moonshot/mech_eap/util_attr.h

   1 /*
   2  * Copyright (c) 2011, JANET(UK)
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  *
   9  * 1. Redistributions of source code must retain the above copyright
  10  *    notice, this list of conditions and the following disclaimer.
  11  *
  12  * 2. Redistributions in binary form must reproduce the above copyright
  13  *    notice, this list of conditions and the following disclaimer in the
  14  *    documentation and/or other materials provided with the distribution.
  15  *
  16  * 3. Neither the name of JANET(UK) nor the names of its contributors
  17  *    may be used to endorse or promote products derived from this software
  18  *    without specific prior written permission.
  19  *
  20  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  21  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  23  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
  24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  30  * SUCH DAMAGE.
  31  */
  32
  33 /*
  34  * Attribute provider interface.
  35  */
  36
  37 #ifndef _UTIL_ATTR_H_
  38 #define _UTIL_ATTR_H_ 1
  39
  40 #ifdef __cplusplus
  41 #include <string>
  42 #include <new>
  43
  44 using namespace gss_eap_util;
  45
  46 struct gss_eap_attr_provider;
  47 struct gss_eap_attr_ctx;
  48
  49 typedef bool
  50 (*gss_eap_attr_enumeration_cb)(const gss_eap_attr_ctx *ctx,
  51                                const gss_eap_attr_provider *source,
  52                                const gss_buffer_t attribute,
  53                                void *data);
  54
  55 #define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
  56 #ifdef HAVE_OPENSAML
  57 #define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
  58 #define ATTR_TYPE_SAML              2U                  /* SAML attributes */
  59 #endif
  60 #define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
  61 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
  62 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
  63
  64 #define ATTR_FLAG_DISABLE_LOCAL     0x00000001
  65
  66 /*
  67  * Attribute provider: this represents a source of attributes derived
  68  * from the security context.
  69  */
  70 struct gss_eap_attr_provider
  71 {
  72 public:
  73     gss_eap_attr_provider(void) {}
  74     virtual ~gss_eap_attr_provider(void) {}
  75
  76     bool initWithManager(const gss_eap_attr_ctx *manager)
  77     {
  78         m_manager = manager;
  79         return true;
  80     }
  81
  82     virtual bool initWithExistingContext(const gss_eap_attr_ctx *manager,
  83                                          const gss_eap_attr_provider *ctx GSSEAP_UNUSED)
  84     {
  85         return initWithManager(manager);
  86     }
  87
  88     virtual bool initWithGssContext(const gss_eap_attr_ctx *manager,
  89                                     const gss_cred_id_t cred GSSEAP_UNUSED,
  90                                     const gss_ctx_id_t ctx GSSEAP_UNUSED)
  91     {
  92         return initWithManager(manager);
  93     }
  94
  95     virtual bool getAttributeTypes(gss_eap_attr_enumeration_cb GSSEAP_UNUSED,
  96                                    void *data GSSEAP_UNUSED) const
  97     {
  98         return false;
  99     }
 100
 101     virtual bool setAttribute(int complete GSSEAP_UNUSED,
 102                               const gss_buffer_t attr GSSEAP_UNUSED,
 103                               const gss_buffer_t value GSSEAP_UNUSED)
 104     {
 105         return false;
 106     }
 107
 108     virtual bool deleteAttribute(const gss_buffer_t value GSSEAP_UNUSED)
 109     {
 110         return false;
 111     }
 112
 113     virtual bool getAttribute(const gss_buffer_t attr GSSEAP_UNUSED,
 114                               int *authenticated GSSEAP_UNUSED,
 115                               int *complete GSSEAP_UNUSED,
 116                               gss_buffer_t value GSSEAP_UNUSED,
 117                               gss_buffer_t display_value GSSEAP_UNUSED,
 118                               int *more GSSEAP_UNUSED) const
 119     {
 120         return false;
 121     }
 122
 123     virtual gss_any_t mapToAny(int authenticated GSSEAP_UNUSED,
 124                                gss_buffer_t type_id GSSEAP_UNUSED) const
 125     {
 126         return NULL;
 127     }
 128
 129     virtual void releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
 130                                        gss_any_t input GSSEAP_UNUSED) const
 131     {
 132     }
 133
 134     /* prefix to be prepended to attributes emitted by gss_get_name_attribute */
 135     virtual const char *prefix(void) const
 136     {
 137         return NULL;
 138     }
 139
 140     /* optional key for storing JSON dictionary */
 141     virtual const char *name(void) const
 142     {
 143         return NULL;
 144     }
 145
 146     virtual bool initWithJsonObject(const gss_eap_attr_ctx *manager,
 147                                     JSONObject &object GSSEAP_UNUSED)
 148     {
 149         return initWithManager(manager);
 150     }
 151
 152
 153     virtual JSONObject jsonRepresentation(void) const
 154     {
 155         return JSONObject::null();
 156     }
 157
 158     virtual time_t getExpiryTime(void) const { return 0; }
 159
 160     virtual OM_uint32 mapException(OM_uint32 *minor GSSEAP_UNUSED,
 161                                    std::exception &e GSSEAP_UNUSED) const
 162     {
 163         return GSS_S_CONTINUE_NEEDED;
 164     }
 165
 166     static bool init(void) { return true; }
 167     static void finalize(void) {}
 168
 169     static gss_eap_attr_provider *createAttrContext(void) { return NULL; }
 170
 171 protected:
 172     const gss_eap_attr_ctx *m_manager;
 173
 174 private:
 175     /* make non-copyable */
 176     gss_eap_attr_provider(const gss_eap_attr_provider&);
 177     gss_eap_attr_provider& operator=(const gss_eap_attr_provider&);
 178 };
 179
 180 typedef gss_eap_attr_provider *(*gss_eap_attr_create_provider)(void);
 181
 182 /*
 183  * Attribute context: this manages a set of providers for a given
 184  * security context.
 185  */
 186 struct gss_eap_attr_ctx
 187 {
 188 public:
 189     gss_eap_attr_ctx(void);
 190     ~gss_eap_attr_ctx(void);
 191
 192     bool initWithExistingContext(const gss_eap_attr_ctx *manager);
 193     bool initWithGssContext(const gss_cred_id_t cred,
 194                             const gss_ctx_id_t ctx);
 195
 196     bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
 197     bool getAttributeTypes(gss_buffer_set_t *attrs);
 198
 199     bool setAttribute(int complete,
 200                       const gss_buffer_t attr,
 201                       const gss_buffer_t value);
 202     bool deleteAttribute(const gss_buffer_t value);
 203     bool getAttribute(const gss_buffer_t attr,
 204                       int *authenticated,
 205                       int *complete,
 206                       gss_buffer_t value,
 207                       gss_buffer_t display_value,
 208                       int *more) const;
 209     gss_any_t mapToAny(int authenticated,
 210                        gss_buffer_t type_id) const;
 211     void releaseAnyNameMapping(gss_buffer_t type_id,
 212                                gss_any_t input) const;
 213
 214     void exportToBuffer(gss_buffer_t buffer) const;
 215     bool initWithBuffer(const gss_buffer_t buffer);
 216
 217     static std::string
 218     composeAttributeName(const gss_buffer_t prefix,
 219                          const gss_buffer_t suffix);
 220     static void
 221     decomposeAttributeName(const gss_buffer_t attribute,
 222                            gss_buffer_t prefix,
 223                            gss_buffer_t suffix);
 224     static void
 225     composeAttributeName(const gss_buffer_t prefix,
 226                          const gss_buffer_t suffix,
 227                          gss_buffer_t attribute);
 228
 229     std::string
 230     composeAttributeName(unsigned int type,
 231                          const gss_buffer_t suffix);
 232     void
 233     decomposeAttributeName(const gss_buffer_t attribute,
 234                            unsigned int *type,
 235                            gss_buffer_t suffix) const;
 236     void
 237     composeAttributeName(unsigned int type,
 238                          const gss_buffer_t suffix,
 239                          gss_buffer_t attribute) const;
 240
 241     gss_eap_attr_provider *getProvider(unsigned int type) const;
 242
 243     static void
 244     registerProvider(unsigned int type,
 245                      gss_eap_attr_create_provider factory);
 246     static void
 247     unregisterProvider(unsigned int type);
 248
 249     time_t getExpiryTime(void) const;
 250     OM_uint32 mapException(OM_uint32 *minor, std::exception &e) const;
 251
 252 private:
 253     bool providerEnabled(unsigned int type) const;
 254     void releaseProvider(unsigned int type);
 255
 256     unsigned int attributePrefixToType(const gss_buffer_t prefix) const;
 257     gss_buffer_desc attributeTypeToPrefix(unsigned int type) const;
 258
 259     bool initWithJsonObject(JSONObject &object);
 260     JSONObject jsonRepresentation(void) const;
 261
 262     gss_eap_attr_provider *getPrimaryProvider(void) const;
 263
 264     /* make non-copyable */
 265     gss_eap_attr_ctx(const gss_eap_attr_ctx&);
 266     gss_eap_attr_ctx& operator=(const gss_eap_attr_ctx&);
 267
 268     uint32_t m_flags;
 269     gss_eap_attr_provider *m_providers[ATTR_TYPE_MAX + 1];
 270 };
 271
 272 #endif /* __cplusplus */
 273
 274 #include "util_radius.h"
 275 #include "util_saml.h"
 276 #include "util_shib.h"
 277
 278 #ifdef __cplusplus
 279
 280 static inline void
 281 duplicateBuffer(gss_buffer_desc &src, gss_buffer_t dst)
 282 {
 283     OM_uint32 minor;
 284
 285     if (GSS_ERROR(duplicateBuffer(&minor, &src, dst)))
 286         throw std::bad_alloc();
 287 }
 288
 289 static inline void
 290 duplicateBuffer(std::string &str, gss_buffer_t buffer)
 291 {
 292     gss_buffer_desc tmp;
 293
 294     tmp.length = str.length();
 295     tmp.value = (char *)str.c_str();
 296
 297     duplicateBuffer(tmp, buffer);
 298 }
 299
 300 #else
 301 struct gss_eap_attr_ctx;
 302 #endif
 303
 304 #ifdef __cplusplus
 305 extern "C" {
 306 #endif
 307
 308 /*
 309  * C wrappers for attribute context functions. These match their
 310  * GSS naming extension equivalents. The caller is required to
 311  * obtain the name mutex.
 312  */
 313
 314 OM_uint32
 315 gssEapCreateAttrContext(OM_uint32 *minor,
 316                         gss_cred_id_t acceptorCred,
 317                         gss_ctx_id_t acceptorCtx,
 318                         struct gss_eap_attr_ctx **pAttrCtx,
 319                         time_t *pExpiryTime);
 320
 321 OM_uint32
 322 gssEapInquireName(OM_uint32 *minor,
 323                   gss_name_t name,
 324                   int *name_is_MN,
 325                   gss_OID *MN_mech,
 326                   gss_buffer_set_t *attrs);
 327
 328 OM_uint32
 329 gssEapGetNameAttribute(OM_uint32 *minor,
 330                        gss_name_t name,
 331                        gss_buffer_t attr,
 332                        int *authenticated,
 333                        int *complete,
 334                        gss_buffer_t value,
 335                        gss_buffer_t display_value,
 336                        int *more);
 337
 338 OM_uint32
 339 gssEapDeleteNameAttribute(OM_uint32 *minor,
 340                           gss_name_t name,
 341                           gss_buffer_t attr);
 342
 343 OM_uint32
 344 gssEapSetNameAttribute(OM_uint32 *minor,
 345                        gss_name_t name,
 346                        int complete,
 347                        gss_buffer_t attr,
 348                        gss_buffer_t value);
 349
 350 OM_uint32
 351 gssEapExportAttrContext(OM_uint32 *minor,
 352                         gss_name_t name,
 353                         gss_buffer_t buffer);
 354
 355 OM_uint32
 356 gssEapImportAttrContext(OM_uint32 *minor,
 357                         gss_buffer_t buffer,
 358                         gss_name_t name);
 359
 360 OM_uint32
 361 gssEapDuplicateAttrContext(OM_uint32 *minor,
 362                            gss_name_t in,
 363                            gss_name_t out);
 364
 365 OM_uint32
 366 gssEapMapNameToAny(OM_uint32 *minor,
 367                    gss_name_t name,
 368                    int authenticated,
 369                    gss_buffer_t type_id,
 370                    gss_any_t *output);
 371
 372 OM_uint32
 373 gssEapReleaseAnyNameMapping(OM_uint32 *minor,
 374                             gss_name_t name,
 375                             gss_buffer_t type_id,
 376                             gss_any_t *input);
 377
 378 OM_uint32
 379 gssEapReleaseAttrContext(OM_uint32 *minor,
 380                          gss_name_t name);
 381
 382 OM_uint32
 383 gssEapAttrProvidersFinalize(OM_uint32 *minor);
 384
 385 #ifdef __cplusplus
 386 }
 387 #endif
 388
 389 #endif /* _UTIL_ATTR_H_ */