mech_eap/util_attr.h

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Attribute provider interface.
  35  */
  36
  37 #ifndef _UTIL_ATTR_H_
  38 #define _UTIL_ATTR_H_ 1
  39
  40 #ifdef __cplusplus
  41 #include <string>
  42 #include <new>
  43
  44 using namespace gss_eap_util;
  45
  46 struct gss_eap_attr_provider;
  47 struct gss_eap_attr_ctx;
  48
  49 typedef bool
  50 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx,
  51                                const gss_eap_attr_provider *source,
  52                                const gss_buffer_t attribute,
  53                                void *data);
  54
  55 #define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
  56 #define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
  57 #define ATTR_TYPE_SAML              2U                  /* SAML attributes */
  58 #define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
  59 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
  60 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
  61
  62 #define ATTR_FLAG_DISABLE_LOCAL     0x00000001
  63
  64 /*
  65  * Attribute provider: this represents a source of attributes derived
  66  * from the security context.
  67  */
  68 struct gss_eap_attr_provider
  69 {
  70 public:
  71     gss_eap_attr_provider(void) {}
  72     virtual ~gss_eap_attr_provider(void) {}
  73
  74     bool initWithManager(const gss_eap_attr_ctx *manager)
  75     {
  76         m_manager = manager;
  77         return true;
  78     }
  79
  80     virtual bool initWithExistingContext(const gss_eap_attr_ctx *manager,
  81                                          const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
  82     {
  83         return initWithManager(manager);
  84     }
  85
  86     virtual bool initWithGssContext(const gss_eap_attr_ctx *manager,
  87                                     const gss_cred_id_t cred GSSEAP_UNUSED,
  88                                     const gss_ctx_id_t ctx GSSEAP_UNUSED)
  89     {
  90         return initWithManager(manager);
  91     }
  92
  93     virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
  94                                    void *data GSSEAP_UNUSED) const
  95     {
  96         return false;
  97     }
  98
  99     virtual bool setAttribute(int complete GSSEAP_UNUSED,
 100                               const gss_buffer_t attr GSSEAP_UNUSED,
 101                               const gss_buffer_t value GSSEAP_UNUSED)
 102     {
 103         return false;
 104     }
 105
 106     virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
 107     {
 108         return false;
 109     }
 110
 111     virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
 112                               int *authenticated GSSEAP_UNUSED,
 113                               int *complete GSSEAP_UNUSED,
 114                               gss_buffer_t value GSSEAP_UNUSED,
 115                               gss_buffer_t display_value GSSEAP_UNUSED,
 116                               int *more GSSEAP_UNUSED) const
 117     {
 118         return false;
 119     }
 120
 121     virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
 122                                gss_buffer_t type_id GSSEAP_UNUSED) const
 123     {
 124         return NULL;
 125     }
 126
 127     virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
 128                                        gss_any_t input GSSEAP_UNUSED) const
 129     {
 130     }
 131
 132     /* prefix to be prepended to attributes emitted by gss_get_name_attribute */
 133     virtual const char *prefix(void) const
 134     {
 135         return NULL;
 136     }
 137
 138     /* optional key for storing JSON dictionary */
 139     virtual const char *name(void) const
 140     {
 141         return NULL;
 142     }
 143
 144     virtual bool initWithJsonObject(const gss_eap_attr_ctx *manager,
 145                                     JSONObject &object GSSEAP_UNUSED)
 146     {
 147         return initWithManager(manager);
 148     }
 149
 150
 151     virtual JSONObject jsonRepresentation(void) const
 152     {
 153         return JSONObject::null();
 154     }
 155
 156     virtual time_t getExpiryTime(void) const { return 0; }
 157
 158     virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
 159                                    std::exception &e GSSEAP_UNUSED) const
 160     {
 161         return GSS_S_CONTINUE_NEEDED;
 162     }
 163
 164     static bool init(void) { return true; }
 165     static void finalize(void) {}
 166
 167     static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
 168
 169 protected:
 170     const gss_eap_attr_ctx *m_manager;
 171
 172 private:
 173     /* make non-copyable */
 174     gss_eap_attr_provider(const gss_eap_attr_provider&);
 175     gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
 176 };
 177
 178 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
 179
 180 /*
 181  * Attribute context: this manages a set of providers for a given
 182  * security context.
 183  */
 184 struct gss_eap_attr_ctx
 185 {
 186 public:
 187     gss_eap_attr_ctx(void);
 188     ~gss_eap_attr_ctx(void);
 189
 190     bool initWithExistingContext(const gss_eap_attr_ctx *manager);
 191     bool initWithGssContext(const gss_cred_id_t cred,
 192                             const gss_ctx_id_t ctx);
 193
 194     bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
 195     bool getAttributeTypes(gss_buffer_set_t *attrs);
 196
 197     bool setAttribute(int complete,
 198                       const gss_buffer_t attr,
 199                       const gss_buffer_t value);
 200     bool deleteAttribute(const gss_buffer_t value);
 201     bool getAttribute(const gss_buffer_t attr,
 202                       int *authenticated,
 203                       int *complete,
 204                       gss_buffer_t value,
 205                       gss_buffer_t display_value,
 206                       int *more) const;
 207     gss_any_t mapToAny(int authenticated,
 208                        gss_buffer_t type_id) const;
 209     void releaseAnyNameMapping(gss_buffer_t type_id,
 210                                gss_any_t input) const;
 211
 212     void exportToBuffer(gss_buffer_t buffer) const;
 213     bool initWithBuffer(const gss_buffer_t buffer);
 214
 215     static std::string
 216     composeAttributeName(const gss_buffer_t prefix,
 217                          const gss_buffer_t suffix);
 218     static void
 219     decomposeAttributeName(const gss_buffer_t attribute,
 220                            gss_buffer_t prefix,
 221                            gss_buffer_t suffix);
 222     static void
 223     composeAttributeName(const gss_buffer_t prefix,
 224                          const gss_buffer_t suffix,
 225                          gss_buffer_t attribute);
 226
 227     std::string
 228     composeAttributeName(unsigned int type,
 229                          const gss_buffer_t suffix);
 230     void
 231     decomposeAttributeName(const gss_buffer_t attribute,
 232                            unsigned int *type,
 233                            gss_buffer_t suffix) const;
 234     void
 235     composeAttributeName(unsigned int type,
 236                          const gss_buffer_t suffix,
 237                          gss_buffer_t attribute) const;
 238
 239     gss_eap_attr_provider *getProvider(unsigned int type) const;
 240
 241     static void
 242     registerProvider(unsigned int type,
 243                      gss_eap_attr_create_provider factory);
 244     static void
 245     unregisterProvider(unsigned int type);
 246
 247     time_t getExpiryTime(void) const;
 248     OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
 249
 250 private:
 251     bool providerEnabled(unsigned int type) const;
 252     void releaseProvider(unsigned int type);
 253
 254     unsigned int attributePrefixToType(const gss_buffer_t prefix) const;
 255     gss_buffer_desc attributeTypeToPrefix(unsigned int type) const;
 256
 257     bool initWithJsonObject(JSONObject &object);
 258     JSONObject jsonRepresentation(void) const;
 259
 260     gss_eap_attr_provider *getPrimaryProvider(void) const;
 261
 262     /* make non-copyable */
 263     gss_eap_attr_ctx(const gss_eap_attr_ctx&);
 264     gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
 265
 266     uint32_t m_flags;
 267     gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
 268 };
 269
 270 #endif /* __cplusplus */
 271
 272 #include "util_radius.h"
 273 #include "util_saml.h"
 274 #include "util_shib.h"
 275
 276 #ifdef __cplusplus
 277
 278 static inline void
 279 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
 280 {
 281     OM_uint32 minor;
 282
 283     if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
 284         throw std::bad_alloc();
 285 }
 286
 287 static inline void
 288 duplicateBuffer(std::string &str, gss_buffer_t buffer)
 289 {
 290     gss_buffer_desc tmp;
 291
 292     tmp.length = str.length();
 293     tmp.value = (char *)str.c_str();
 294
 295     duplicateBuffer(tmp, buffer);
 296 }
 297
 298 #else
 299 struct gss_eap_attr_ctx;
 300 #endif
 301
 302 #ifdef __cplusplus
 303 extern "C" {
 304 #endif
 305
 306 /*
 307  * C wrappers for attribute context functions. These match their
 308  * GSS naming extension equivalents. The caller is required to
 309  * obtain the name mutex.
 310  */
 311
 312 OM_uint32
 313 gssEapCreateAttrContext(OM_uint32 *minor,
 314                         gss_cred_id_t acceptorCred,
 315                         gss_ctx_id_t acceptorCtx,
 316                         struct gss_eap_attr_ctx **pAttrCtx,
 317                         time_t *pExpiryTime);
 318
 319 OM_uint32
 320 gssEapInquireName(OM_uint32 *minor,
 321                   gss_name_t name,
 322                   int *name_is_MN,
 323                   gss_OID *MN_mech,
 324                   gss_buffer_set_t *attrs);
 325
 326 OM_uint32
 327 gssEapGetNameAttribute(OM_uint32 *minor,
 328                        gss_name_t name,
 329                        gss_buffer_t attr,
 330                        int *authenticated,
 331                        int *complete,
 332                        gss_buffer_t value,
 333                        gss_buffer_t display_value,
 334                        int *more);
 335
 336 OM_uint32
 337 gssEapDeleteNameAttribute(OM_uint32 *minor,
 338                           gss_name_t name,
 339                           gss_buffer_t attr);
 340
 341 OM_uint32
 342 gssEapSetNameAttribute(OM_uint32 *minor,
 343                        gss_name_t name,
 344                        int complete,
 345                        gss_buffer_t attr,
 346                        gss_buffer_t value);
 347
 348 OM_uint32
 349 gssEapExportAttrContext(OM_uint32 *minor,
 350                         gss_name_t name,
 351                         gss_buffer_t buffer);
 352
 353 OM_uint32
 354 gssEapImportAttrContext(OM_uint32 *minor,
 355                         gss_buffer_t buffer,
 356                         gss_name_t name);
 357
 358 OM_uint32
 359 gssEapDuplicateAttrContext(OM_uint32 *minor,
 360                            gss_name_t in,
 361                            gss_name_t out);
 362
 363 OM_uint32
 364 gssEapMapNameToAny(OM_uint32 *minor,
 365                    gss_name_t name,
 366                    int authenticated,
 367                    gss_buffer_t type_id,
 368                    gss_any_t *output);
 369
 370 OM_uint32
 371 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
 372                             gss_name_t name,
 373                             gss_buffer_t type_id,
 374                             gss_any_t *input);
 375
 376 OM_uint32
 377 gssEapReleaseAttrContext(OM_uint32 *minor,
 378                          gss_name_t name);
 379
 380 OM_uint32
 381 gssEapAttrProvidersFinalize(OM_uint32 *minor);
 382
 383 #ifdef __cplusplus
 384 }
 385 #endif
 386
 387 #endif /* _UTIL_ATTR_H_ */