projects / moonshot.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
automatically decode base64 encoded SAML values
[moonshot.git] / mech_eap / util_saml.cpp
1 /*
2  * Copyright (c) 2011, JANET(UK)
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  *
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  *
16  * 3. Neither the name of JANET(UK) nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32
33 /*
34  * SAML attribute provider implementation.
35  */
36
37 #include "gssapiP_eap.h"
38
39 #include <sstream>
40
41 #include <xercesc/util/XMLUniDefs.hpp>
42 #include <xmltooling/unicode.h>
43 #include <xmltooling/XMLToolingConfig.h>
44 #include <xmltooling/util/XMLHelper.h>
45 #include <xmltooling/util/ParserPool.h>
46 #include <xmltooling/util/DateTime.h>
47
48 #include <saml/exceptions.h>
49 #include <saml/saml1/core/Assertions.h>
50 #include <saml/saml2/core/Assertions.h>
51 #include <saml/saml2/metadata/Metadata.h>
52 #include <saml/saml2/metadata/MetadataProvider.h>
53
54 using namespace xmltooling;
55 using namespace opensaml::saml2md;
56 using namespace opensaml;
57 using namespace xercesc;
58 using namespace std;
59
60 /*
61  * gss_eap_saml_assertion_provider is for retrieving the underlying
62  * assertion.
63  */
64 gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void)
65 {
66     m_assertion = NULL;
67     m_authenticated = false;
68 }
69
70 gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
71 {
72     delete m_assertion;
73 }
74
75 bool
76 gss_eap_saml_assertion_provider::initWithExistingContext(const gss_eap_attr_ctx *manager,
77                                                          const gss_eap_attr_provider *ctx)
78 {
79     /* Then we may be creating from an existing attribute context */
80     const gss_eap_saml_assertion_provider *saml;
81
82     assert(m_assertion == NULL);
83
84     if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx))
85         return false;
86
87     saml = static_cast<const gss_eap_saml_assertion_provider *>(ctx);
88     setAssertion(saml->getAssertion(), saml->authenticated());
89
90     return true;
91 }
92
93 bool
94 gss_eap_saml_assertion_provider::initWithGssContext(const gss_eap_attr_ctx *manager,
95                                                     const gss_cred_id_t gssCred,
96                                                     const gss_ctx_id_t gssCtx)
97 {
98     const gss_eap_radius_attr_provider *radius;
99     gss_buffer_desc value = GSS_C_EMPTY_BUFFER;
100     int authenticated, complete;
101     OM_uint32 minor;
102
103     assert(m_assertion == NULL);
104
105     if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx))
106         return false;
107
108     /*
109      * XXX TODO we need to support draft-howlett-radius-saml-attr-00
110      */
111     radius = static_cast<const gss_eap_radius_attr_provider *>
112         (m_manager->getProvider(ATTR_TYPE_RADIUS));
113     if (radius != NULL &&
114         radius->getFragmentedAttribute(PW_SAML_AAA_ASSERTION,
115                                        VENDORPEC_UKERNA,
116                                        &authenticated, &complete, &value)) {
117         setAssertion(&value, authenticated);
118         gss_release_buffer(&minor, &value);
119     } else {
120         m_assertion = NULL;
121     }
122
123     return true;
124 }
125
126 void
127 gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion,
128                                               bool authenticated)
129 {
130
131     delete m_assertion;
132
133     if (assertion != NULL) {
134 #ifdef __APPLE__
135         m_assertion = (saml2::Assertion *)((void *)assertion->clone());
136 #else
137         m_assertion = dynamic_cast<saml2::Assertion *>(assertion->clone());
138 #endif
139         m_authenticated = authenticated;
140     } else {
141         m_assertion = NULL;
142         m_authenticated = false;
143     }
144 }
145
146 void
147 gss_eap_saml_assertion_provider::setAssertion(const gss_buffer_t buffer,
148                                               bool authenticated)
149 {
150     delete m_assertion;
151
152     m_assertion = parseAssertion(buffer);
153     m_authenticated = (m_assertion != NULL && authenticated);
154 }
155
156 saml2::Assertion *
157 gss_eap_saml_assertion_provider::parseAssertion(const gss_buffer_t buffer)
158 {
159     string str((char *)buffer->value, buffer->length);
160     istringstream istream(str);
161     DOMDocument *doc;
162     const XMLObjectBuilder *b;
163
164     try {
165         doc = XMLToolingConfig::getConfig().getParser().parse(istream);
166         if (doc == NULL)
167             return NULL;
168
169         b = XMLObjectBuilder::getBuilder(doc->getDocumentElement());
170
171 #ifdef __APPLE__
172         return (saml2::Assertion *)((void *)b->buildFromDocument(doc));
173 #else
174         return dynamic_cast<saml2::Assertion *>(b->buildFromDocument(doc));
175 #endif
176     } catch (exception &e) {
177         return NULL;
178     }
179 }
180
181 bool
182 gss_eap_saml_assertion_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
183                                                    void *data) const
184 {
185     bool ret;
186
187     /* just add the prefix */
188     if (m_assertion != NULL)
189         ret = addAttribute(m_manager, this, GSS_C_NO_BUFFER, data);
190     else
191         ret = true;
192
193     return ret;
194 }
195
196 bool
197 gss_eap_saml_assertion_provider::setAttribute(int complete GSSEAP_UNUSED,
198                                               const gss_buffer_t attr,
199                                               const gss_buffer_t value)
200 {
201     if (attr == GSS_C_NO_BUFFER || attr->length == 0) {
202         setAssertion(value);
203         return true;
204     }
205
206     return false;
207 }
208
209 bool
210 gss_eap_saml_assertion_provider::deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
211 {
212     delete m_assertion;
213     m_assertion = NULL;
214     m_authenticated = false;
215
216     return true;
217 }
218
219 time_t
220 gss_eap_saml_assertion_provider::getExpiryTime(void) const
221 {
222     saml2::Conditions *conditions;
223     time_t expiryTime = 0;
224
225     if (m_assertion == NULL)
226         return 0;
227
228     conditions = m_assertion->getConditions();
229
230     if (conditions != NULL && conditions->getNotOnOrAfter() != NULL)
231         expiryTime = conditions->getNotOnOrAfter()->getEpoch();
232
233     return expiryTime;
234 }
235
236 OM_uint32
237 gss_eap_saml_assertion_provider::mapException(OM_uint32 *minor,
238                                               std::exception &e) const
239 {
240     if (typeid(e) == typeid(SecurityPolicyException))
241         *minor = GSSEAP_SAML_SEC_POLICY_FAILURE;
242     else if (typeid(e) == typeid(BindingException))
243         *minor = GSSEAP_SAML_BINDING_FAILURE;
244     else if (typeid(e) == typeid(ProfileException))
245         *minor = GSSEAP_SAML_PROFILE_FAILURE;
246     else if (typeid(e) == typeid(FatalProfileException))
247         *minor = GSSEAP_SAML_FATAL_PROFILE_FAILURE;
248     else if (typeid(e) == typeid(RetryableProfileException))
249         *minor = GSSEAP_SAML_RETRY_PROFILE_FAILURE;
250     else if (typeid(e) == typeid(MetadataException))
251         *minor = GSSEAP_SAML_METADATA_FAILURE;
252     else
253         return GSS_S_CONTINUE_NEEDED;
254
255     gssEapSaveStatusInfo(*minor, "%s", e.what());
256
257     return GSS_S_FAILURE;
258 }
259
260 bool
261 gss_eap_saml_assertion_provider::getAttribute(const gss_buffer_t attr,
262                                               int *authenticated,
263                                               int *complete,
264                                               gss_buffer_t value,
265                                               gss_buffer_t display_value GSSEAP_UNUSED,
266                                               int *more) const
267 {
268     string str;
269
270     if (attr != GSS_C_NO_BUFFER && attr->length != 0)
271         return false;
272
273     if (m_assertion == NULL)
274         return false;
275
276     if (*more != -1)
277         return false;
278
279     if (authenticated != NULL)
280         *authenticated = m_authenticated;
281     if (complete != NULL)
282         *complete = true;
283
284     XMLHelper::serialize(m_assertion->marshall((DOMDocument *)NULL), str);
285
286     if (value != NULL)
287         duplicateBuffer(str, value);
288     if (display_value != NULL)
289         duplicateBuffer(str, display_value);
290
291     *more = 0;
292
293     return true;
294 }
295
296 gss_any_t
297 gss_eap_saml_assertion_provider::mapToAny(int authenticated,
298                                           gss_buffer_t type_id GSSEAP_UNUSED) const
299 {
300     if (authenticated && !m_authenticated)
301         return (gss_any_t)NULL;
302
303     return (gss_any_t)m_assertion;
304 }
305
306 void
307 gss_eap_saml_assertion_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
308                                                        gss_any_t input) const
309 {
310     delete ((saml2::Assertion *)input);
311 }
312
313 const char *
314 gss_eap_saml_assertion_provider::prefix(void) const
315 {
316     return "urn:ietf:params:gss-eap:saml-aaa-assertion";
317 }
318
319 bool
320 gss_eap_saml_assertion_provider::init(void)
321 {
322     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML_ASSERTION, createAttrContext);
323     return true;
324 }
325
326 void
327 gss_eap_saml_assertion_provider::finalize(void)
328 {
329     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML_ASSERTION);
330 }
331
332 gss_eap_attr_provider *
333 gss_eap_saml_assertion_provider::createAttrContext(void)
334 {
335     return new gss_eap_saml_assertion_provider;
336 }
337
338 saml2::Assertion *
339 gss_eap_saml_assertion_provider::initAssertion(void)
340 {
341     delete m_assertion;
342     m_assertion = saml2::AssertionBuilder::buildAssertion();
343     m_authenticated = false;
344
345     return m_assertion;
346 }
347
348 /*
349  * gss_eap_saml_attr_provider is for retrieving the underlying attributes.
350  */
351 bool
352 gss_eap_saml_attr_provider::getAssertion(int *authenticated,
353                                          saml2::Assertion **pAssertion,
354                                          bool createIfAbsent) const
355 {
356     gss_eap_saml_assertion_provider *saml;
357
358     if (authenticated != NULL)
359         *authenticated = false;
360     if (pAssertion != NULL)
361         *pAssertion = NULL;
362
363     saml = static_cast<const gss_eap_saml_assertion_provider *>
364         (m_manager->getProvider(ATTR_TYPE_SAML_ASSERTION));
365     if (saml == NULL)
366         return false;
367
368     if (authenticated != NULL)
369         *authenticated = saml->authenticated();
370     if (pAssertion != NULL)
371         *pAssertion = saml->getAssertion();
372
373     if (saml->getAssertion() == NULL) {
374         if (createIfAbsent) {
375             if (authenticated != NULL)
376                 *authenticated = false;
377             if (pAssertion != NULL)
378                 *pAssertion = saml->initAssertion();
379         } else
380             return false;
381     }
382
383     return true;
384 }
385
386 bool
387 gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
388                                               void *data) const
389 {
390     saml2::Assertion *assertion;
391     int authenticated;
392
393     if (!getAssertion(&authenticated, &assertion))
394         return true;
395
396     /*
397      * Note: the first prefix is added by the attribute provider manager
398      *
399      * From draft-hartman-gss-eap-naming-00:
400      *
401      *   Each attribute carried in the assertion SHOULD also be a GSS name
402      *   attribute.  The name of this attribute has three parts, all separated
403      *   by an ASCII space character.  The first part is
404      *   urn:ietf:params:gss-eap:saml-attr.  The second part is the URI for
405      *   the SAML attribute name format.  The final part is the name of the
406      *   SAML attribute.  If the mechanism performs an additional attribute
407      *   query, the retrieved attributes SHOULD be GSS-API name attributes
408      *   using the same name syntax.
409      */
410     /* For each attribute statement, look for an attribute match */
411     const vector <saml2::AttributeStatement *> &statements =
412         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
413
414     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
415         s != statements.end();
416         ++s) {
417         const vector<saml2::Attribute*> &attrs =
418             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
419
420         for (vector<saml2::Attribute*>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
421             const XMLCh *attributeName, *attributeNameFormat;
422             XMLCh space[2] = { ' ', 0 };
423             gss_buffer_desc utf8;
424
425             attributeName = (*a)->getName();
426             attributeNameFormat = (*a)->getNameFormat();
427             if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0')
428                 attributeNameFormat = saml2::Attribute::UNSPECIFIED;
429
430             XMLCh qualifiedName[XMLString::stringLen(attributeNameFormat) + 1 +
431                                 XMLString::stringLen(attributeName) + 1];
432             XMLString::copyString(qualifiedName, attributeNameFormat);
433             XMLString::catString(qualifiedName, space);
434             XMLString::catString(qualifiedName, attributeName);
435
436             utf8.value = (void *)toUTF8(qualifiedName);
437             utf8.length = strlen((char *)utf8.value);
438
439             if (!addAttribute(m_manager, this, &utf8, data))
440                 return false;
441         }
442     }
443
444     return true;
445 }
446
447 static BaseRefVectorOf<XMLCh> *
448 decomposeAttributeName(const gss_buffer_t attr)
449 {
450     BaseRefVectorOf<XMLCh> *components;
451     string str((const char *)attr->value, attr->length);
452     auto_ptr_XMLCh qualifiedAttr(str.c_str());
453
454     components = XMLString::tokenizeString(qualifiedAttr.get());
455
456     if (components->size() != 2) {
457         delete components;
458         components = NULL;
459     }
460
461     return components;
462 }
463
464 static bool
465 isNotPrintable(const gss_buffer_t value)
466 {
467     size_t i;
468     char *p = (char *)value->value;
469
470     if (isgraph(p[0]) &&
471         isgraph(p[value->length - 1]))
472     {
473         for (i = 0; p[i]; i++) {
474             if (!isascii(p[i]) || !isprint(p[i]))
475                 return true;
476         }
477         return false;
478     }
479
480     return true;
481 }
482
483 bool
484 gss_eap_saml_attr_provider::setAttribute(int complete GSSEAP_UNUSED,
485                                          const gss_buffer_t attr,
486                                          const gss_buffer_t value)
487 {
488     saml2::Assertion *assertion;
489     saml2::Attribute *attribute;
490     saml2::AttributeValue *attributeValue;
491     saml2::AttributeStatement *attributeStatement;
492
493     if (!getAssertion(NULL, &assertion, true))
494         return false;
495
496     if (assertion->getAttributeStatements().size() != 0) {
497         attributeStatement = assertion->getAttributeStatements().front();
498     } else {
499         attributeStatement = saml2::AttributeStatementBuilder::buildAttributeStatement();
500         assertion->getAttributeStatements().push_back(attributeStatement);
501     }
502
503     /* Check the attribute name consists of name format | whsp | name */
504     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
505     if (components == NULL)
506         return false;
507
508     attribute = saml2::AttributeBuilder::buildAttribute();
509     attribute->setNameFormat(components->elementAt(0));
510     attribute->setName(components->elementAt(1));
511
512     attributeValue = saml2::AttributeValueBuilder::buildAttributeValue();
513     if (isNotPrintable(value)) {
514         char *b64;
515
516         if (base64Encode(value->value, value->length, &b64))
517             return false;
518
519         auto_ptr_XMLCh unistr(b64);
520         attributeValue->setTextContent(unistr.get());
521     } else {
522         auto_ptr_XMLCh unistr((char *)value->value);
523         attributeValue->setTextContent(unistr.get());
524     }
525
526     attribute->getAttributeValues().push_back(attributeValue);
527
528     assert(attributeStatement != NULL);
529     attributeStatement->getAttributes().push_back(attribute);
530
531     delete components;
532
533     return true;
534 }
535
536 bool
537 gss_eap_saml_attr_provider::deleteAttribute(const gss_buffer_t attr)
538 {
539     saml2::Assertion *assertion;
540     bool ret = false;
541
542     if (!getAssertion(NULL, &assertion) ||
543         assertion->getAttributeStatements().size() == 0)
544         return false;
545
546     /* Check the attribute name consists of name format | whsp | name */
547     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
548     if (components == NULL)
549         return false;
550
551     /* For each attribute statement, look for an attribute match */
552     const vector<saml2::AttributeStatement *> &statements =
553         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
554
555     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
556         s != statements.end();
557         ++s) {
558         const vector<saml2::Attribute *> &attrs =
559             const_cast<const saml2::AttributeStatement *>(*s)->getAttributes();
560         ssize_t index = -1, i = 0;
561
562         /* There's got to be an easier way to do this */
563         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin();
564              a != attrs.end();
565              ++a) {
566             if (XMLString::equals((*a)->getNameFormat(), components->elementAt(0)) &&
567                 XMLString::equals((*a)->getName(), components->elementAt(1))) {
568                 index = i;
569                 break;
570             }
571             ++i;
572         }
573         if (index != -1) {
574             (*s)->getAttributes().erase((*s)->getAttributes().begin() + index);
575             ret = true;
576         }
577     }
578
579     delete components;
580
581     return ret;
582 }
583
584 bool
585 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
586                                          int *authenticated,
587                                          int *complete,
588                                          const saml2::Attribute **pAttribute) const
589 {
590     saml2::Assertion *assertion;
591
592     if (authenticated != NULL)
593         *authenticated = false;
594     if (complete != NULL)
595         *complete = true;
596     *pAttribute = NULL;
597
598     if (!getAssertion(authenticated, &assertion) ||
599         assertion->getAttributeStatements().size() == 0)
600         return false;
601
602     /* Check the attribute name consists of name format | whsp | name */
603     BaseRefVectorOf<XMLCh> *components = decomposeAttributeName(attr);
604     if (components == NULL)
605         return false;
606
607     /* For each attribute statement, look for an attribute match */
608     const vector <saml2::AttributeStatement *> &statements =
609         const_cast<const saml2::Assertion *>(assertion)->getAttributeStatements();
610     const saml2::Attribute *ret = NULL;
611
612     for (vector<saml2::AttributeStatement *>::const_iterator s = statements.begin();
613         s != statements.end();
614         ++s) {
615         const vector<saml2::Attribute *> &attrs =
616             const_cast<const saml2::AttributeStatement*>(*s)->getAttributes();
617
618         for (vector<saml2::Attribute *>::const_iterator a = attrs.begin(); a != attrs.end(); ++a) {
619             const XMLCh *attributeName, *attributeNameFormat;
620
621             attributeName = (*a)->getName();
622             attributeNameFormat = (*a)->getNameFormat();
623             if (attributeNameFormat == NULL || attributeNameFormat[0] == '\0')
624                 attributeNameFormat = saml2::Attribute::UNSPECIFIED;
625
626             if (XMLString::equals(attributeNameFormat, components->elementAt(0)) &&
627                 XMLString::equals(attributeName, components->elementAt(1))) {
628                 ret = *a;
629                 break;
630             }
631         }
632
633         if (ret != NULL)
634             break;
635     }
636
637     delete components;
638
639     *pAttribute = ret;
640
641     return (ret != NULL);
642 }
643
644 bool
645 gss_eap_saml_attr_provider::getAttribute(const gss_buffer_t attr,
646                                          int *authenticated,
647                                          int *complete,
648                                          gss_buffer_t value,
649                                          gss_buffer_t display_value,
650                                          int *more) const
651 {
652     const saml2::Attribute *a;
653     const saml2::AttributeValue *av;
654     int nvalues, i = *more;
655
656     *more = 0;
657
658     if (!getAttribute(attr, authenticated, complete, &a))
659         return false;
660
661     nvalues = a->getAttributeValues().size();
662
663     if (i == -1)
664         i = 0;
665     if (i >= nvalues)
666         return false;
667 #ifdef __APPLE__
668     av = (const saml2::AttributeValue *)((void *)(a->getAttributeValues().at(i)));
669 #else
670     av = dynamic_cast<const saml2::AttributeValue *>(a->getAttributeValues().at(i));
671 #endif
672     if (av != NULL) {
673         if (value != NULL) {
674             char *stringValue = toUTF8(av->getTextContent(), true);
675             size_t stringValueLen = strlen(stringValue);
676
677             if (base64Valid(stringValue)) {
678                 ssize_t binaryLen;
679
680                 value->value = GSSEAP_MALLOC(stringValueLen);
681                 if (value->value == NULL)
682                     throw new std::bad_alloc;
683
684                 binaryLen = base64Decode(stringValue, value->value);
685                 if (binaryLen < 0) {
686                     GSSEAP_FREE(value->value);
687                     value->value = NULL;
688                     return false;
689                 }
690                 value->length = binaryLen;
691             } else {
692                 value->value = stringValue;
693                 value->length = stringValueLen;
694             }
695         }
696         if (display_value != NULL) {
697             display_value->value = toUTF8(av->getTextContent(), true);
698             display_value->length = strlen((char *)value->value);
699         }
700     }
701
702     if (nvalues > ++i)
703         *more = i;
704
705     return true;
706 }
707
708 gss_any_t
709 gss_eap_saml_attr_provider::mapToAny(int authenticated GSSEAP_UNUSED,
710                                      gss_buffer_t type_id GSSEAP_UNUSED) const
711 {
712     return (gss_any_t)NULL;
713 }
714
715 void
716 gss_eap_saml_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
717                                                   gss_any_t input GSSEAP_UNUSED) const
718 {
719 }
720
721 const char *
722 gss_eap_saml_attr_provider::prefix(void) const
723 {
724     return "urn:ietf:params:gss-eap:saml-attr";
725 }
726
727 bool
728 gss_eap_saml_attr_provider::init(void)
729 {
730     gss_eap_attr_ctx::registerProvider(ATTR_TYPE_SAML, createAttrContext);
731     return true;
732 }
733
734 void
735 gss_eap_saml_attr_provider::finalize(void)
736 {
737     gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_SAML);
738 }
739
740 gss_eap_attr_provider *
741 gss_eap_saml_attr_provider::createAttrContext(void)
742 {
743     return new gss_eap_saml_attr_provider;
744 }
745
746 OM_uint32
747 gssEapSamlAttrProvidersInit(OM_uint32 *minor)
748 {
749     if (!gss_eap_saml_assertion_provider::init() ||
750         !gss_eap_saml_attr_provider::init()) {
751         *minor = GSSEAP_SAML_INIT_FAILURE;
752         return GSS_S_FAILURE;
753     }
754
755     return GSS_S_COMPLETE;
756 }
757
758 OM_uint32
759 gssEapSamlAttrProvidersFinalize(OM_uint32 *minor)
760 {
761     gss_eap_saml_attr_provider::finalize();
762     gss_eap_saml_assertion_provider::finalize();
763
764     *minor = 0;
765     return GSS_S_COMPLETE;
766 }
Core Moonshot code including mech_eap