projects / mech_eap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
map Shibboleth/OpenSAML exceptions to mech errors
[mech_eap.git] / util_saml.cpp
1 /*
2  * Copyright (c) 2010, JANET(UK)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * 3. Neither the name of JANET(UK) nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32
33 /*
34  * SAML attribute provider implementation.
35  */
36
37 #include "gssapiP_eap.h"
38
39 #include <sstream>
40
41 #include <xercesc/util/XMLUniDefs.hpp>
42 #include <xmltooling/unicode.h>
43 #include <xmltooling/XMLToolingConfig.h>
44 #include <xmltooling/util/XMLHelper.h>
45 #include <xmltooling/util/ParserPool.h>
46 #include <xmltooling/util/DateTime.h>
47
48 #include <saml/exceptions.h>
49 #include <saml/saml1/core/Assertions.h>
50 #include <saml/saml2/core/Assertions.h>
51 #include <saml/saml2/metadata/Metadata.h>
52 #include <saml/saml2/metadata/MetadataProvider.h>
53
54 using namespace xmltooling;
55 using namespace opensaml::saml2md;
56 using namespace opensaml;
57 using namespace xercesc;
58 using namespace std;
59
60 /*
61  * gss_eap_saml_assertion_provider is for retrieving the underlying
62  * assertion.
63  */
64 gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void)
65 {
66     m_assertion = NULL;
67     m_authenticated = false;
68 }
69
70 gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
71 {
72     delete m_assertion;
73 }
74
75 bool
76 gss_eap_saml_assertion_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
77                                                          const gss_eap_attr_provider *ctx)
78 {
79     /* Then we may be creating from an existing attribute context */
80     const gss_eap_saml_assertion_provider *saml;
81
82     assert(m_assertion == NULL);
83
84     if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
85         return false;
86
87     saml = static_cast<const gss_eap_saml_assertion_provider *>(ctx);
88     setAssertion(saml->getAssertion(), saml->authenticated());
89
90     return true;
91 }
92
93 bool
94 gss_eap_saml_assertion_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
95                                                     const gss_cred_id_t gssCred,
96                                                     const gss_ctx_id_t gssCtx)
97 {
98     const gss_eap_radius_attr_provider *radius;
99     gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
100     int authenticated, complete;
101     OM_uint32 minor;
102
103     assert(m_assertion == NULL);
104
105     if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
106         return false;
107
108     /*
109      * XXX TODO we need to support draft-howlett-radius-saml-attr-00
110      */
111     radius = static_cast<const gss_eap_radius_attr_provider *>
112         (m_manager->getProvider(ATTR_TYPE_RADIUS));
113     if (radius != NULL &&
114         radius->getFragmentedAttribute(PW_SAML_AAA_ASSERTION,
115                                        VENDORPEC_UKERNA,
116                                        &authenticated, &complete, &value)) {
117         setAssertion(&value, authenticated);
118         gss_release_buffer(&minor, &value);
119     } else {
120         m_assertion = NULL;
121     }
122
123     return true;
124 }
125
126 void
127 gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion,
128                                               bool authenticated)
129 {
130
131     delete m_assertion;
132
133     if (assertion != NULL) {
134 #ifdef __APPLE__
135         m_assertion = (saml2::Assertion *)((void *)assertion->clone());
136 #else
137         m_assertion = dynamic_cast<saml2::Assertion *>(assertion->clone());
138 #endif
139         m_authenticated = authenticated;
140     } else {
141         m_assertion = NULL;
142         m_authenticated = false;
143     }
144 }
145
146 void
147 gss_eap_saml_assertion_provider::setAssertion(const gss_buffer_t buffer,
148                                               bool authenticated)
149 {
150     delete m_assertion;
151
152     m_assertion = parseAssertion(buffer);
153     m_authenticated = (m_assertion != NULL && authenticated);
154 }
155
156 saml2::Assertion *
157 gss_eap_saml_assertion_provider::parseAssertion(const gss_buffer_t buffer)
158 {
159     string str((char *)buffer->value, buffer->length);
160     istringstream istream(str);
161     DOMDocument *doc;
162     const XMLObjectBuilder *b;
163
164     doc = XMLToolingConfig::getConfig().getParser().parse(istream);
165     if (doc == NULL)
166         return NULL;
167
168     b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
169
170 #ifdef __APPLE__
171     return (saml2::Assertion *)((void *)b->buildFromDocument(doc));
172 #else
173     return dynamic_cast<saml2::Assertion *>(b->buildFromDocument(doc));
174 #endif
175 }
176
177 bool
178 gss_eap_saml_assertion_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
179                                                    void *data) const
180 {
181     bool ret;
182
183     /* just add the prefix */
184     if (m_assertion != NULL)
185         ret = addAttribute(this, GSS_C_NO_BUFFER, data);
186     else
187         ret = true;
188
189     return ret;
190 }
191
192 bool
193 gss_eap_saml_assertion_provider::setAttribute(int complete,
194                                               const gss_buffer_t attr,
195                                               const gss_buffer_t value)
196 {
197     if (attr == GSS_C_NO_BUFFER || attr->length == 0) {
198         setAssertion(value);
199         return true;
200     }
201
202     return false;
203 }
204
205 bool
206 gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value)
207 {
208     delete m_assertion;
209     m_assertion = NULL;
210     m_authenticated = false;
211
212     return true;
213 }
214
215 time_t
216 gss_eap_saml_assertion_provider::getExpiryTime(void) const
217 {
218     saml2::Conditions *conditions;
219     time_t expiryTime = 0;
220
221     if (m_assertion == NULL)
222         return 0;
223
224     conditions = m_assertion->getConditions();
225
226     if (conditions != NULL && conditions->getNotOnOrAfter() != NULL)
227         expiryTime = conditions->getNotOnOrAfter()->getEpoch();
228
229     return expiryTime;
230 }
231
232 OM_uint32
233 gss_eap_saml_assertion_provider::mapException(OM_uint32 *minor,
234                                               std::exception &e) const
235 {
236     if (typeid(e) == typeid(SecurityPolicyException))
237         *minor = GSSEAP_SAML_SEC_POLICY_FAILURE;
238     else if (typeid(e) == typeid(BindingException))
239         *minor = GSSEAP_SAML_BINDING_FAILURE;
240     else if (typeid(e) == typeid(ProfileException))
241         *minor = GSSEAP_SAML_PROFILE_FAILURE;
242     else if (typeid(e) == typeid(FatalProfileException))
243         *minor = GSSEAP_SAML_FATAL_PROFILE_FAILURE;
244     else if (typeid(e) == typeid(RetryableProfileException))
245         *minor = GSSEAP_SAML_RETRY_PROFILE_FAILURE;
246     else if (typeid(e) == typeid(MetadataException))
247         *minor = GSSEAP_SAML_METADATA_FAILURE;
248     else
249         return GSS_S_CONTINUE_NEEDED;
250
251     return GSS_S_FAILURE;
252 }
253
254 bool
255 gss_eap_saml_assertion_provider::getAttribute(const gss_buffer_t attr,
256                                               int *authenticated,
257                                               int *complete,
258                                               gss_buffer_t value,
259                                               gss_buffer_t display_value,
260                                               int *more) const
261 {
262     string str;
263
264     if (attr != GSS_C_NO_BUFFER && attr->length != 0)
265         return false;
266
267     if (m_assertion == NULL)
268         return false;
269
270     if (*more != -1)
271         return false;
272
273     if (authenticated != NULL)
274         *authenticated = m_authenticated;
275     if (complete != NULL)
276         *complete = true;
277
278     XMLHelper::serialize(m_assertion->marshall((DOMDocument *)NULL), str);
279
280     duplicateBuffer(str, value);
281     *more = 0;
282
283     return true;
284 }
285
286 gss_any_t
287 gss_eap_saml_assertion_provider::mapToAny(int authenticated,
288                                           gss_buffer_t type_id) const
289 {
290     if (authenticated && !m_authenticated)
291         return (gss_any_t)NULL;
292
293     return (gss_any_t)m_assertion;
294 }
295
296 void
297 gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id,
298                                                        gss_any_t input) const
299 {
300     delete ((saml2::Assertion *)input);
301 }
302
303 void
304 gss_eap_saml_assertion_provider::exportToBuffer(gss_buffer_t buffer) const
305 {
306     ostringstream sink;
307     string str;
308
309     buffer->length = 0;
310     buffer->value = NULL;
311
312     if (m_assertion == NULL)
313         return;
314
315     sink << *m_assertion;
316     str = sink.str();
317
318     duplicateBuffer(str, buffer);
319 }
320
321 bool
322 gss_eap_saml_assertion_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
323                                                 const gss_buffer_t buffer)
324 {
325     if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
326         return false;
327
328     if (buffer->length == 0)
329         return true;
330
331     assert(m_assertion == NULL);
332
333     setAssertion(buffer);
334     /* TODO XXX how to propagate authenticated flag? */
335
336     return true;
337 }
338
339 bool
340 gss_eap_saml_assertion_provider::init(void)
341 {
342     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION,
343                                        "urn:ietf:params:gss-eap:saml-aaa-assertion",
344                                        gss_eap_saml_assertion_provider::createAttrContext);
345     return true;
346 }
347
348 void
349 gss_eap_saml_assertion_provider::finalize(void)
350 {
351     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML_ASSERTION);
352 }
353
354 gss_eap_attr_provider *
355 gss_eap_saml_assertion_provider::createAttrContext(void)
356 {
357     return new gss_eap_saml_assertion_provider;
358 }
359
360 saml2::Assertion *
361 gss_eap_saml_assertion_provider::initAssertion(void)
362 {
363     delete m_assertion;
364     m_assertion = saml2::AssertionBuilder::buildAssertion();
365     m_authenticated = false;
366
367     return m_assertion;
368 }
369
370 /*
371  * gss_eap_saml_attr_provider is for retrieving the underlying attributes.
372  */
373 bool
374 gss_eap_saml_attr_provider::getAssertion(int *authenticated,
375                                          saml2::Assertion **pAssertion,
376                                          bool createIfAbsent) const
377 {
378     gss_eap_saml_assertion_provider *saml;
379
380     if (authenticated != NULL)
381         *authenticated = false;
382     if (pAssertion != NULL)
383         *pAssertion = NULL;
384
385     saml = static_cast<const gss_eap_saml_assertion_provider *>
386         (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION));
387     if (saml == NULL)
388         return false;
389
390     if (authenticated != NULL)
391         *authenticated = saml->authenticated();
392     if (pAssertion != NULL)
393         *pAssertion = saml->getAssertion();
394
395     if (saml->getAssertion() == NULL) {
396         if (createIfAbsent) {
397             if (authenticated != NULL)
398                 *authenticated = false;
399             if (pAssertion != NULL)
400                 *pAssertion = saml->initAssertion();
401         } else
402             return false;
403     }
404
405     return true;
406 }
407
408 bool
409 gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
410                                               void *data) const
411 {
412     saml2::Assertion *assertion;
413     int authenticated;
414
415     if (!getAssertion(&authenticated, &assertion))
416         return true;
417
418     /*
419      * Note: the first prefix is added by the attribute provider manager
420      *
421      * From draft-hartman-gss-eap-naming-00:
422      *
423      *   Each attribute carried in the assertion SHOULD also be a GSS name
424      *   attribute.  The name of this attribute has three parts, all separated
425      *   by an ASCII space character.  The first part is
426      *   urn:ietf:params:gss-eap:saml-attr.  The second part is the URI for
427      *   the SAML attribute name format.  The final part is the name of the
428      *   SAML attribute.  If the mechanism performs an additional attribute
429      *   query, the retrieved attributes SHOULD be GSS-API name attributes
430      *   using the same name syntax.
431      */
432     /* For each attribute statement, look for an attribute match */
433     const vector <saml2::AttributeStatement *> &statements =
434         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
435
436     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
437         s != statements.end();
438         ++s) {
439         const vector<saml2::Attribute*> &attrs =
440             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
441
442         for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
443             const XMLCh *attributeName = (*a)->getName();
444             const XMLCh *attributeNameFormat = (*a)->getNameFormat();
445             XMLCh *qualifiedName;
446             XMLCh space[2] = { ' ', 0 };
447             gss_buffer_desc utf8;
448             bool ret;
449
450             qualifiedName = new XMLCh[XMLString::stringLen(attributeNameFormat) + 1 +
451                                       XMLString::stringLen(attributeName) + 1];
452             XMLString::copyString(qualifiedName, attributeNameFormat);
453             XMLString::catString(qualifiedName, space);
454             XMLString::catString(qualifiedName, attributeName);
455
456             utf8.value = (void *)toUTF8(qualifiedName);
457             utf8.length = strlen((char *)utf8.value);
458
459             ret = addAttribute(this, &utf8, data);
460
461             delete qualifiedName;
462
463             if (!ret)
464                 return ret;
465         }
466     }
467
468     return true;
469 }
470
471 static BaseRefVectorOf<XMLCh> *
472 decomposeAttributeName(const gss_buffer_t attr)
473 {
474     XMLCh *qualifiedAttr = new XMLCh[attr->length + 1];
475     XMLString::transcode((const char *)attr->value, qualifiedAttr, attr->length);
476
477     BaseRefVectorOf<XMLCh> *components = XMLString::tokenizeString(qualifiedAttr);
478
479     delete qualifiedAttr;
480
481     if (components->size() != 2) {
482         delete components;
483         components = NULL;
484     }
485
486     return components;
487 }
488
489 bool
490 gss_eap_saml_attr_provider::setAttribute(int complete,
491                                          const gss_buffer_t attr,
492                                          const gss_buffer_t value)
493 {
494     saml2::Assertion *assertion;
495     saml2::Attribute *attribute;
496     saml2::AttributeValue *attributeValue;
497     saml2::AttributeStatement *attributeStatement;
498
499     if (!getAssertion(NULL, &assertion, true))
500         return false;
501
502     if (assertion->getAttributeStatements().size() != 0) {
503         attributeStatement = assertion->getAttributeStatements().front();
504     } else {
505         attributeStatement = saml2::AttributeStatementBuilder::buildAttributeStatement();
506         assertion->getAttributeStatements().push_back(attributeStatement);
507     }
508
509     /* Check the attribute name consists of name format | whsp | name */
510     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
511     if (components == NULL)
512         return false;
513
514     attribute = saml2::AttributeBuilder::buildAttribute();
515     attribute->setNameFormat(components->elementAt(0));
516     attribute->setName(components->elementAt(1));
517
518     XMLCh *xmlValue = new XMLCh[value->length + 1];
519     XMLString::transcode((const char *)value->value, xmlValue, attr->length);
520
521     attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
522     attributeValue->setTextContent(xmlValue);
523
524     attribute->getAttributeValues().push_back(attributeValue);
525
526     assert(attributeStatement != NULL);
527     attributeStatement->getAttributes().push_back(attribute);
528
529     delete components;
530     delete xmlValue;
531
532     return true;
533 }
534
535 bool
536 gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t attr)
537 {
538     saml2::Assertion *assertion;
539     bool ret = false;
540
541     if (!getAssertion(NULL, &assertion) ||
542         assertion->getAttributeStatements().size() == 0)
543         return false;
544
545     /* Check the attribute name consists of name format | whsp | name */
546     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
547     if (components == NULL)
548         return false;
549
550     /* For each attribute statement, look for an attribute match */
551     const vector<saml2::AttributeStatement *> &statements =
552         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
553
554     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
555         s != statements.end();
556         ++s) {
557         const vector<saml2::Attribute *> &attrs =
558             const_cast<const saml2::AttributeStatement *>(*s)->getAttributes();
559         ssize_t index = -1, i = 0;
560
561         /* There's got to be an easier way to do this */
562         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin();
563              a != attrs.end();
564              ++a) {
565             if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
566                 XMLString::equals((*a)->getName(), components->elementAt(1))) {
567                 index = i;
568                 break;
569             }
570             ++i;
571         }
572         if (index != -1) {
573             (*s)->getAttributes().erase((*s)->getAttributes().begin() + index);
574             ret = true;
575         }
576     }
577
578     delete components;
579
580     return ret;
581 }
582
583 bool
584 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
585                                          int *authenticated,
586                                          int *complete,
587                                          const saml2::Attribute **pAttribute) const
588 {
589     saml2::Assertion *assertion;
590
591     if (authenticated != NULL)
592         *authenticated = false;
593     if (complete != NULL)
594         *complete = true;
595     *pAttribute = NULL;
596
597     if (!getAssertion(authenticated, &assertion) ||
598         assertion->getAttributeStatements().size() == 0)
599         return false;
600
601     /* Check the attribute name consists of name format | whsp | name */
602     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
603     if (components == NULL)
604         return false;
605
606     /* For each attribute statement, look for an attribute match */
607     const vector <saml2::AttributeStatement *> &statements =
608         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
609     const saml2::Attribute *ret = NULL;
610
611     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
612         s != statements.end();
613         ++s) {
614         const vector<saml2::Attribute *> &attrs =
615             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
616
617         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
618             if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
619                 XMLString::equals((*a)->getName(), components->elementAt(1))) {
620                 ret = *a;
621                 break;
622             }
623         }
624
625         if (ret != NULL)
626             break;
627     }
628
629     delete components;
630
631     *pAttribute = ret;
632
633     return (ret != NULL);
634 }
635
636 bool
637 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
638                                          int *authenticated,
639                                          int *complete,
640                                          gss_buffer_t value,
641                                          gss_buffer_t display_value,
642                                          int *more) const
643 {
644     const saml2::Attribute *a;
645     const saml2::AttributeValue *av;
646     int nvalues, i = *more;
647
648     *more = 0;
649
650     if (!getAttribute(attr, authenticated, complete, &a))
651         return false;
652
653     nvalues = a->getAttributeValues().size();
654
655     if (i == -1)
656         i = 0;
657     else if (i >= nvalues)
658         return false;
659 #ifdef __APPLE__
660     av = (const saml2::AttributeValue *)((void *)(a->getAttributeValues().at(i)));
661 #else
662     av = dynamic_cast<const saml2::AttributeValue *>(a->getAttributeValues().at(i));
663 #endif
664     if (av != NULL) {
665         if (value != NULL) {
666             value->value = toUTF8(av->getTextContent(), true);
667             value->length = strlen((char *)value->value);
668         }
669         if (display_value != NULL) {
670             display_value->value = toUTF8(av->getTextContent(), true);
671             display_value->length = strlen((char *)value->value);
672         }
673     }
674
675     if (nvalues > ++i)
676         *more = i;
677
678     return true;
679 }
680
681 gss_any_t
682 gss_eap_saml_attr_provider::mapToAny(int authenticated,
683                                      gss_buffer_t type_id) const
684 {
685     return (gss_any_t)NULL;
686 }
687
688 void
689 gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
690                                                   gss_any_t input) const
691 {
692 }
693
694 void
695 gss_eap_saml_attr_provider::exportToBuffer(gss_buffer_t buffer) const
696 {
697     buffer->length = 0;
698     buffer->value = NULL;
699 }
700
701 bool
702 gss_eap_saml_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
703                                            const gss_buffer_t buffer)
704 {
705     return gss_eap_attr_provider::initFromBuffer(ctx, buffer);
706 }
707
708 bool
709 gss_eap_saml_attr_provider::init(void)
710 {
711     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML,
712                                        "urn:ietf:params:gss-eap:saml-attr",
713                                        gss_eap_saml_attr_provider::createAttrContext);
714     return true;
715 }
716
717 void
718 gss_eap_saml_attr_provider::finalize(void)
719 {
720     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML);
721 }
722
723 gss_eap_attr_provider *
724 gss_eap_saml_attr_provider::createAttrContext(void)
725 {
726     return new gss_eap_saml_attr_provider;
727 }
728
729 OM_uint32
730 gssEapSamlAttrProvidersInit(OM_uint32 *minor)
731 {
732     if (!gss_eap_saml_assertion_provider::init() ||
733         !gss_eap_saml_attr_provider::init()) {
734         *minor = GSSEAP_SAML_INIT_FAILURE;
735         return GSS_S_FAILURE;
736     }
737
738     return GSS_S_COMPLETE;
739 }
740
741 OM_uint32
742 gssEapSamlAttrProvidersFinalize(OM_uint32 *minor)
743 {
744     gss_eap_saml_attr_provider::finalize();
745     gss_eap_saml_assertion_provider::finalize();
746     return GSS_S_COMPLETE;
747 }
Moonshot GSS-API mechanism