2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
40 /* lazy initialisation */
41 static GSSEAP_THREAD_ONCE gssEapAttrProvidersInitOnce = GSSEAP_ONCE_INITIALIZER;
42 static OM_uint32 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE;
45 gssEapAttrProvidersInitInternal(void)
47 OM_uint32 major, minor;
49 assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE);
51 major = gssEapRadiusAttrProviderInit(&minor);
52 if (major == GSS_S_COMPLETE)
53 major = gssEapSamlAttrProvidersInit(&minor);
54 if (major == GSS_S_COMPLETE)
55 major = gssEapLocalAttrProviderInit(&minor);
58 assert(major == GSS_S_COMPLETE);
61 gssEapAttrProvidersInitStatus = major;
65 gssEapAttrProvidersInit(OM_uint32 *minor)
67 GSSEAP_ONCE(&gssEapAttrProvidersInitOnce, gssEapAttrProvidersInitInternal);
69 if (GSS_ERROR(gssEapAttrProvidersInitStatus))
70 *minor = GSSEAP_NO_ATTR_PROVIDERS;
72 return gssEapAttrProvidersInitStatus;
76 gssEapAttrProvidersFinalize(OM_uint32 *minor)
78 OM_uint32 major = GSS_S_COMPLETE;
80 if (gssEapAttrProvidersInitStatus == GSS_S_COMPLETE) {
81 major = gssEapLocalAttrProviderFinalize(minor);
82 if (major == GSS_S_COMPLETE)
83 major = gssEapSamlAttrProvidersFinalize(minor);
84 if (major == GSS_S_COMPLETE)
85 major = gssEapRadiusAttrProviderFinalize(minor);
87 gssEapAttrProvidersInitStatus = GSS_S_UNAVAILABLE;
93 static gss_eap_attr_create_provider gssEapAttrFactories[ATTR_TYPE_MAX + 1];
94 static gss_buffer_desc gssEapAttrPrefixes[ATTR_TYPE_MAX + 1];
97 * Register a provider for a particular type and prefix
100 gss_eap_attr_ctx::registerProvider(unsigned int type,
102 gss_eap_attr_create_provider factory)
104 assert(type <= ATTR_TYPE_MAX);
106 assert(gssEapAttrFactories[type] == NULL);
108 gssEapAttrFactories[type] = factory;
109 if (prefix != NULL) {
110 gssEapAttrPrefixes[type].value = (void *)prefix;
111 gssEapAttrPrefixes[type].length = strlen(prefix);
113 gssEapAttrPrefixes[type].value = NULL;
114 gssEapAttrPrefixes[type].length = 0;
119 * Unregister a provider
122 gss_eap_attr_ctx::unregisterProvider(unsigned int type)
124 assert(type <= ATTR_TYPE_MAX);
126 gssEapAttrFactories[type] = NULL;
127 gssEapAttrPrefixes[type].value = NULL;
128 gssEapAttrPrefixes[type].length = 0;
132 * Create an attribute context, that manages instances of providers
134 gss_eap_attr_ctx::gss_eap_attr_ctx(void)
138 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
139 gss_eap_attr_provider *provider;
141 if (gssEapAttrFactories[i] != NULL) {
142 provider = (gssEapAttrFactories[i])();
147 m_providers[i] = provider;
152 * Convert an attribute prefix to a type
155 gss_eap_attr_ctx::attributePrefixToType(const gss_buffer_t prefix)
159 for (i = ATTR_TYPE_MIN; i < ATTR_TYPE_MAX; i++) {
160 if (bufferEqual(&gssEapAttrPrefixes[i], prefix))
164 return ATTR_TYPE_LOCAL;
168 * Convert a type to an attribute prefix
171 gss_eap_attr_ctx::attributeTypeToPrefix(unsigned int type)
173 if (type < ATTR_TYPE_MIN || type >= ATTR_TYPE_MAX)
174 return GSS_C_NO_BUFFER;
176 return &gssEapAttrPrefixes[type];
180 gss_eap_attr_ctx::providerEnabled(unsigned int type) const
182 if (type == ATTR_TYPE_LOCAL &&
183 (m_flags & ATTR_FLAG_DISABLE_LOCAL))
186 if (m_providers[type] == NULL)
193 gss_eap_attr_ctx::releaseProvider(unsigned int type)
195 delete m_providers[type];
196 m_providers[type] = NULL;
200 * Initialize a context from an existing context.
203 gss_eap_attr_ctx::initFromExistingContext(const gss_eap_attr_ctx *manager)
207 m_flags = manager->m_flags;
209 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
210 gss_eap_attr_provider *provider;
212 if (!providerEnabled(i)) {
217 provider = m_providers[i];
219 ret = provider->initFromExistingContext(this,
220 manager->m_providers[i]);
231 * Initialize a context from a GSS credential and context.
234 gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred,
235 const gss_ctx_id_t ctx)
239 if (cred != GSS_C_NO_CREDENTIAL &&
240 (cred->flags & GSS_EAP_DISABLE_LOCAL_ATTRS_FLAG)) {
241 m_flags |= ATTR_FLAG_DISABLE_LOCAL;
244 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
245 gss_eap_attr_provider *provider;
247 if (!providerEnabled(i)) {
252 provider = m_providers[i];
254 ret = provider->initFromGssContext(this, cred, ctx);
265 * Initialize a context from an exported context or name token
268 gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
271 gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
272 gss_buffer_desc primaryBuf;
274 if (buffer->length < 4)
277 m_flags = load_uint32_be(buffer->value);
279 primaryBuf.length = buffer->length - 4;
280 primaryBuf.value = (char *)buffer->value + 4;
282 ret = primaryProvider->initFromBuffer(this, &primaryBuf);
286 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
287 gss_eap_attr_provider *provider;
289 if (!providerEnabled(i)) {
294 provider = m_providers[i];
295 if (provider == primaryProvider)
298 ret = provider->initFromGssContext(this,
310 gss_eap_attr_ctx::~gss_eap_attr_ctx(void)
312 for (unsigned int i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++)
313 delete m_providers[i];
317 * Locate provider for a given type
319 gss_eap_attr_provider *
320 gss_eap_attr_ctx::getProvider(unsigned int type) const
322 assert(type >= ATTR_TYPE_MIN && type <= ATTR_TYPE_MAX);
323 return m_providers[type];
327 * Locate provider for a given prefix
329 gss_eap_attr_provider *
330 gss_eap_attr_ctx::getProvider(const gss_buffer_t prefix) const
334 type = attributePrefixToType(prefix);
336 return m_providers[type];
340 * Get primary provider. Only the primary provider is serialised when
341 * gss_export_sec_context() or gss_export_name_composite() is called.
343 gss_eap_attr_provider *
344 gss_eap_attr_ctx::getPrimaryProvider(void) const
346 return m_providers[ATTR_TYPE_MIN];
353 gss_eap_attr_ctx::setAttribute(int complete,
354 const gss_buffer_t attr,
355 const gss_buffer_t value)
357 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
359 gss_eap_attr_provider *provider;
362 decomposeAttributeName(attr, &type, &suffix);
364 provider = m_providers[type];
365 if (provider != NULL) {
366 ret = provider->setAttribute(complete,
367 (type == ATTR_TYPE_LOCAL) ? attr : &suffix,
375 * Delete an attrbiute
378 gss_eap_attr_ctx::deleteAttribute(const gss_buffer_t attr)
380 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
382 gss_eap_attr_provider *provider;
385 decomposeAttributeName(attr, &type, &suffix);
387 provider = m_providers[type];
388 if (provider != NULL) {
389 ret = provider->deleteAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix);
396 * Enumerate attribute types with callback
399 gss_eap_attr_ctx::getAttributeTypes(gss_eap_attr_enumeration_cb cb, void *data) const
404 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
405 gss_eap_attr_provider *provider = m_providers[i];
407 if (provider == NULL)
410 ret = provider->getAttributeTypes(cb, data);
418 struct eap_gss_get_attr_types_args {
420 gss_buffer_set_t attrs;
424 addAttribute(const gss_eap_attr_provider *provider,
425 const gss_buffer_t attribute,
428 eap_gss_get_attr_types_args *args = (eap_gss_get_attr_types_args *)data;
429 gss_buffer_desc qualified;
430 OM_uint32 major, minor;
432 if (args->type != ATTR_TYPE_LOCAL) {
433 gss_eap_attr_ctx::composeAttributeName(args->type, attribute, &qualified);
434 major = gss_add_buffer_set_member(&minor, &qualified, &args->attrs);
435 gss_release_buffer(&minor, &qualified);
437 major = gss_add_buffer_set_member(&minor, attribute, &args->attrs);
440 return GSS_ERROR(major) == false;
444 * Enumerate attribute types, output is buffer set
447 gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs)
449 eap_gss_get_attr_types_args args;
450 OM_uint32 major, minor;
454 major = gss_create_empty_buffer_set(&minor, attrs);
455 if (GSS_ERROR(major)) {
456 throw new std::bad_alloc;
462 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
463 gss_eap_attr_provider *provider = m_providers[i];
467 if (provider == NULL)
470 ret = provider->getAttributeTypes(addAttribute, (void *)&args);
476 gss_release_buffer_set(&minor, attrs);
482 * Get attribute with given name
485 gss_eap_attr_ctx::getAttribute(const gss_buffer_t attr,
489 gss_buffer_t display_value,
492 gss_buffer_desc suffix = GSS_C_EMPTY_BUFFER;
494 gss_eap_attr_provider *provider;
497 decomposeAttributeName(attr, &type, &suffix);
499 provider = m_providers[type];
500 if (provider == NULL)
503 ret = provider->getAttribute(type == ATTR_TYPE_LOCAL ? attr : &suffix,
504 authenticated, complete,
505 value, display_value, more);
511 * Map attribute context to C++ object
514 gss_eap_attr_ctx::mapToAny(int authenticated,
515 gss_buffer_t type_id) const
518 gss_eap_attr_provider *provider;
519 gss_buffer_desc suffix;
521 decomposeAttributeName(type_id, &type, &suffix);
523 provider = m_providers[type];
524 if (provider == NULL)
525 return (gss_any_t)NULL;
527 return provider->mapToAny(authenticated, &suffix);
531 * Release mapped context
534 gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id,
535 gss_any_t input) const
538 gss_eap_attr_provider *provider;
539 gss_buffer_desc suffix;
541 decomposeAttributeName(type_id, &type, &suffix);
543 provider = m_providers[type];
544 if (provider != NULL)
545 provider->releaseAnyNameMapping(&suffix, input);
549 * Export attribute context to buffer
552 gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
554 const gss_eap_attr_provider *primaryProvider = getPrimaryProvider();
559 primaryProvider->exportToBuffer(&tmp);
561 buffer->length = 4 + tmp.length;
562 buffer->value = GSSEAP_MALLOC(buffer->length);
563 if (buffer->value == NULL)
564 throw new std::bad_alloc;
566 p = (unsigned char *)buffer->value;
567 store_uint32_be(m_flags, p);
568 memcpy(p + 4, tmp.value, tmp.length);
570 gss_release_buffer(&tmpMinor, &tmp);
574 * Return soonest expiry time of providers
577 gss_eap_attr_ctx::getExpiryTime(void) const
580 time_t expiryTime = 0;
582 for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
583 gss_eap_attr_provider *provider = m_providers[i];
584 time_t providerExpiryTime;
586 if (provider == NULL)
589 providerExpiryTime = provider->getExpiryTime();
590 if (providerExpiryTime == 0)
593 if (expiryTime == 0 || providerExpiryTime < expiryTime)
594 expiryTime = providerExpiryTime;
601 * Map C++ exception to GSS status
604 mapException(OM_uint32 *minor, std::exception &e)
606 OM_uint32 major = GSS_S_FAILURE;
608 /* XXX TODO implement other mappings */
609 if (typeid(e) == typeid(std::bad_alloc))
615 /* rethrow for now for debugging */
623 * Decompose attribute name into prefix and suffix
626 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
633 for (i = 0; i < attribute->length; i++) {
634 if (((char *)attribute->value)[i] == ' ') {
635 p = (char *)attribute->value + i + 1;
640 prefix->value = attribute->value;
643 if (p != NULL && *p != '\0') {
644 suffix->length = attribute->length - 1 - prefix->length;
648 suffix->value = NULL;
653 * Decompose attribute name into type and suffix
656 gss_eap_attr_ctx::decomposeAttributeName(const gss_buffer_t attribute,
660 gss_buffer_desc prefix = GSS_C_EMPTY_BUFFER;
662 decomposeAttributeName(attribute, &prefix, suffix);
663 *type = attributePrefixToType(&prefix);
667 * Compose attribute name from prefix, suffix; returns C++ string
670 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
671 const gss_buffer_t suffix)
675 if (prefix == GSS_C_NO_BUFFER || prefix->length == 0)
678 str.append((const char *)prefix->value, prefix->length);
680 if (suffix != GSS_C_NO_BUFFER) {
682 str.append((const char *)suffix->value, suffix->length);
689 * Compose attribute name from type, suffix; returns C++ string
692 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
693 const gss_buffer_t suffix)
695 const gss_buffer_t prefix = attributeTypeToPrefix(type);
697 return composeAttributeName(prefix, suffix);
701 * Compose attribute name from prefix, suffix; returns GSS buffer
704 gss_eap_attr_ctx::composeAttributeName(const gss_buffer_t prefix,
705 const gss_buffer_t suffix,
706 gss_buffer_t attribute)
708 std::string str = composeAttributeName(prefix, suffix);
710 if (str.length() != 0) {
711 return duplicateBuffer(str, attribute);
713 attribute->length = 0;
714 attribute->value = NULL;
719 * Compose attribute name from type, suffix; returns GSS buffer
722 gss_eap_attr_ctx::composeAttributeName(unsigned int type,
723 const gss_buffer_t suffix,
724 gss_buffer_t attribute)
726 gss_buffer_t prefix = attributeTypeToPrefix(type);
728 return composeAttributeName(prefix, suffix, attribute);
735 gssEapInquireName(OM_uint32 *minor,
739 gss_buffer_set_t *attrs)
741 if (name->attrCtx == NULL) {
742 *minor = GSSEAP_NO_ATTR_CONTEXT;
743 return GSS_S_UNAVAILABLE;
746 if (GSS_ERROR(gssEapAttrProvidersInit(minor))) {
747 return GSS_S_UNAVAILABLE;
751 if (!name->attrCtx->getAttributeTypes(attrs)) {
752 *minor = GSSEAP_NO_ATTR_CONTEXT;
753 return GSS_S_UNAVAILABLE;
755 } catch (std::exception &e) {
756 return mapException(minor, e);
759 return GSS_S_COMPLETE;
763 gssEapGetNameAttribute(OM_uint32 *minor,
769 gss_buffer_t display_value,
780 if (display_value != NULL) {
781 display_value->length = 0;
782 display_value->value = NULL;
785 if (name->attrCtx == NULL) {
786 *minor = GSSEAP_NO_ATTR_CONTEXT;
787 return GSS_S_UNAVAILABLE;
790 if (GSS_ERROR(gssEapAttrProvidersInit(minor))) {
791 return GSS_S_UNAVAILABLE;
795 if (!name->attrCtx->getAttribute(attr, authenticated, complete,
796 value, display_value, more)) {
797 *minor = GSSEAP_NO_SUCH_ATTR;
798 gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s",
799 (int)attr->length, (char *)attr->value);
800 return GSS_S_UNAVAILABLE;
802 } catch (std::exception &e) {
803 return mapException(minor, e);
806 return GSS_S_COMPLETE;
810 gssEapDeleteNameAttribute(OM_uint32 *minor,
814 if (name->attrCtx == NULL) {
815 *minor = GSSEAP_NO_ATTR_CONTEXT;
816 return GSS_S_UNAVAILABLE;
819 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
820 return GSS_S_UNAVAILABLE;
823 if (!name->attrCtx->deleteAttribute(attr)) {
824 *minor = GSSEAP_NO_SUCH_ATTR;
825 gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s",
826 (int)attr->length, (char *)attr->value);
827 return GSS_S_UNAVAILABLE;
829 } catch (std::exception &ex) {
830 return mapException(minor, ex);
833 return GSS_S_COMPLETE;
837 gssEapSetNameAttribute(OM_uint32 *minor,
843 if (name->attrCtx == NULL) {
844 *minor = GSSEAP_NO_ATTR_CONTEXT;
845 return GSS_S_UNAVAILABLE;
848 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
849 return GSS_S_UNAVAILABLE;
852 if (!name->attrCtx->setAttribute(complete, attr, value)) {
853 *minor = GSSEAP_NO_SUCH_ATTR;
854 gssEapSaveStatusInfo(*minor, "Unknown naming attribute %.*s",
855 (int)attr->length, (char *)attr->value);
856 return GSS_S_UNAVAILABLE;
858 } catch (std::exception &ex) {
859 return mapException(minor, ex);
862 return GSS_S_COMPLETE;
866 gssEapExportAttrContext(OM_uint32 *minor,
870 if (name->attrCtx == NULL) {
872 buffer->value = NULL;
874 return GSS_S_COMPLETE;
877 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
878 return GSS_S_UNAVAILABLE;
881 name->attrCtx->exportToBuffer(buffer);
882 } catch (std::exception &e) {
883 return mapException(minor, e);
886 return GSS_S_COMPLETE;
890 gssEapImportAttrContext(OM_uint32 *minor,
894 gss_eap_attr_ctx *ctx = NULL;
896 assert(name->attrCtx == NULL);
898 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
899 return GSS_S_UNAVAILABLE;
901 if (buffer->length != 0) {
903 ctx = new gss_eap_attr_ctx();
905 if (!ctx->initFromBuffer(buffer)) {
907 *minor = GSSEAP_BAD_ATTR_TOKEN;
908 return GSS_S_DEFECTIVE_TOKEN;
911 } catch (std::exception &e) {
913 return mapException(minor, e);
917 return GSS_S_COMPLETE;
921 gssEapDuplicateAttrContext(OM_uint32 *minor,
925 gss_eap_attr_ctx *ctx = NULL;
927 assert(out->attrCtx == NULL);
929 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
930 return GSS_S_UNAVAILABLE;
933 if (in->attrCtx != NULL) {
934 ctx = new gss_eap_attr_ctx();
935 if (!ctx->initFromExistingContext(in->attrCtx)) {
937 *minor = GSSEAP_ATTR_CONTEXT_FAILURE;
938 return GSS_S_FAILURE;
942 } catch (std::exception &e) {
944 return mapException(minor, e);
947 return GSS_S_COMPLETE;
951 gssEapMapNameToAny(OM_uint32 *minor,
954 gss_buffer_t type_id,
957 if (name->attrCtx == NULL) {
958 *minor = GSSEAP_NO_ATTR_CONTEXT;
959 return GSS_S_UNAVAILABLE;
962 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
963 return GSS_S_UNAVAILABLE;
966 *output = name->attrCtx->mapToAny(authenticated, type_id);
967 } catch (std::exception &e) {
968 return mapException(minor, e);
971 return GSS_S_COMPLETE;
975 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
977 gss_buffer_t type_id,
980 if (name->attrCtx == NULL) {
981 *minor = GSSEAP_NO_ATTR_CONTEXT;
982 return GSS_S_UNAVAILABLE;
985 if (GSS_ERROR(gssEapAttrProvidersInit(minor)))
986 return GSS_S_UNAVAILABLE;
990 name->attrCtx->releaseAnyNameMapping(type_id, *input);
992 } catch (std::exception &e) {
993 return mapException(minor, e);
996 return GSS_S_COMPLETE;
1000 gssEapReleaseAttrContext(OM_uint32 *minor,
1003 if (name->attrCtx != NULL)
1004 delete name->attrCtx;
1006 return GSS_S_COMPLETE;
1010 * Public accessor for initialisng a context from a GSS context. Also
1011 * sets expiry time on GSS context as a side-effect.
1013 struct gss_eap_attr_ctx *
1014 gssEapCreateAttrContext(gss_cred_id_t gssCred,
1015 gss_ctx_id_t gssCtx)
1017 gss_eap_attr_ctx *ctx;
1020 assert(gssCtx != GSS_C_NO_CONTEXT);
1022 if (GSS_ERROR(gssEapAttrProvidersInit(&tmpMinor)))
1025 ctx = new gss_eap_attr_ctx();
1026 if (!ctx->initFromGssContext(gssCred, gssCtx)) {
1031 gssCtx->expiryTime = ctx->getExpiryTime();