2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * Attribute provider interface.
38 #define _UTIL_ATTR_H_ 1
43 struct gss_eap_attr_provider;
44 struct gss_eap_attr_ctx;
47 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_provider *source,
48 const gss_buffer_t attribute,
51 #define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */
52 #define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */
53 #define ATTR_TYPE_SAML 2U /* SAML attributes */
54 #define ATTR_TYPE_LOCAL 3U /* Local attributes */
55 #define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
56 #define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
58 #define ATTR_FLAG_DISABLE_LOCAL 0x00000001
61 * Attribute provider: this represents a source of attributes derived
62 * from the security context.
64 struct gss_eap_attr_provider
67 gss_eap_attr_provider(void) {}
68 virtual ~gss_eap_attr_provider(void) {}
70 bool initWithManager(const gss_eap_attr_ctx *manager)
76 virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager,
77 const gss_eap_attr_provider *ctx)
79 return initWithManager(manager);
82 virtual bool initFromGssContext(const gss_eap_attr_ctx *manager,
83 const gss_cred_id_t cred,
84 const gss_ctx_id_t ctx)
86 return initWithManager(manager);
89 virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const
94 virtual bool setAttribute(int complete,
95 const gss_buffer_t attr,
96 const gss_buffer_t value) { return false; }
97 virtual bool deleteAttribute(const gss_buffer_t value) { return false; }
98 virtual bool getAttribute(const gss_buffer_t attr,
102 gss_buffer_t display_value,
103 int *more) const { return false; }
105 virtual gss_any_t mapToAny(int authenticated,
106 gss_buffer_t type_id) const { return NULL; }
107 virtual void releaseAnyNameMapping(gss_buffer_t type_id,
108 gss_any_t input) const {}
110 virtual void exportToBuffer(gss_buffer_t buffer) const {}
111 virtual bool initFromBuffer(const gss_eap_attr_ctx *manager,
112 const gss_buffer_t buffer)
114 return initWithManager(manager);
117 virtual time_t getExpiryTime(void) const { return 0; }
119 virtual OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const
120 { return GSS_S_CONTINUE_NEEDED; }
122 static bool init(void) { return true; }
123 static void finalize(void) {}
125 static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
128 const gss_eap_attr_ctx *m_manager;
131 /* make non-copyable */
132 gss_eap_attr_provider(const gss_eap_attr_provider&);
133 gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
136 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
139 * Attribute context: this manages a set of providers for a given
142 struct gss_eap_attr_ctx
145 gss_eap_attr_ctx(void);
146 ~gss_eap_attr_ctx(void);
148 bool initFromExistingContext(const gss_eap_attr_ctx *manager);
149 bool initFromGssContext(const gss_cred_id_t cred,
150 const gss_ctx_id_t ctx);
152 bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
153 bool getAttributeTypes(gss_buffer_set_t *attrs);
155 bool setAttribute(int complete,
156 const gss_buffer_t attr,
157 const gss_buffer_t value);
158 bool deleteAttribute(const gss_buffer_t value);
159 bool getAttribute(const gss_buffer_t attr,
163 gss_buffer_t display_value,
165 gss_any_t mapToAny(int authenticated,
166 gss_buffer_t type_id) const;
167 void releaseAnyNameMapping(gss_buffer_t type_id,
168 gss_any_t input) const;
170 void exportToBuffer(gss_buffer_t buffer) const;
171 bool initFromBuffer(const gss_buffer_t buffer);
174 attributePrefixToType(const gss_buffer_t prefix);
176 static const gss_buffer_t
177 attributeTypeToPrefix(unsigned int type);
180 decomposeAttributeName(const gss_buffer_t attribute,
182 gss_buffer_t suffix);
184 composeAttributeName(const gss_buffer_t prefix,
185 const gss_buffer_t suffix,
186 gss_buffer_t attribute);
188 decomposeAttributeName(const gss_buffer_t attribute,
190 gss_buffer_t suffix);
192 composeAttributeName(unsigned int type,
193 const gss_buffer_t suffix,
194 gss_buffer_t attribute);
197 composeAttributeName(const gss_buffer_t prefix,
198 const gss_buffer_t suffix);
200 composeAttributeName(unsigned int type,
201 const gss_buffer_t suffix);
203 gss_eap_attr_provider *getProvider(unsigned int type) const;
204 gss_eap_attr_provider *getProvider(const gss_buffer_t prefix) const;
207 registerProvider(unsigned int type,
209 gss_eap_attr_create_provider factory);
211 unregisterProvider(unsigned int type);
213 time_t getExpiryTime(void) const;
214 OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
217 bool providerEnabled(unsigned int type) const;
218 void releaseProvider(unsigned int type);
220 gss_eap_attr_provider *getPrimaryProvider(void) const;
222 /* make non-copyable */
223 gss_eap_attr_ctx(const gss_eap_attr_ctx&);
224 gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
227 gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
230 #endif /* __cplusplus */
232 #include "util_radius.h"
233 #include "util_saml.h"
234 #include "util_shib.h"
242 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
246 if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
247 throw new std::bad_alloc();
251 duplicateBuffer(std::string &str, gss_buffer_t buffer)
255 tmp.length = str.length();
256 tmp.value = (char *)str.c_str();
258 duplicateBuffer(tmp, buffer);
262 struct gss_eap_attr_ctx;
270 * C wrappers for attribute context functions. These match their
271 * GSS naming extension equivalents. The caller is required to
272 * obtain the name mutex.
276 gssEapCreateAttrContext(OM_uint32 *minor,
277 gss_cred_id_t acceptorCred,
278 gss_ctx_id_t acceptorCtx,
279 struct gss_eap_attr_ctx **pAttrCtx);
282 gssEapInquireName(OM_uint32 *minor,
286 gss_buffer_set_t *attrs);
289 gssEapGetNameAttribute(OM_uint32 *minor,
295 gss_buffer_t display_value,
299 gssEapDeleteNameAttribute(OM_uint32 *minor,
304 gssEapSetNameAttribute(OM_uint32 *minor,
311 gssEapExportAttrContext(OM_uint32 *minor,
313 gss_buffer_t buffer);
316 gssEapImportAttrContext(OM_uint32 *minor,
321 gssEapDuplicateAttrContext(OM_uint32 *minor,
326 gssEapMapNameToAny(OM_uint32 *minor,
329 gss_buffer_t type_id,
333 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
335 gss_buffer_t type_id,
339 gssEapReleaseAttrContext(OM_uint32 *minor,
343 gssEapAttrProvidersFinalize(OM_uint32 *minor);
349 #endif /* _UTIL_ATTR_H_ */