2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
40 static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1];
41 static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1];
44 * Register a provider for a particular type and prefix
47 gss_eap_attr_ctx::registerProvider(unsigned int type,
49 gss_eap_attr_create_provider factory)
51 assert(type <= ATTR_TYPE_MAX);
53 assert(gssEapAttrFactories[type] == NULL);
55 gssEapAttrFactories[type] = factory;
57 gssEapAttrPrefixes[type].value = (void *)prefix;
58 gssEapAttrPrefixes[type].length = strlen(prefix);
60 gssEapAttrPrefixes[type].value = NULL;
61 gssEapAttrPrefixes[type].length = 0;
66 * Unregister a provider
69 gss_eap_attr_ctx::unregisterProvider(unsigned int type)
71 assert(type <= ATTR_TYPE_MAX);
73 gssEapAttrFactories[type] = NULL;
74 gssEapAttrPrefixes[type].value = NULL;
75 gssEapAttrPrefixes[type].length = 0;
79 * Create an attribute context, that manages instances of providers
81 gss_eap_attr_ctx::gss_eap_attr_ctx(void)
85 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
86 gss_eap_attr_provider *provider;
88 if (gssEapAttrFactories[i] != NULL) {
89 provider = (gssEapAttrFactories[i])();
94 m_providers[i] = provider;
99 * Convert an attribute prefix to a type
102 gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix)
106 for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) {
107 if (bufferEqual(&gssEapAttrPrefixes[i], prefix))
111 return ATTR_TYPE_LOCAL;
115 * Convert a type to an attribute prefix
118 gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type)
120 if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX)
121 return GSS_C_NO_BUFFER;
123 return &gssEapAttrPrefixes[type];
127 gss_eap_attr_ctx::providerEnabled(unsigned int type) const
129 if (type == ATTR_TYPE_LOCAL &&
130 (m_flags & ATTR_FLAG_DISABLE_LOCAL))
133 if (m_providers[type] == NULL)
140 gss_eap_attr_ctx::releaseProvider(unsigned int type)
142 delete m_providers[type];
143 m_providers[type] = NULL;
147 * Initialize a context from an existing context.
150 gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager)
154 m_flags = manager->m_flags;
156 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
157 gss_eap_attr_provider *provider;
159 if (!providerEnabled(i)) {
164 provider = m_providers[i];
166 ret = provider->initFromExistingContext(this,
167 manager->m_providers[i]);
178 * Initialize a context from a GSS credential and context.
181 gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred,
182 const gss_ctx_id_t ctx)
186 if (cred != GSS_C_NO_CREDENTIAL &&
187 (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) {
188 m_flags |= ATTR_FLAG_DISABLE_LOCAL;
191 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
192 gss_eap_attr_provider *provider;
194 if (!providerEnabled(i)) {
199 provider = m_providers[i];
201 ret = provider->initFromGssContext(this, cred, ctx);
212 * Initialize a context from an exported context or name token
215 gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
218 gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
219 gss_buffer_desc primaryBuf;
221 if (buffer->length < 4)
224 m_flags = load_uint32_be(buffer->value);
226 primaryBuf.length = buffer->length - 4;
227 primaryBuf.value = (char *)buffer->value + 4;
229 ret = primaryProvider->initFromBuffer(this, &primaryBuf);
233 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
234 gss_eap_attr_provider *provider;
236 if (!providerEnabled(i)) {
241 provider = m_providers[i];
242 if (provider == primaryProvider)
245 ret = provider->initFromGssContext(this,
257 gss_eap_attr_ctx::~gss_eap_attr_ctx(void)
259 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++)
260 delete m_providers[i];
264 * Locate provider for a given type
266 gss_eap_attr_provider *
267 gss_eap_attr_ctx::getProvider(unsigned int type) const
269 assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX);
270 return m_providers[type];
274 * Locate provider for a given prefix
276 gss_eap_attr_provider *
277 gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const
281 type = attributePrefixToType(prefix);
283 return m_providers[type];
287 * Get primary provider. Only the primary provider is serialised when
288 * gss_export_sec_context() or gss_export_name_composite() is called.
290 gss_eap_attr_provider *
291 gss_eap_attr_ctx::getPrimaryProvider(void) const
293 return m_providers[ATTR_TYPE_MIN];
300 gss_eap_attr_ctx::setAttribute(int complete,
301 const gss_buffer_t attr,
302 const gss_buffer_t value)
304 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
306 gss_eap_attr_provider *provider;
308 decomposeAttributeName(attr, &type, &suffix);
310 provider = m_providers[type];
311 if (provider != NULL) {
312 provider->setAttribute(complete,
313 (type == ATTR_TYPE_LOCAL) ? attr : &suffix,
316 /* XXX TODO throw exception */
321 * Delete an attrbiute
324 gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr)
326 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
328 gss_eap_attr_provider *provider;
330 decomposeAttributeName(attr, &type, &suffix);
332 provider = m_providers[type];
333 if (provider != NULL)
334 provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix);
338 * Enumerate attribute types with callback
341 gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const
346 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
347 gss_eap_attr_provider *provider = m_providers[i];
349 if (provider == NULL)
352 ret = provider->getAttributeTypes(cb, data);
360 struct eap_gss_get_attr_types_args {
362 gss_buffer_set_t attrs;
366 addAttribute(const gss_eap_attr_provider *provider,
367 const gss_buffer_t attribute,
370 eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data;
371 gss_buffer_desc qualified;
372 OM_uint32 major, minor;
374 if (args->type != ATTR_TYPE_LOCAL) {
375 gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified);
376 major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs);
377 gss_release_buffer(&minor, &qualified);
379 major = gss_add_buffer_set_member(&minor, attribute, &args->attrs);
382 return GSS_ERROR(major) == false;
386 * Enumerate attribute types, output is buffer set
389 gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs)
391 eap_gss_get_attr_types_args args;
392 OM_uint32 major, minor;
396 major = gss_create_empty_buffer_set(&minor, attrs);
397 if (GSS_ERROR(major)) {
398 throw new std::bad_alloc;
404 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
405 gss_eap_attr_provider *provider = m_providers[i];
409 if (provider == NULL)
412 ret = provider->getAttributeTypes(addAttribute, (void *)&args);
418 gss_release_buffer_set(&minor, attrs);
424 * Get attribute with given name
427 gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr,
431 gss_buffer_t display_value,
434 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
436 gss_eap_attr_provider *provider;
439 decomposeAttributeName(attr, &type, &suffix);
441 provider = m_providers[type];
442 if (provider == NULL)
445 ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix,
446 authenticated, complete,
447 value, display_value, more);
453 * Map attribute context to C++ object
456 gss_eap_attr_ctx::mapToAny(int authenticated,
457 gss_buffer_t type_id) const
460 gss_eap_attr_provider *provider;
461 gss_buffer_desc suffix;
463 decomposeAttributeName(type_id, &type, &suffix);
465 provider = m_providers[type];
466 if (provider == NULL)
467 return (gss_any_t)NULL;
469 return provider->mapToAny(authenticated, &suffix);
473 * Release mapped context
476 gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id,
477 gss_any_t input) const
480 gss_eap_attr_provider *provider;
481 gss_buffer_desc suffix;
483 decomposeAttributeName(type_id, &type, &suffix);
485 provider = m_providers[type];
486 if (provider != NULL)
487 provider->releaseAnyNameMapping(&suffix, input);
491 * Export attribute context to buffer
494 gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
496 const gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
501 primaryProvider->exportToBuffer(&tmp);
503 buffer->length = 4 + tmp.length;
504 buffer->value = GSSEAP_MALLOC(buffer->length);
505 if (buffer->value == NULL)
506 throw new std::bad_alloc;
508 p = (unsigned char *)buffer->value;
509 store_uint32_be(m_flags, p);
510 memcpy(p + 4, tmp.value, tmp.length);
512 gss_release_buffer(&tmpMinor, &tmp);
516 * Return soonest expiry time of providers
519 gss_eap_attr_ctx::getExpiryTime(void) const
522 time_t expiryTime = 0;
524 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
525 gss_eap_attr_provider *provider = m_providers[i];
526 time_t providerExpiryTime;
528 if (provider == NULL)
531 providerExpiryTime = provider->getExpiryTime();
532 if (providerExpiryTime == 0)
535 if (expiryTime == 0 || providerExpiryTime < expiryTime)
536 expiryTime = providerExpiryTime;
543 * Map C++ exception to GSS status
546 mapException(OM_uint32 *minor, std::exception &e)
548 OM_uint32 major = GSS_S_FAILURE;
550 /* XXX TODO implement other mappings */
551 if (typeid(e) == typeid(std::bad_alloc))
557 /* rethrow for now for debugging */
565 * Decompose attribute name into prefix and suffix
568 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
575 for (i = 0; i < attribute->length; i++) {
576 if (((char *)attribute->value)[i] == ' ') {
577 p = (char *)attribute->value + i + 1;
582 prefix->value = attribute->value;
585 if (p != NULL && *p != '\0') {
586 suffix->length = attribute->length - 1 - prefix->length;
590 suffix->value = NULL;
595 * Decompose attribute name into type and suffix
598 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
602 gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER;
604 decomposeAttributeName(attribute, &prefix, suffix);
605 *type = attributePrefixToType(&prefix);
609 * Compose attribute name from prefix, suffix; returns C++ string
612 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
613 const gss_buffer_t suffix)
617 if (prefix == GSS_C_NO_BUFFER || prefix->length == 0)
620 str.append((const char *)prefix->value, prefix->length);
622 if (suffix != GSS_C_NO_BUFFER) {
624 str.append((const char *)suffix->value, suffix->length);
631 * Compose attribute name from type, suffix; returns C++ string
634 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
635 const gss_buffer_t suffix)
637 const gss_buffer_t prefix = attributeTypeToPrefix(type);
639 return composeAttributeName(prefix, suffix);
643 * Compose attribute name from prefix, suffix; returns GSS buffer
646 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
647 const gss_buffer_t suffix,
648 gss_buffer_t attribute)
650 std::string str = composeAttributeName(prefix, suffix);
652 if (str.length() != 0) {
653 return duplicateBuffer(str, attribute);
655 attribute->length = 0;
656 attribute->value = NULL;
661 * Compose attribute name from type, suffix; returns GSS buffer
664 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
665 const gss_buffer_t suffix,
666 gss_buffer_t attribute)
668 gss_buffer_t prefix = attributeTypeToPrefix(type);
670 return composeAttributeName(prefix, suffix, attribute);
677 gssEapInquireName(OM_uint32 *minor,
681 gss_buffer_set_t *attrs)
683 if (name->attrCtx == NULL)
684 return GSS_S_UNAVAILABLE;
687 if (!name->attrCtx->getAttributeTypes(attrs))
688 return GSS_S_UNAVAILABLE;
689 } catch (std::exception &e) {
690 return mapException(minor, e);
693 return GSS_S_COMPLETE;
697 gssEapGetNameAttribute(OM_uint32 *minor,
703 gss_buffer_t display_value,
714 if (display_value != NULL) {
715 display_value->length = 0;
716 display_value->value = NULL;
719 if (name->attrCtx == NULL)
720 return GSS_S_UNAVAILABLE;
723 if (!name->attrCtx->getAttribute(attr, authenticated, complete,
724 value, display_value, more))
725 return GSS_S_UNAVAILABLE;
726 } catch (std::exception &e) {
727 return mapException(minor, e);
730 return GSS_S_COMPLETE;
734 gssEapDeleteNameAttribute(OM_uint32 *minor,
738 if (name->attrCtx == NULL)
739 return GSS_S_UNAVAILABLE;
742 name->attrCtx->deleteAttribute(attr);
743 } catch (std::exception &ex) {
744 return mapException(minor, ex);
747 return GSS_S_COMPLETE;
751 gssEapSetNameAttribute(OM_uint32 *minor,
757 if (name->attrCtx == NULL)
758 return GSS_S_UNAVAILABLE;
761 name->attrCtx->setAttribute(complete, attr, value);
762 } catch (std::exception &ex) {
763 return mapException(minor, ex);
766 return GSS_S_COMPLETE;
770 gssEapExportAttrContext(OM_uint32 *minor,
774 if (name->attrCtx == NULL) {
776 buffer->value = NULL;
778 return GSS_S_COMPLETE;
782 name->attrCtx->exportToBuffer(buffer);
783 } catch (std::exception &e) {
784 return mapException(minor, e);
787 return GSS_S_COMPLETE;
791 gssEapImportAttrContext(OM_uint32 *minor,
795 gss_eap_attr_ctx *ctx = NULL;
797 assert(name->attrCtx == NULL);
799 if (buffer->length != 0) {
801 ctx = new gss_eap_attr_ctx();
803 if (!ctx->initFromBuffer(buffer)) {
805 return GSS_S_DEFECTIVE_TOKEN;
808 } catch (std::exception &e) {
810 return mapException(minor, e);
814 return GSS_S_COMPLETE;
818 gssEapDuplicateAttrContext(OM_uint32 *minor,
822 gss_eap_attr_ctx *ctx = NULL;
824 assert(out->attrCtx == NULL);
827 if (in->attrCtx != NULL) {
828 ctx = new gss_eap_attr_ctx();
829 if (!ctx->initFromExistingContext(in->attrCtx)) {
831 return GSS_S_FAILURE;
835 } catch (std::exception &e) {
837 return mapException(minor, e);
840 return GSS_S_COMPLETE;
844 gssEapMapNameToAny(OM_uint32 *minor,
847 gss_buffer_t type_id,
850 if (name->attrCtx == NULL)
851 return GSS_S_UNAVAILABLE;
854 *output = name->attrCtx->mapToAny(authenticated, type_id);
855 } catch (std::exception &e) {
856 return mapException(minor, e);
859 return GSS_S_COMPLETE;
863 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
865 gss_buffer_t type_id,
868 if (name->attrCtx == NULL)
869 return GSS_S_UNAVAILABLE;
873 name->attrCtx->releaseAnyNameMapping(type_id, *input);
875 } catch (std::exception &e) {
876 return mapException(minor, e);
879 return GSS_S_COMPLETE;
883 gssEapReleaseAttrContext(OM_uint32 *minor,
886 if (name->attrCtx != NULL)
887 delete name->attrCtx;
889 return GSS_S_COMPLETE;
893 * Public accessor for initialisng a context from a GSS context. Also
894 * sets expiry time on GSS context as a side-effect.
896 struct gss_eap_attr_ctx *
897 gssEapCreateAttrContext(gss_cred_id_t gssCred,
900 gss_eap_attr_ctx *ctx;
902 assert(gssCtx != GSS_C_NO_CONTEXT);
904 ctx = new gss_eap_attr_ctx();
905 if (!ctx->initFromGssContext(gssCred, gssCtx)) {
910 gssCtx->expiryTime = ctx->getExpiryTime();