2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
40 /* lazy initialisation */
41 static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER;
42 static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE;
45 gssEapAttrProvidersInitInternal(void)
47 OM_uint32 major, minor;
49 assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE);
51 major = gssEapRadiusAttrProviderInit(&minor);
52 if (major == GSS_S_COMPLETE)
53 major = gssEapSamlAttrProvidersInit(&minor);
54 if (major == GSS_S_COMPLETE)
55 major = gssEapLocalAttrProviderInit(&minor);
58 assert(major == GSS_S_COMPLETE);
61 gssEapAttrProvidersInitStatus = major;
65 gssEapAttrProvidersInit(void)
67 GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal);
68 return gssEapAttrProvidersInitStatus;
72 gssEapAttrProvidersFinalize(OM_uint32 *minor)
74 OM_uint32 major = GSS_S_COMPLETE;
76 if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) {
77 major = gssEapLocalAttrProviderFinalize(minor);
78 if (major == GSS_S_COMPLETE)
79 major = gssEapSamlAttrProvidersFinalize(minor);
80 if (major == GSS_S_COMPLETE)
81 major = gssEapRadiusAttrProviderFinalize(minor);
83 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE;
89 static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1];
90 static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1];
93 * Register a provider for a particular type and prefix
96 gss_eap_attr_ctx::registerProvider(unsigned int type,
98 gss_eap_attr_create_provider factory)
100 assert(type <= ATTR_TYPE_MAX);
102 assert(gssEapAttrFactories[type] == NULL);
104 gssEapAttrFactories[type] = factory;
105 if (prefix != NULL) {
106 gssEapAttrPrefixes[type].value = (void *)prefix;
107 gssEapAttrPrefixes[type].length = strlen(prefix);
109 gssEapAttrPrefixes[type].value = NULL;
110 gssEapAttrPrefixes[type].length = 0;
115 * Unregister a provider
118 gss_eap_attr_ctx::unregisterProvider(unsigned int type)
120 assert(type <= ATTR_TYPE_MAX);
122 gssEapAttrFactories[type] = NULL;
123 gssEapAttrPrefixes[type].value = NULL;
124 gssEapAttrPrefixes[type].length = 0;
128 * Create an attribute context, that manages instances of providers
130 gss_eap_attr_ctx::gss_eap_attr_ctx(void)
134 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
135 gss_eap_attr_provider *provider;
137 if (gssEapAttrFactories[i] != NULL) {
138 provider = (gssEapAttrFactories[i])();
143 m_providers[i] = provider;
148 * Convert an attribute prefix to a type
151 gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix)
155 for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) {
156 if (bufferEqual(&gssEapAttrPrefixes[i], prefix))
160 return ATTR_TYPE_LOCAL;
164 * Convert a type to an attribute prefix
167 gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type)
169 if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX)
170 return GSS_C_NO_BUFFER;
172 return &gssEapAttrPrefixes[type];
176 gss_eap_attr_ctx::providerEnabled(unsigned int type) const
178 if (type == ATTR_TYPE_LOCAL &&
179 (m_flags & ATTR_FLAG_DISABLE_LOCAL))
182 if (m_providers[type] == NULL)
189 gss_eap_attr_ctx::releaseProvider(unsigned int type)
191 delete m_providers[type];
192 m_providers[type] = NULL;
196 * Initialize a context from an existing context.
199 gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager)
203 m_flags = manager->m_flags;
205 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
206 gss_eap_attr_provider *provider;
208 if (!providerEnabled(i)) {
213 provider = m_providers[i];
215 ret = provider->initFromExistingContext(this,
216 manager->m_providers[i]);
227 * Initialize a context from a GSS credential and context.
230 gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred,
231 const gss_ctx_id_t ctx)
235 if (cred != GSS_C_NO_CREDENTIAL &&
236 (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) {
237 m_flags |= ATTR_FLAG_DISABLE_LOCAL;
240 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
241 gss_eap_attr_provider *provider;
243 if (!providerEnabled(i)) {
248 provider = m_providers[i];
250 ret = provider->initFromGssContext(this, cred, ctx);
261 * Initialize a context from an exported context or name token
264 gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
267 gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
268 gss_buffer_desc primaryBuf;
270 if (buffer->length < 4)
273 m_flags = load_uint32_be(buffer->value);
275 primaryBuf.length = buffer->length - 4;
276 primaryBuf.value = (char *)buffer->value + 4;
278 ret = primaryProvider->initFromBuffer(this, &primaryBuf);
282 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
283 gss_eap_attr_provider *provider;
285 if (!providerEnabled(i)) {
290 provider = m_providers[i];
291 if (provider == primaryProvider)
294 ret = provider->initFromGssContext(this,
306 gss_eap_attr_ctx::~gss_eap_attr_ctx(void)
308 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++)
309 delete m_providers[i];
313 * Locate provider for a given type
315 gss_eap_attr_provider *
316 gss_eap_attr_ctx::getProvider(unsigned int type) const
318 assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX);
319 return m_providers[type];
323 * Locate provider for a given prefix
325 gss_eap_attr_provider *
326 gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const
330 type = attributePrefixToType(prefix);
332 return m_providers[type];
336 * Get primary provider. Only the primary provider is serialised when
337 * gss_export_sec_context() or gss_export_name_composite() is called.
339 gss_eap_attr_provider *
340 gss_eap_attr_ctx::getPrimaryProvider(void) const
342 return m_providers[ATTR_TYPE_MIN];
349 gss_eap_attr_ctx::setAttribute(int complete,
350 const gss_buffer_t attr,
351 const gss_buffer_t value)
353 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
355 gss_eap_attr_provider *provider;
357 decomposeAttributeName(attr, &type, &suffix);
359 provider = m_providers[type];
360 if (provider != NULL) {
361 provider->setAttribute(complete,
362 (type == ATTR_TYPE_LOCAL) ? attr : &suffix,
365 /* XXX TODO throw exception */
370 * Delete an attrbiute
373 gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr)
375 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
377 gss_eap_attr_provider *provider;
379 decomposeAttributeName(attr, &type, &suffix);
381 provider = m_providers[type];
382 if (provider != NULL)
383 provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix);
387 * Enumerate attribute types with callback
390 gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const
395 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
396 gss_eap_attr_provider *provider = m_providers[i];
398 if (provider == NULL)
401 ret = provider->getAttributeTypes(cb, data);
409 struct eap_gss_get_attr_types_args {
411 gss_buffer_set_t attrs;
415 addAttribute(const gss_eap_attr_provider *provider,
416 const gss_buffer_t attribute,
419 eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data;
420 gss_buffer_desc qualified;
421 OM_uint32 major, minor;
423 if (args->type != ATTR_TYPE_LOCAL) {
424 gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified);
425 major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs);
426 gss_release_buffer(&minor, &qualified);
428 major = gss_add_buffer_set_member(&minor, attribute, &args->attrs);
431 return GSS_ERROR(major) == false;
435 * Enumerate attribute types, output is buffer set
438 gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs)
440 eap_gss_get_attr_types_args args;
441 OM_uint32 major, minor;
445 major = gss_create_empty_buffer_set(&minor, attrs);
446 if (GSS_ERROR(major)) {
447 throw new std::bad_alloc;
453 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
454 gss_eap_attr_provider *provider = m_providers[i];
458 if (provider == NULL)
461 ret = provider->getAttributeTypes(addAttribute, (void *)&args);
467 gss_release_buffer_set(&minor, attrs);
473 * Get attribute with given name
476 gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr,
480 gss_buffer_t display_value,
483 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
485 gss_eap_attr_provider *provider;
488 decomposeAttributeName(attr, &type, &suffix);
490 provider = m_providers[type];
491 if (provider == NULL)
494 ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix,
495 authenticated, complete,
496 value, display_value, more);
502 * Map attribute context to C++ object
505 gss_eap_attr_ctx::mapToAny(int authenticated,
506 gss_buffer_t type_id) const
509 gss_eap_attr_provider *provider;
510 gss_buffer_desc suffix;
512 decomposeAttributeName(type_id, &type, &suffix);
514 provider = m_providers[type];
515 if (provider == NULL)
516 return (gss_any_t)NULL;
518 return provider->mapToAny(authenticated, &suffix);
522 * Release mapped context
525 gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id,
526 gss_any_t input) const
529 gss_eap_attr_provider *provider;
530 gss_buffer_desc suffix;
532 decomposeAttributeName(type_id, &type, &suffix);
534 provider = m_providers[type];
535 if (provider != NULL)
536 provider->releaseAnyNameMapping(&suffix, input);
540 * Export attribute context to buffer
543 gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
545 const gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
550 primaryProvider->exportToBuffer(&tmp);
552 buffer->length = 4 + tmp.length;
553 buffer->value = GSSEAP_MALLOC(buffer->length);
554 if (buffer->value == NULL)
555 throw new std::bad_alloc;
557 p = (unsigned char *)buffer->value;
558 store_uint32_be(m_flags, p);
559 memcpy(p + 4, tmp.value, tmp.length);
561 gss_release_buffer(&tmpMinor, &tmp);
565 * Return soonest expiry time of providers
568 gss_eap_attr_ctx::getExpiryTime(void) const
571 time_t expiryTime = 0;
573 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
574 gss_eap_attr_provider *provider = m_providers[i];
575 time_t providerExpiryTime;
577 if (provider == NULL)
580 providerExpiryTime = provider->getExpiryTime();
581 if (providerExpiryTime == 0)
584 if (expiryTime == 0 || providerExpiryTime < expiryTime)
585 expiryTime = providerExpiryTime;
592 * Map C++ exception to GSS status
595 mapException(OM_uint32 *minor, std::exception &e)
597 OM_uint32 major = GSS_S_FAILURE;
599 /* XXX TODO implement other mappings */
600 if (typeid(e) == typeid(std::bad_alloc))
606 /* rethrow for now for debugging */
614 * Decompose attribute name into prefix and suffix
617 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
624 for (i = 0; i < attribute->length; i++) {
625 if (((char *)attribute->value)[i] == ' ') {
626 p = (char *)attribute->value + i + 1;
631 prefix->value = attribute->value;
634 if (p != NULL && *p != '\0') {
635 suffix->length = attribute->length - 1 - prefix->length;
639 suffix->value = NULL;
644 * Decompose attribute name into type and suffix
647 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
651 gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER;
653 decomposeAttributeName(attribute, &prefix, suffix);
654 *type = attributePrefixToType(&prefix);
658 * Compose attribute name from prefix, suffix; returns C++ string
661 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
662 const gss_buffer_t suffix)
666 if (prefix == GSS_C_NO_BUFFER || prefix->length == 0)
669 str.append((const char *)prefix->value, prefix->length);
671 if (suffix != GSS_C_NO_BUFFER) {
673 str.append((const char *)suffix->value, suffix->length);
680 * Compose attribute name from type, suffix; returns C++ string
683 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
684 const gss_buffer_t suffix)
686 const gss_buffer_t prefix = attributeTypeToPrefix(type);
688 return composeAttributeName(prefix, suffix);
692 * Compose attribute name from prefix, suffix; returns GSS buffer
695 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
696 const gss_buffer_t suffix,
697 gss_buffer_t attribute)
699 std::string str = composeAttributeName(prefix, suffix);
701 if (str.length() != 0) {
702 return duplicateBuffer(str, attribute);
704 attribute->length = 0;
705 attribute->value = NULL;
710 * Compose attribute name from type, suffix; returns GSS buffer
713 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
714 const gss_buffer_t suffix,
715 gss_buffer_t attribute)
717 gss_buffer_t prefix = attributeTypeToPrefix(type);
719 return composeAttributeName(prefix, suffix, attribute);
726 gssEapInquireName(OM_uint32 *minor,
730 gss_buffer_set_t *attrs)
732 if (name->attrCtx == NULL)
733 return GSS_S_UNAVAILABLE;
735 if (GSS_ERROR(gssEapAttrProvidersInit()))
736 return GSS_S_UNAVAILABLE;
739 if (!name->attrCtx->getAttributeTypes(attrs))
740 return GSS_S_UNAVAILABLE;
741 } catch (std::exception &e) {
742 return mapException(minor, e);
745 return GSS_S_COMPLETE;
749 gssEapGetNameAttribute(OM_uint32 *minor,
755 gss_buffer_t display_value,
766 if (display_value != NULL) {
767 display_value->length = 0;
768 display_value->value = NULL;
771 if (name->attrCtx == NULL)
772 return GSS_S_UNAVAILABLE;
774 if (GSS_ERROR(gssEapAttrProvidersInit()))
775 return GSS_S_UNAVAILABLE;
778 if (!name->attrCtx->getAttribute(attr, authenticated, complete,
779 value, display_value, more))
780 return GSS_S_UNAVAILABLE;
781 } catch (std::exception &e) {
782 return mapException(minor, e);
785 return GSS_S_COMPLETE;
789 gssEapDeleteNameAttribute(OM_uint32 *minor,
793 if (name->attrCtx == NULL)
794 return GSS_S_UNAVAILABLE;
796 if (GSS_ERROR(gssEapAttrProvidersInit()))
797 return GSS_S_UNAVAILABLE;
800 name->attrCtx->deleteAttribute(attr);
801 } catch (std::exception &ex) {
802 return mapException(minor, ex);
805 return GSS_S_COMPLETE;
809 gssEapSetNameAttribute(OM_uint32 *minor,
815 if (name->attrCtx == NULL)
816 return GSS_S_UNAVAILABLE;
818 if (GSS_ERROR(gssEapAttrProvidersInit()))
819 return GSS_S_UNAVAILABLE;
822 name->attrCtx->setAttribute(complete, attr, value);
823 } catch (std::exception &ex) {
824 return mapException(minor, ex);
827 return GSS_S_COMPLETE;
831 gssEapExportAttrContext(OM_uint32 *minor,
835 if (name->attrCtx == NULL) {
837 buffer->value = NULL;
839 return GSS_S_COMPLETE;
842 if (GSS_ERROR(gssEapAttrProvidersInit()))
843 return GSS_S_UNAVAILABLE;
846 name->attrCtx->exportToBuffer(buffer);
847 } catch (std::exception &e) {
848 return mapException(minor, e);
851 return GSS_S_COMPLETE;
855 gssEapImportAttrContext(OM_uint32 *minor,
859 gss_eap_attr_ctx *ctx = NULL;
861 assert(name->attrCtx == NULL);
863 if (GSS_ERROR(gssEapAttrProvidersInit()))
864 return GSS_S_UNAVAILABLE;
866 if (buffer->length != 0) {
868 ctx = new gss_eap_attr_ctx();
870 if (!ctx->initFromBuffer(buffer)) {
872 return GSS_S_DEFECTIVE_TOKEN;
875 } catch (std::exception &e) {
877 return mapException(minor, e);
881 return GSS_S_COMPLETE;
885 gssEapDuplicateAttrContext(OM_uint32 *minor,
889 gss_eap_attr_ctx *ctx = NULL;
891 assert(out->attrCtx == NULL);
893 if (GSS_ERROR(gssEapAttrProvidersInit()))
894 return GSS_S_UNAVAILABLE;
897 if (in->attrCtx != NULL) {
898 ctx = new gss_eap_attr_ctx();
899 if (!ctx->initFromExistingContext(in->attrCtx)) {
901 return GSS_S_FAILURE;
905 } catch (std::exception &e) {
907 return mapException(minor, e);
910 return GSS_S_COMPLETE;
914 gssEapMapNameToAny(OM_uint32 *minor,
917 gss_buffer_t type_id,
920 if (name->attrCtx == NULL)
921 return GSS_S_UNAVAILABLE;
923 if (GSS_ERROR(gssEapAttrProvidersInit()))
924 return GSS_S_UNAVAILABLE;
927 *output = name->attrCtx->mapToAny(authenticated, type_id);
928 } catch (std::exception &e) {
929 return mapException(minor, e);
932 return GSS_S_COMPLETE;
936 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
938 gss_buffer_t type_id,
941 if (name->attrCtx == NULL)
942 return GSS_S_UNAVAILABLE;
944 if (GSS_ERROR(gssEapAttrProvidersInit()))
945 return GSS_S_UNAVAILABLE;
949 name->attrCtx->releaseAnyNameMapping(type_id, *input);
951 } catch (std::exception &e) {
952 return mapException(minor, e);
955 return GSS_S_COMPLETE;
959 gssEapReleaseAttrContext(OM_uint32 *minor,
962 if (name->attrCtx != NULL)
963 delete name->attrCtx;
965 return GSS_S_COMPLETE;
969 * Public accessor for initialisng a context from a GSS context. Also
970 * sets expiry time on GSS context as a side-effect.
972 struct gss_eap_attr_ctx *
973 gssEapCreateAttrContext(gss_cred_id_t gssCred,
976 gss_eap_attr_ctx *ctx;
978 assert(gssCtx != GSS_C_NO_CONTEXT);
980 if (GSS_ERROR(gssEapAttrProvidersInit()))
983 ctx = new gss_eap_attr_ctx();
984 if (!ctx->initFromGssContext(gssCred, gssCtx)) {
989 gssCtx->expiryTime = ctx->getExpiryTime();
projects / mech_eap.git / blob