From 92dda90e8a01094a9b59187c076ac908bde861f1 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Mon, 13 Sep 2010 16:10:42 +0200 Subject: [PATCH] gss_map_name_to_any --- map_name_to_any.c | 19 ++++++++++-- release_any_name_mapping.c | 16 ++++++++-- util.h | 18 +++++++++++ util_name.c | 6 +--- util_saml.cpp | 77 ++++++++++++++++++++++++++++++++++++++-------- util_saml.h | 14 +++++++++ 6 files changed, 129 insertions(+), 21 deletions(-) diff --git a/map_name_to_any.c b/map_name_to_any.c index ab5beda..afd6b37 100644 --- a/map_name_to_any.c +++ b/map_name_to_any.c @@ -39,6 +39,21 @@ gss_map_name_to_any(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *output) { - *minor = 0; - return GSS_S_UNAVAILABLE; + OM_uint32 major; + + *output = (gss_any_t)NULL; + + if (name == GSS_C_NO_NAME) { + *minor = EINVAL; + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + } + + GSSEAP_MUTEX_LOCK(&name->mutex); + + major = samlMapNameToAny(minor, name->samlCtx, authenticated, + type_id, output); + + GSSEAP_MUTEX_UNLOCK(&name->mutex); + + return major; } diff --git a/release_any_name_mapping.c b/release_any_name_mapping.c index 51bed0b..1c157e3 100644 --- a/release_any_name_mapping.c +++ b/release_any_name_mapping.c @@ -38,6 +38,18 @@ gss_release_any_name_mapping(OM_uint32 *minor, gss_buffer_t type_id, gss_any_t *input) { - *minor = 0; - return GSS_S_UNAVAILABLE; + OM_uint32 major; + + if (name == GSS_C_NO_NAME) { + *minor = EINVAL; + return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME; + } + + GSSEAP_MUTEX_LOCK(&name->mutex); + + major = samlReleaseAnyNameMapping(minor, name->samlCtx, type_id, input); + + GSSEAP_MUTEX_UNLOCK(&name->mutex); + + return major; } diff --git a/util.h b/util.h index 087dc1c..f2c992a 100644 --- a/util.h +++ b/util.h @@ -107,6 +107,24 @@ duplicateBuffer(OM_uint32 *minor, const gss_buffer_t src, gss_buffer_t dst); +static inline int +bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2) +{ + return (b1->length == b2->length && + memcmp(b1->value, b2->value, b2->length) == 0); +} + +static inline int +bufferEqualString(const gss_buffer_t b1, const char *s) +{ + gss_buffer_desc b2; + + b2.length = strlen(s); + b2.value = (char *)s; + + return bufferEqual(b1, &b2); +} + /* util_cksum.c */ int gssEapSign(krb5_context context, diff --git a/util_name.c b/util_name.c index 8265d22..fc5a73f 100644 --- a/util_name.c +++ b/util_name.c @@ -450,12 +450,8 @@ gssEapAttributePrefixToType(const gss_buffer_t prefix) i < sizeof(attributePrefixes) / sizeof(attributePrefixes[0]); i++) { - gss_buffer_t p = &attributePrefixes[i]; - - if (p->length == prefix->length && - memcmp(p->value, prefix->value, prefix->length) == 0) { + if (bufferEqual(&attributePrefixes[i], prefix)) return i; - } } return ATTR_TYPE_NONE; diff --git a/util_saml.cpp b/util_saml.cpp index 71cf13a..1359dc2 100644 --- a/util_saml.cpp +++ b/util_saml.cpp @@ -171,7 +171,7 @@ private: eap_gss_saml_attr_ctx::eap_gss_saml_attr_ctx(const vector& attributes, const Assertion *assertion) { - m_assertion = dynamic_cast(assertion->clone()); + m_assertion = dynamic_cast(assertion->clone()); setAttributes(attributes); } @@ -207,7 +207,7 @@ eap_gss_saml_attr_ctx::parseAssertion(const gss_buffer_t buffer) elem = doc->getDocumentElement(); xobj = b->buildOneFromElement(elem, true); - m_assertion = dynamic_cast(xobj); + m_assertion = dynamic_cast(xobj); return (m_assertion != NULL); } @@ -331,17 +331,32 @@ eap_gss_saml_attr_ctx::getAssertion(gss_buffer_t buffer) return true; } +static Attribute * +duplicateAttribute(const Attribute *src) +{ + DDF obj = src->marshall(); + return Attribute::unmarshall(obj); +} + +static vector +duplicateAttributes(const vector src) +{ + vector dst; + + for (vector::const_iterator a = src.begin(); + a != src.end(); + ++a) + dst.push_back(duplicateAttribute(*a)); + + return dst; +} + void eap_gss_saml_attr_ctx::addAttribute(Attribute *attribute, bool copy) { Attribute *a; - if (copy) { - DDF obj = attribute->marshall(); - a = Attribute::unmarshall(obj); - } else { - a = attribute; - } + a = copy ? duplicateAttribute(attribute) : attribute; m_attributes.push_back(a); } @@ -349,10 +364,8 @@ eap_gss_saml_attr_ctx::addAttribute(Attribute *attribute, bool copy) void eap_gss_saml_attr_ctx::setAttributes(const vector attributes) { - for (vector::const_iterator a = attributes.begin(); - a != attributes.end(); - ++a) - addAttribute(*a); + for_each(m_attributes.begin(), m_attributes.end(), xmltooling::cleanup()); + m_attributes = duplicateAttributes(attributes); } int @@ -716,3 +729,43 @@ samlDuplicateAttrContext(OM_uint32 *minor, return GSS_S_COMPLETE; } + +OM_uint32 +samlMapNametoAny(OM_uint32 *minor, + const struct eap_gss_saml_attr_ctx *ctx, + int authenticated, + gss_buffer_t type_id, + gss_any_t *output) +{ + if (bufferEqualString(type_id, "shibsp::Attribute")) { + vector v = duplicateAttributes(ctx->getAttributes()); + + *output = (gss_any_t)new vector (v); + } else if (bufferEqualString(type_id, "opensaml::Assertion")) { + *output = (gss_any_t)ctx->getAssertion()->clone(); + } else { + *output = (gss_any_t)NULL; + return GSS_S_UNAVAILABLE; + } + + return GSS_S_COMPLETE; +} + +OM_uint32 +samlReleaseAnyNameMapping(OM_uint32 *minor, + const struct eap_gss_saml_attr_ctx *ctx, + gss_buffer_t type_id, + gss_any_t *input) +{ + if (bufferEqualString(type_id, "vector")) { + vector *v = ((vector *)*input); + delete v; + } else if (bufferEqualString(type_id, "opensaml::Assertion")) { + delete (Assertion *)*input; + } else { + return GSS_S_UNAVAILABLE; + } + + *input = (gss_any_t)NULL; + return GSS_S_COMPLETE; +} diff --git a/util_saml.h b/util_saml.h index 5cd0d9d..d5c57bb 100644 --- a/util_saml.h +++ b/util_saml.h @@ -98,6 +98,20 @@ samlGetAssertion(OM_uint32 *minor, struct eap_gss_saml_attr_ctx *ctx, gss_buffer_t assertion); + +OM_uint32 +samlMapNametoAny(OM_uint32 *minor, + const struct eap_gss_saml_attr_ctx *ctx, + int authenticated, + gss_buffer_t type_id, + gss_any_t *output); + +OM_uint32 +samlReleaseAnyNameMapping(OM_uint32 *minor, + const struct eap_gss_saml_attr_ctx *ctx, + gss_buffer_t type_id, + gss_any_t *input); + #ifdef __cplusplus } #endif -- 2.1.4