mech_eap/util_attr.h

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Attribute provider interface.
  35  */
  36
  37 #ifndef _UTIL_ATTR_H_
  38 #define _UTIL_ATTR_H_ 1
  39
  40 #ifdef __cplusplus
  41 #include <string>
  42 #include <new>
  43
  44 #include <shibsp/remoting/ddf.h>
  45
  46 using namespace shibsp;
  47
  48 struct gss_eap_attr_provider;
  49 struct gss_eap_attr_ctx;
  50
  51 typedef bool
  52 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_provider *source,
  53                                const gss_buffer_t attribute,
  54                                void *data);
  55
  56 #define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
  57 #define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
  58 #define ATTR_TYPE_SAML              2U                  /* SAML attributes */
  59 #define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
  60 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
  61 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
  62
  63 #define ATTR_FLAG_DISABLE_LOCAL     0x00000001
  64
  65 /*
  66  * Attribute provider: this represents a source of attributes derived
  67  * from the security context.
  68  */
  69 struct gss_eap_attr_provider
  70 {
  71 public:
  72     gss_eap_attr_provider(void) {}
  73     virtual ~gss_eap_attr_provider(void) {}
  74
  75     bool initWithManager(const gss_eap_attr_ctx *manager)
  76     {
  77         m_manager = manager;
  78         return true;
  79     }
  80
  81     virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager,
  82                                          const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
  83     {
  84         return initWithManager(manager);
  85     }
  86
  87     virtual bool initFromGssContext(const gss_eap_attr_ctx *manager,
  88                                     const gss_cred_id_t cred GSSEAP_UNUSED,
  89                                     const gss_ctx_id_t ctx GSSEAP_UNUSED)
  90     {
  91         return initWithManager(manager);
  92     }
  93
  94     virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
  95                                    void *data GSSEAP_UNUSED) const
  96     {
  97         return false;
  98     }
  99
 100     virtual bool setAttribute(int complete GSSEAP_UNUSED,
 101                               const gss_buffer_t attr GSSEAP_UNUSED,
 102                               const gss_buffer_t value GSSEAP_UNUSED)
 103     {
 104         return false;
 105     }
 106
 107     virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
 108     {
 109         return false;
 110     }
 111
 112     virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
 113                               int *authenticated GSSEAP_UNUSED,
 114                               int *complete GSSEAP_UNUSED,
 115                               gss_buffer_t value GSSEAP_UNUSED,
 116                               gss_buffer_t display_value GSSEAP_UNUSED,
 117                               int *more GSSEAP_UNUSED) const
 118     {
 119         return false;
 120     }
 121
 122     virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
 123                                gss_buffer_t type_id GSSEAP_UNUSED) const
 124     {
 125         return NULL;
 126     }
 127
 128     virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
 129                                        gss_any_t input GSSEAP_UNUSED) const
 130     {
 131     }
 132
 133     virtual const char *marshallingKey(void) const
 134     {
 135         return NULL;
 136     }
 137
 138     virtual bool unmarshallAndInit(const gss_eap_attr_ctx *manager,
 139                                    DDF &object GSSEAP_UNUSED)
 140     {
 141         return initWithManager(manager);
 142     }
 143
 144     virtual DDF marshall(void) const
 145     {
 146         return DDF(NULL);
 147     }
 148
 149     virtual time_t getExpiryTime(void) const { return 0; }
 150
 151     virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
 152                                    std::exception &e GSSEAP_UNUSED) const
 153     {
 154         return GSS_S_CONTINUE_NEEDED;
 155     }
 156
 157     static bool init(void) { return true; }
 158     static void finalize(void) {}
 159
 160     static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
 161
 162 protected:
 163     const gss_eap_attr_ctx *m_manager;
 164
 165 private:
 166     /* make non-copyable */
 167     gss_eap_attr_provider(const gss_eap_attr_provider&);
 168     gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
 169 };
 170
 171 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
 172
 173 /*
 174  * Attribute context: this manages a set of providers for a given
 175  * security context.
 176  */
 177 struct gss_eap_attr_ctx
 178 {
 179 public:
 180     gss_eap_attr_ctx(void);
 181     ~gss_eap_attr_ctx(void);
 182
 183     bool initFromExistingContext(const gss_eap_attr_ctx *manager);
 184     bool initFromGssContext(const gss_cred_id_t cred,
 185                             const gss_ctx_id_t ctx);
 186
 187     bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
 188     bool getAttributeTypes(gss_buffer_set_t *attrs);
 189
 190     bool setAttribute(int complete,
 191                       const gss_buffer_t attr,
 192                       const gss_buffer_t value);
 193     bool deleteAttribute(const gss_buffer_t value);
 194     bool getAttribute(const gss_buffer_t attr,
 195                       int *authenticated,
 196                       int *complete,
 197                       gss_buffer_t value,
 198                       gss_buffer_t display_value,
 199                       int *more) const;
 200     gss_any_t mapToAny(int authenticated,
 201                        gss_buffer_t type_id) const;
 202     void releaseAnyNameMapping(gss_buffer_t type_id,
 203                                gss_any_t input) const;
 204
 205     void exportToBuffer(gss_buffer_t buffer) const;
 206     bool initFromBuffer(const gss_buffer_t buffer);
 207
 208     static unsigned int
 209     attributePrefixToType(const gss_buffer_t prefix);
 210
 211     static const gss_buffer_t
 212     attributeTypeToPrefix(unsigned int type);
 213
 214     static void
 215     decomposeAttributeName(const gss_buffer_t attribute,
 216                            gss_buffer_t prefix,
 217                            gss_buffer_t suffix);
 218     static void
 219     composeAttributeName(const gss_buffer_t prefix,
 220                          const gss_buffer_t suffix,
 221                          gss_buffer_t attribute);
 222     static void
 223     decomposeAttributeName(const gss_buffer_t attribute,
 224                            unsigned int *type,
 225                            gss_buffer_t suffix);
 226     static void
 227     composeAttributeName(unsigned int type,
 228                          const gss_buffer_t suffix,
 229                          gss_buffer_t attribute);
 230
 231     static std::string
 232     composeAttributeName(const gss_buffer_t prefix,
 233                          const gss_buffer_t suffix);
 234     static std::string
 235     composeAttributeName(unsigned int type,
 236                          const gss_buffer_t suffix);
 237
 238     gss_eap_attr_provider *getProvider(unsigned int type) const;
 239     gss_eap_attr_provider *getProvider(const gss_buffer_t prefix) const;
 240
 241     static void
 242     registerProvider(unsigned int type,
 243                      const char *prefix,
 244                      gss_eap_attr_create_provider factory);
 245     static void
 246     unregisterProvider(unsigned int type);
 247
 248     time_t getExpiryTime(void) const;
 249     OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
 250
 251 private:
 252     bool providerEnabled(unsigned int type) const;
 253     void releaseProvider(unsigned int type);
 254
 255     bool unmarshallAndInit(DDF &object);
 256     DDF marshall(void) const;
 257
 258     gss_eap_attr_provider *getPrimaryProvider(void) const;
 259
 260     /* make non-copyable */
 261     gss_eap_attr_ctx(const gss_eap_attr_ctx&);
 262     gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
 263
 264     uint32_t m_flags;
 265     gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
 266 };
 267
 268 #endif /* __cplusplus */
 269
 270 #include "util_radius.h"
 271 #include "util_saml.h"
 272 #include "util_shib.h"
 273
 274 #ifdef __cplusplus
 275
 276 static inline void
 277 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
 278 {
 279     OM_uint32 minor;
 280
 281     if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
 282         throw new std::bad_alloc();
 283 }
 284
 285 static inline void
 286 duplicateBuffer(std::string &str, gss_buffer_t buffer)
 287 {
 288     gss_buffer_desc tmp;
 289
 290     tmp.length = str.length();
 291     tmp.value = (char *)str.c_str();
 292
 293     duplicateBuffer(tmp, buffer);
 294 }
 295
 296 #else
 297 struct gss_eap_attr_ctx;
 298 #endif
 299
 300 #ifdef __cplusplus
 301 extern "C" {
 302 #endif
 303
 304 /*
 305  * C wrappers for attribute context functions. These match their
 306  * GSS naming extension equivalents. The caller is required to
 307  * obtain the name mutex.
 308  */
 309
 310 OM_uint32
 311 gssEapCreateAttrContext(OM_uint32 *minor,
 312                         gss_cred_id_t acceptorCred,
 313                         gss_ctx_id_t acceptorCtx,
 314                         struct gss_eap_attr_ctx **pAttrCtx,
 315                         time_t *pExpiryTime);
 316
 317 OM_uint32
 318 gssEapInquireName(OM_uint32 *minor,
 319                   gss_name_t name,
 320                   int *name_is_MN,
 321                   gss_OID *MN_mech,
 322                   gss_buffer_set_t *attrs);
 323
 324 OM_uint32
 325 gssEapGetNameAttribute(OM_uint32 *minor,
 326                        gss_name_t name,
 327                        gss_buffer_t attr,
 328                        int *authenticated,
 329                        int *complete,
 330                        gss_buffer_t value,
 331                        gss_buffer_t display_value,
 332                        int *more);
 333
 334 OM_uint32
 335 gssEapDeleteNameAttribute(OM_uint32 *minor,
 336                           gss_name_t name,
 337                           gss_buffer_t attr);
 338
 339 OM_uint32
 340 gssEapSetNameAttribute(OM_uint32 *minor,
 341                        gss_name_t name,
 342                        int complete,
 343                        gss_buffer_t attr,
 344                        gss_buffer_t value);
 345
 346 OM_uint32
 347 gssEapExportAttrContext(OM_uint32 *minor,
 348                         gss_name_t name,
 349                         gss_buffer_t buffer);
 350
 351 OM_uint32
 352 gssEapImportAttrContext(OM_uint32 *minor,
 353                         gss_buffer_t buffer,
 354                         gss_name_t name);
 355
 356 OM_uint32
 357 gssEapDuplicateAttrContext(OM_uint32 *minor,
 358                            gss_name_t in,
 359                            gss_name_t out);
 360
 361 OM_uint32
 362 gssEapMapNameToAny(OM_uint32 *minor,
 363                    gss_name_t name,
 364                    int authenticated,
 365                    gss_buffer_t type_id,
 366                    gss_any_t *output);
 367
 368 OM_uint32
 369 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
 370                             gss_name_t name,
 371                             gss_buffer_t type_id,
 372                             gss_any_t *input);
 373
 374 OM_uint32
 375 gssEapReleaseAttrContext(OM_uint32 *minor,
 376                          gss_name_t name);
 377
 378 OM_uint32
 379 gssEapAttrProvidersFinalize(OM_uint32 *minor);
 380
 381 #ifdef __cplusplus
 382 }
 383 #endif
 384
 385 #endif /* _UTIL_ATTR_H_ */