssEapReleaseAttrContext(OM_uint32 *minor,
390 #endif /* _UTIL_ATTR_H_ */