util_attr.h

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Attribute provider interface.
  35  */
  36
  37 #ifndef _UTIL_ATTR_H_
  38 #define _UTIL_ATTR_H_ 1
  39
  40 #ifdef __cplusplus
  41 #include <string>
  42 #include <new>
  43
  44 struct gss_eap_attr_provider;
  45 struct gss_eap_attr_ctx;
  46
  47 typedef bool
  48 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_provider *source,
  49                                const gss_buffer_t attribute,
  50                                void *data);
  51
  52 #define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
  53 #define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
  54 #define ATTR_TYPE_SAML              2U                  /* SAML attributes */
  55 #define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
  56 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
  57 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
  58
  59 #define ATTR_FLAG_DISABLE_LOCAL     0x00000001
  60
  61 /*
  62  * Attribute provider: this represents a source of attributes derived
  63  * from the security context.
  64  */
  65 struct gss_eap_attr_provider
  66 {
  67 public:
  68     gss_eap_attr_provider(void) {}
  69     virtual ~gss_eap_attr_provider(void) {}
  70
  71     bool initWithManager(const gss_eap_attr_ctx *manager)
  72     {
  73         m_manager = manager;
  74         return true;
  75     }
  76
  77     virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager,
  78                                          const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
  79     {
  80         return initWithManager(manager);
  81     }
  82
  83     virtual bool initFromGssContext(const gss_eap_attr_ctx *manager,
  84                                     const gss_cred_id_t cred GSSEAP_UNUSED,
  85                                     const gss_ctx_id_t ctx GSSEAP_UNUSED)
  86     {
  87         return initWithManager(manager);
  88     }
  89
  90     virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
  91                                    void *data GSSEAP_UNUSED) const
  92     {
  93         return false;
  94     }
  95
  96     virtual bool setAttribute(int complete GSSEAP_UNUSED,
  97                               const gss_buffer_t attr GSSEAP_UNUSED,
  98                               const gss_buffer_t value GSSEAP_UNUSED)
  99     {
 100         return false;
 101     }
 102
 103     virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
 104     {
 105         return false;
 106     }
 107
 108     virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
 109                               int *authenticated GSSEAP_UNUSED,
 110                               int *complete GSSEAP_UNUSED,
 111                               gss_buffer_t value GSSEAP_UNUSED,
 112                               gss_buffer_t display_value GSSEAP_UNUSED,
 113                               int *more GSSEAP_UNUSED) const
 114     {
 115         return false;
 116     }
 117
 118     virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
 119                                gss_buffer_t type_id GSSEAP_UNUSED) const
 120     {
 121         return NULL;
 122     }
 123     virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
 124                                        gss_any_t input GSSEAP_UNUSED) const
 125     {
 126     }
 127
 128     virtual void exportToBuffer(gss_buffer_t buffer GSSEAP_UNUSED) const
 129     {
 130     }
 131
 132     virtual bool initFromBuffer(const gss_eap_attr_ctx *manager,
 133                                 const gss_buffer_t buffer GSSEAP_UNUSED)
 134     {
 135         return initWithManager(manager);
 136     }
 137
 138     virtual time_t getExpiryTime(void) const { return 0; }
 139
 140     virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
 141                                    std::exception &e GSSEAP_UNUSED) const
 142     {
 143         return GSS_S_CONTINUE_NEEDED;
 144     }
 145
 146     static bool init(void) { return true; }
 147     static void finalize(void) {}
 148
 149     static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
 150
 151 protected:
 152     const gss_eap_attr_ctx *m_manager;
 153
 154 private:
 155     /* make non-copyable */
 156     gss_eap_attr_provider(const gss_eap_attr_provider&);
 157     gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
 158 };
 159
 160 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
 161
 162 /*
 163  * Attribute context: this manages a set of providers for a given
 164  * security context.
 165  */
 166 struct gss_eap_attr_ctx
 167 {
 168 public:
 169     gss_eap_attr_ctx(void);
 170     ~gss_eap_attr_ctx(void);
 171
 172     bool initFromExistingContext(const gss_eap_attr_ctx *manager);
 173     bool initFromGssContext(const gss_cred_id_t cred,
 174                             const gss_ctx_id_t ctx);
 175
 176     bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
 177     bool getAttributeTypes(gss_buffer_set_t *attrs);
 178
 179     bool setAttribute(int complete,
 180                       const gss_buffer_t attr,
 181                       const gss_buffer_t value);
 182     bool deleteAttribute(const gss_buffer_t value);
 183     bool getAttribute(const gss_buffer_t attr,
 184                       int *authenticated,
 185                       int *complete,
 186                       gss_buffer_t value,
 187                       gss_buffer_t display_value,
 188                       int *more) const;
 189     gss_any_t mapToAny(int authenticated,
 190                        gss_buffer_t type_id) const;
 191     void releaseAnyNameMapping(gss_buffer_t type_id,
 192                                gss_any_t input) const;
 193
 194     void exportToBuffer(gss_buffer_t buffer) const;
 195     bool initFromBuffer(const gss_buffer_t buffer);
 196
 197     static unsigned int
 198     attributePrefixToType(const gss_buffer_t prefix);
 199
 200     static const gss_buffer_t
 201     attributeTypeToPrefix(unsigned int type);
 202
 203     static void
 204     decomposeAttributeName(const gss_buffer_t attribute,
 205                            gss_buffer_t prefix,
 206                            gss_buffer_t suffix);
 207     static void
 208     composeAttributeName(const gss_buffer_t prefix,
 209                          const gss_buffer_t suffix,
 210                          gss_buffer_t attribute);
 211     static void
 212     decomposeAttributeName(const gss_buffer_t attribute,
 213                            unsigned int *type,
 214                            gss_buffer_t suffix);
 215     static void
 216     composeAttributeName(unsigned int type,
 217                          const gss_buffer_t suffix,
 218                          gss_buffer_t attribute);
 219
 220     static std::string
 221     composeAttributeName(const gss_buffer_t prefix,
 222                          const gss_buffer_t suffix);
 223     static std::string
 224     composeAttributeName(unsigned int type,
 225                          const gss_buffer_t suffix);
 226
 227     gss_eap_attr_provider *getProvider(unsigned int type) const;
 228     gss_eap_attr_provider *getProvider(const gss_buffer_t prefix) const;
 229
 230     static void
 231     registerProvider(unsigned int type,
 232                      const char *prefix,
 233                      gss_eap_attr_create_provider factory);
 234     static void
 235     unregisterProvider(unsigned int type);
 236
 237     time_t getExpiryTime(void) const;
 238     OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
 239
 240 private:
 241     bool providerEnabled(unsigned int type) const;
 242     void releaseProvider(unsigned int type);
 243
 244     gss_eap_attr_provider *getPrimaryProvider(void) const;
 245
 246     /* make non-copyable */
 247     gss_eap_attr_ctx(const gss_eap_attr_ctx&);
 248     gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
 249
 250     uint32_t m_flags;
 251     gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
 252 };
 253
 254 #endif /* __cplusplus */
 255
 256 #include "util_radius.h"
 257 #include "util_saml.h"
 258 #include "util_shib.h"
 259
 260 #ifdef __cplusplus
 261
 262 static inline void
 263 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
 264 {
 265     OM_uint32 minor;
 266
 267     if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
 268         throw new std::bad_alloc();
 269 }
 270
 271 static inline void
 272 duplicateBuffer(std::string &str, gss_buffer_t buffer)
 273 {
 274     gss_buffer_desc tmp;
 275
 276     tmp.length = str.length();
 277     tmp.value = (char *)str.c_str();
 278
 279     duplicateBuffer(tmp, buffer);
 280 }
 281
 282 #else
 283 struct gss_eap_attr_ctx;
 284 #endif
 285
 286 #ifdef __cplusplus
 287 extern "C" {
 288 #endif
 289
 290 /*
 291  * C wrappers for attribute context functions. These match their
 292  * GSS naming extension equivalents. The caller is required to
 293  * obtain the name mutex.
 294  */
 295
 296 OM_uint32
 297 gssEapCreateAttrContext(OM_uint32 *minor,
 298                         gss_cred_id_t acceptorCred,
 299                         gss_ctx_id_t acceptorCtx,
 300                         struct gss_eap_attr_ctx **pAttrCtx,
 301                         time_t *pExpiryTime);
 302
 303 OM_uint32
 304 gssEapInquireName(OM_uint32 *minor,
 305                   gss_name_t name,
 306                   int *name_is_MN,
 307                   gss_OID *MN_mech,
 308                   gss_buffer_set_t *attrs);
 309
 310 OM_uint32
 311 gssEapGetNameAttribute(OM_uint32 *minor,
 312                        gss_name_t name,
 313                        gss_buffer_t attr,
 314                        int *authenticated,
 315                        int *complete,
 316                        gss_buffer_t value,
 317                        gss_buffer_t display_value,
 318                        int *more);
 319
 320 OM_uint32
 321 gssEapDeleteNameAttribute(OM_uint32 *minor,
 322                           gss_name_t name,
 323                           gss_buffer_t attr);
 324
 325 OM_uint32
 326 gssEapSetNameAttribute(OM_uint32 *minor,
 327                        gss_name_t name,
 328                        int complete,
 329                        gss_buffer_t attr,
 330                        gss_buffer_t value);
 331
 332 OM_uint32
 333 gssEapExportAttrContext(OM_uint32 *minor,
 334                         gss_name_t name,
 335                         gss_buffer_t buffer);
 336
 337 OM_uint32
 338 gssEapImportAttrContext(OM_uint32 *minor,
 339                         gss_buffer_t buffer,
 340                         gss_name_t name);
 341
 342 OM_uint32
 343 gssEapDuplicateAttrContext(OM_uint32 *minor,
 344                            gss_name_t in,
 345                            gss_name_t out);
 346
 347 OM_uint32
 348 gssEapMapNameToAny(OM_uint32 *minor,
 349                    gss_name_t name,
 350                    int authenticated,
 351                    gss_buffer_t type_id,
 352                    gss_any_t *output);
 353
 354 OM_uint32
 355 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
 356                             gss_name_t name,
 357                             gss_buffer_t type_id,
 358                             gss_any_t *input);
 359
 360 OM_uint32
 361 gssEapReleaseAttrContext(OM_uint32 *minor,
 362                          gss_name_t name);
 363
 364 OM_uint32
 365 gssEapAttrProvidersFinalize(OM_uint32 *minor);
 366
 367 #ifdef __cplusplus
 368 }
 369 #endif
 370
 371 #endif /* _UTIL_ATTR_H_ */