2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
34 * Attribute provider interface.
38 #define _UTIL_ATTR_H_ 1
44 struct gss_eap_attr_provider;
45 struct gss_eap_attr_ctx;
48 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_provider *source,
49 const gss_buffer_t attribute,
52 #define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */
53 #define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */
54 #define ATTR_TYPE_SAML 2U /* SAML attributes */
55 #define ATTR_TYPE_LOCAL 3U /* Local attributes */
56 #define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
57 #define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
59 #define ATTR_FLAG_DISABLE_LOCAL 0x00000001
62 * Attribute provider: this represents a source of attributes derived
63 * from the security context.
65 struct gss_eap_attr_provider
68 gss_eap_attr_provider(void) {}
69 virtual ~gss_eap_attr_provider(void) {}
71 bool initWithManager(const gss_eap_attr_ctx *manager)
77 virtual bool initFromExistingContext(const gss_eap_attr_ctx *manager,
78 const gss_eap_attr_provider *ctx)
80 return initWithManager(manager);
83 virtual bool initFromGssContext(const gss_eap_attr_ctx *manager,
84 const gss_cred_id_t cred,
85 const gss_ctx_id_t ctx)
87 return initWithManager(manager);
90 virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const
95 virtual bool setAttribute(int complete,
96 const gss_buffer_t attr,
97 const gss_buffer_t value) { return false; }
98 virtual bool deleteAttribute(const gss_buffer_t value) { return false; }
99 virtual bool getAttribute(const gss_buffer_t attr,
103 gss_buffer_t display_value,
104 int *more) const { return false; }
106 virtual gss_any_t mapToAny(int authenticated,
107 gss_buffer_t type_id) const { return NULL; }
108 virtual void releaseAnyNameMapping(gss_buffer_t type_id,
109 gss_any_t input) const {}
111 virtual void exportToBuffer(gss_buffer_t buffer) const {}
112 virtual bool initFromBuffer(const gss_eap_attr_ctx *manager,
113 const gss_buffer_t buffer)
115 return initWithManager(manager);
118 virtual time_t getExpiryTime(void) const { return 0; }
120 virtual OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const
121 { return GSS_S_CONTINUE_NEEDED; }
123 static bool init(void) { return true; }
124 static void finalize(void) {}
126 static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
129 const gss_eap_attr_ctx *m_manager;
132 /* make non-copyable */
133 gss_eap_attr_provider(const gss_eap_attr_provider&);
134 gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
137 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
140 * Attribute context: this manages a set of providers for a given
143 struct gss_eap_attr_ctx
146 gss_eap_attr_ctx(void);
147 ~gss_eap_attr_ctx(void);
149 bool initFromExistingContext(const gss_eap_attr_ctx *manager);
150 bool initFromGssContext(const gss_cred_id_t cred,
151 const gss_ctx_id_t ctx);
153 bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
154 bool getAttributeTypes(gss_buffer_set_t *attrs);
156 bool setAttribute(int complete,
157 const gss_buffer_t attr,
158 const gss_buffer_t value);
159 bool deleteAttribute(const gss_buffer_t value);
160 bool getAttribute(const gss_buffer_t attr,
164 gss_buffer_t display_value,
166 gss_any_t mapToAny(int authenticated,
167 gss_buffer_t type_id) const;
168 void releaseAnyNameMapping(gss_buffer_t type_id,
169 gss_any_t input) const;
171 void exportToBuffer(gss_buffer_t buffer) const;
172 bool initFromBuffer(const gss_buffer_t buffer);
175 attributePrefixToType(const gss_buffer_t prefix);
177 static const gss_buffer_t
178 attributeTypeToPrefix(unsigned int type);
181 decomposeAttributeName(const gss_buffer_t attribute,
183 gss_buffer_t suffix);
185 composeAttributeName(const gss_buffer_t prefix,
186 const gss_buffer_t suffix,
187 gss_buffer_t attribute);
189 decomposeAttributeName(const gss_buffer_t attribute,
191 gss_buffer_t suffix);
193 composeAttributeName(unsigned int type,
194 const gss_buffer_t suffix,
195 gss_buffer_t attribute);
198 composeAttributeName(const gss_buffer_t prefix,
199 const gss_buffer_t suffix);
201 composeAttributeName(unsigned int type,
202 const gss_buffer_t suffix);
204 gss_eap_attr_provider *getProvider(unsigned int type) const;
205 gss_eap_attr_provider *getProvider(const gss_buffer_t prefix) const;
208 registerProvider(unsigned int type,
210 gss_eap_attr_create_provider factory);
212 unregisterProvider(unsigned int type);
214 time_t getExpiryTime(void) const;
215 OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
218 bool providerEnabled(unsigned int type) const;
219 void releaseProvider(unsigned int type);
221 gss_eap_attr_provider *getPrimaryProvider(void) const;
223 /* make non-copyable */
224 gss_eap_attr_ctx(const gss_eap_attr_ctx&);
225 gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
228 gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
231 #endif /* __cplusplus */
233 #include "util_radius.h"
234 #include "util_saml.h"
235 #include "util_shib.h"
240 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
244 if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
245 throw new std::bad_alloc();
249 duplicateBuffer(std::string &str, gss_buffer_t buffer)
253 tmp.length = str.length();
254 tmp.value = (char *)str.c_str();
256 duplicateBuffer(tmp, buffer);
260 struct gss_eap_attr_ctx;
268 * C wrappers for attribute context functions. These match their
269 * GSS naming extension equivalents. The caller is required to
270 * obtain the name mutex.
274 gssEapCreateAttrContext(OM_uint32 *minor,
275 gss_cred_id_t acceptorCred,
276 gss_ctx_id_t acceptorCtx,
277 struct gss_eap_attr_ctx **pAttrCtx,
278 time_t *pExpiryTime);
281 gssEapInquireName(OM_uint32 *minor,
285 gss_buffer_set_t *attrs);
288 gssEapGetNameAttribute(OM_uint32 *minor,
294 gss_buffer_t display_value,
298 gssEapDeleteNameAttribute(OM_uint32 *minor,
303 gssEapSetNameAttribute(OM_uint32 *minor,
310 gssEapExportAttrContext(OM_uint32 *minor,
312 gss_buffer_t buffer);
315 gssEapImportAttrContext(OM_uint32 *minor,
320 gssEapDuplicateAttrContext(OM_uint32 *minor,
325 gssEapMapNameToAny(OM_uint32 *minor,
328 gss_buffer_t type_id,
332 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
334 gss_buffer_t type_id,
338 gssEapReleaseAttrContext(OM_uint32 *minor,
342 gssEapAttrProvidersFinalize(OM_uint32 *minor);
348 #endif /* _UTIL_ATTR_H_ */