return json_is_null(m_obj);
}
-JSONObject::JSONObject(DDF &ddf)
+JSONObject
+JSONObject::ddf(DDF &ddf)
{
if (ddf.isstruct()) {
DDF elem = ddf.first();
- JSONObject jobj = JSONObject::array();
+ JSONObject jobj = JSONObject::object();
while (!elem.isnull()) {
- JSONObject jtmp(elem);
- jobj.append(jtmp);
+ JSONObject jtmp = JSONObject::ddf(elem);
+ jobj.set(elem.name(), jtmp);
elem = ddf.next();
}
+
+ return jobj;
} else if (ddf.islist()) {
DDF elem = ddf.first();
- JSONObject jobj = JSONObject::object();
+ JSONObject jobj = JSONObject::array();
while (!elem.isnull()) {
- JSONObject jtmp(elem);
- jobj.set(elem.name(), jtmp);
+ JSONObject jtmp = JSONObject::ddf(elem);
+ jobj.append(jtmp);
elem = ddf.next();
}
+
+ return jobj;
} else if (ddf.isstring()) {
- JSONObject(ddf.string());
+ return JSONObject(ddf.string());
} else if (ddf.isint()) {
- JSONObject((json_int_t)ddf.integer());
+ return JSONObject((json_int_t)ddf.integer());
} else if (ddf.isfloat()) {
- JSONObject(ddf.floating());
+ return JSONObject(ddf.floating());
} else if (ddf.isempty() || ddf.ispointer()) {
- JSONObject::object();
+ return JSONObject::object();
} else if (ddf.isnull()) {
- JSONObject::null();
+ return JSONObject::null();
}
std::string s("Unbridgeable DDF object");
do {
const char *key = iter.key();
DDF value = iter.value().ddf();
- ddf.add(value.name(key));
+ ddf.addmember(key).swap(value);
} while (iter.next());
break;
}
break;
}
- return DDF(NULL);
+ return ddf;
}
JSONIterator::JSONIterator(const JSONObject &obj)
static JSONObject object(void);
static JSONObject array(void);
static JSONObject null(void);
+ static JSONObject ddf(DDF &value);
char *dump(size_t flags = 0) const;
- void dump(FILE *fp, size_t flags = 0) const;
+ void dump(FILE *fp, size_t flags = JSON_INDENT(4)) const;
json_type type(void) const { return json_typeof(m_obj); }
size_t size(void) const;
JSONObject(void);
- JSONObject(DDF &value);
JSONObject(const char *value);
JSONObject(json_int_t value);
JSONObject(double value);
}
}
- JSONObject(json_t *obj, bool retain);
+ JSONObject(json_t *obj, bool retain = true);
json_t *m_obj;
};
return true;
}
+static OM_uint32
+exportMechSecContext(OM_uint32 *minor,
+ gss_ctx_id_t gssCtx,
+ gss_buffer_t mechContext)
+{
+ OM_uint32 major;
+ gss_buffer_desc exportedCtx;
+ unsigned char *p;
+
+ assert(gssCtx->mechanismUsed != GSS_C_NO_OID);
+
+ major = gssEapExportSecContext(minor, gssCtx, &exportedCtx);
+ if (GSS_ERROR(major))
+ return major;
+
+ /*
+ * gss_import_sec_context expects the exported security context token
+ * to be tagged with the mechanism OID; in Heimdal and MIT, this is
+ * done by the mechglue, so if we are subverting the mechglue we need
+ * to add it ourselves.
+ */
+ mechContext->length = 4 + gssCtx->mechanismUsed->length + exportedCtx.length;
+ mechContext->value = p = (unsigned char *)GSSEAP_MALLOC(mechContext->length);
+ if (mechContext->value == NULL) {
+ gss_release_buffer(minor, &exportedCtx);
+ throw new std::bad_alloc;
+ }
+
+ p = store_oid(gssCtx->mechanismUsed, p);
+ memcpy(p, exportedCtx.value, exportedCtx.length);
+
+ gss_release_buffer(minor, &exportedCtx);
+
+ return GSS_S_COMPLETE;
+}
+
bool
gss_eap_shib_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
const gss_cred_id_t gssCred,
const gss_ctx_id_t gssCtx)
{
const gss_eap_saml_assertion_provider *saml;
- gss_buffer_desc exportedCtx = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc mechContext = GSS_C_EMPTY_BUFFER;
OM_uint32 major, minor;
#if 0
gss_buffer_desc nameBuf = GSS_C_EMPTY_BUFFER;
}
#endif
- major = gssEapExportSecContext(&minor, gssCtx, &exportedCtx);
+ major = exportMechSecContext(&minor, gssCtx, &mechContext);
if (major == GSS_S_COMPLETE) {
- resolver->addToken(&exportedCtx);
- gss_release_buffer(&minor, &exportedCtx);
+ resolver->addToken(&mechContext);
+ gss_release_buffer(&minor, &mechContext);
}
if (saml != NULL && saml->getAssertion() != NULL) {
if (m_initialized == false)
return obj; /* don't export incomplete context */
- JSONObject attrs = JSONObject::array();
+ JSONObject jattrs = JSONObject::array();
for (vector<Attribute*>::const_iterator a = m_attributes.begin();
a != m_attributes.end(); ++a) {
- DDF attr = (*a)->marshall();
- JSONObject jobj(attr);
- attrs.append(jobj);
+ try {
+ DDF attr = (*a)->marshall();
+ JSONObject jattr = JSONObject::ddf(attr);
+ jattrs.append(jattr);
+ } catch (AttributeException &e) {
+ /* XXX FIXME ignore attribute exceptions? */
+ }
}
- obj.set("attributes", attrs);
+ obj.set("attributes", jattrs);
obj.set("authenticated", m_authenticated);
assert(m_authenticated == false);
assert(m_attributes.size() == 0);
- JSONObject attrs = obj["attributes"];
- size_t nelems = attrs.size();
+ JSONObject jattrs = obj["attributes"];
+ size_t nelems = jattrs.size();
for (size_t i = 0; i < nelems; i++) {
- DDF attr = attrs.get(i).ddf();
- Attribute *attribute = Attribute::unmarshall(attr);
- m_attributes.push_back(attribute);
+ JSONObject jattr = jattrs.get(i);
+
+ try {
+ DDF attr = jattr.ddf();
+ Attribute *attribute = Attribute::unmarshall(attr);
+ m_attributes.push_back(attribute);
+ } catch (AttributeException &e) {
+ return false;
+ }
}
m_authenticated = obj["authenticated"].integer();