OM_uint32
gssEapExportSecContext(OM_uint32 *minor,
gss_ctx_id_t ctx,
- gss_buffer_t token,
- OM_uint32 flags)
+ gss_buffer_t token)
{
OM_uint32 major, tmpMinor;
size_t length;
key.value = KRB_KEY_DATA(&ctx->rfc3961Key);
if (ctx->initiatorName != GSS_C_NO_NAME) {
- OM_uint32 nameFlags = EXPORT_NAME_FLAG_COMPOSITE;
-
- if (flags & EXPORT_CTX_FLAG_DISABLE_LOCAL_ATTRS)
- nameFlags |= EXPORT_NAME_FLAG_DISABLE_LOCAL_ATTRS;
-
major = gssEapExportNameInternal(minor, ctx->initiatorName,
- &initiatorName, nameFlags);
+ &initiatorName,
+ EXPORT_NAME_FLAG_COMPOSITE);
if (GSS_ERROR(major))
goto cleanup;
}
GSSEAP_MUTEX_LOCK(&ctx->mutex);
- major = gssEapExportSecContext(minor, ctx, interprocess_token, 0);
+ major = gssEapExportSecContext(minor, ctx, interprocess_token);
if (GSS_ERROR(major)) {
GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
return major;
(err) <= GSSEAP_RADIUS_PROT_FAILURE)
/* export_sec_context.c */
-#define EXPORT_CTX_FLAG_DISABLE_LOCAL_ATTRS 0x1
-
OM_uint32
gssEapExportSecContext(OM_uint32 *minor,
gss_ctx_id_t ctx,
- gss_buffer_t token,
- OM_uint32 flags);
+ gss_buffer_t token);
#ifdef __cplusplus
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
#define EXPORT_NAME_FLAG_COMPOSITE 0x2
-#define EXPORT_NAME_FLAG_DISABLE_LOCAL_ATTRS 0x4
OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
}
JSONObject
-gss_eap_attr_ctx::jsonRepresentation(uint32_t flags) const
+gss_eap_attr_ctx::jsonRepresentation(void) const
{
JSONObject obj, sources;
unsigned int i;
gss_eap_attr_provider *provider;
const char *key;
- if (i == ATTR_TYPE_LOCAL &&
- (flags & ATTR_FLAG_DISABLE_LOCAL))
- continue; /* reentrancy workaround */
-
provider = m_providers[i];
if (provider == NULL)
continue; /* provider not initialised */
* Export attribute context to buffer
*/
void
-gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer,
- uint32_t flags) const
+gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
{
OM_uint32 minor;
char *s;
- JSONObject obj = jsonRepresentation(flags);
+ JSONObject obj = jsonRepresentation();
#if 0
obj.dump(stdout, JSON_INDENT(3));
OM_uint32
gssEapExportAttrContext(OM_uint32 *minor,
gss_name_t name,
- gss_buffer_t buffer,
- OM_uint32 flags)
+ gss_buffer_t buffer)
{
if (name->attrCtx == NULL) {
buffer->length = 0;
return GSS_S_UNAVAILABLE;
try {
- name->attrCtx->exportToBuffer(buffer, flags);
+ name->attrCtx->exportToBuffer(buffer);
} catch (std::exception &e) {
return name->attrCtx->mapException(minor, e);
}
#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
#define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
+#define ATTR_FLAG_DISABLE_LOCAL 0x00000001
+
/*
* Attribute provider: this represents a source of attributes derived
* from the security context.
void releaseAnyNameMapping(gss_buffer_t type_id,
gss_any_t input) const;
- void exportToBuffer(gss_buffer_t buffer,
- uint32_t flags) const;
+ void exportToBuffer(gss_buffer_t buffer) const;
bool initFromBuffer(const gss_buffer_t buffer);
static std::string
gss_buffer_desc attributeTypeToPrefix(unsigned int type) const;
bool initWithJsonObject(JSONObject &object);
- JSONObject jsonRepresentation(uint32_t flags = 0) const;
+ JSONObject jsonRepresentation(void) const;
gss_eap_attr_provider *getPrimaryProvider(void) const;
extern "C" {
#endif
-#define ATTR_FLAG_DISABLE_LOCAL 0x00000001
-
/*
* C wrappers for attribute context functions. These match their
* GSS naming extension equivalents. The caller is required to
OM_uint32
gssEapExportAttrContext(OM_uint32 *minor,
gss_name_t name,
- gss_buffer_t buffer,
- OM_uint32 flags);
+ gss_buffer_t buffer);
OM_uint32
gssEapImportAttrContext(OM_uint32 *minor,
}
exportedNameLen += 4 + nameBuf.length;
if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
- OM_uint32 attrFlags = 0;
-
- if (flags & EXPORT_NAME_FLAG_DISABLE_LOCAL_ATTRS)
- attrFlags |= ATTR_FLAG_DISABLE_LOCAL;
-
- major = gssEapExportAttrContext(minor, name, &attrs, attrFlags);
+ major = gssEapExportAttrContext(minor, name, &attrs);
if (GSS_ERROR(major))
goto cleanup;
exportedNameLen += attrs.length;
GSSEAP_KRB_INIT(&krbContext);
- major = gssEapExportAttrContext(minor, initiatorName, &attrBuf, 0);
+ major = gssEapExportAttrContext(minor, initiatorName, &attrBuf);
if (GSS_ERROR(major))
return major;
gss_eap_shib_attr_provider::gss_eap_shib_attr_provider(void)
{
+ m_initialized = false;
m_authenticated = false;
}
m_authenticated = shib->authenticated();
}
+ m_initialized = true;
+
return true;
}
}
#endif
- major = gssEapExportSecContext(&minor, gssCtx, &exportedCtx,
- EXPORT_CTX_FLAG_DISABLE_LOCAL_ATTRS);
+ major = gssEapExportSecContext(&minor, gssCtx, &exportedCtx);
if (major == GSS_S_COMPLETE) {
resolver->addToken(&exportedCtx);
gss_release_buffer(&minor, &exportedCtx);
}
- m_authenticated = true;
-
if (saml != NULL && saml->getAssertion() != NULL) {
resolver->addToken(saml->getAssertion());
m_authenticated = saml->authenticated();
#endif
}
+ m_initialized = true;
+
return true;
}
{
int i = 0;
+ assert(m_initialized);
+
for (vector<Attribute *>::const_iterator a = m_attributes.begin();
a != m_attributes.end();
++a)
vector <string> ids(1, attrStr);
SimpleAttribute *a = new SimpleAttribute(ids);
+ assert(m_initialized);
+
if (value->length != 0) {
string valueStr((char *)value->value, value->length);
{
int i;
+ assert(m_initialized);
+
i = getAttributeIndex(attr);
if (i >= 0)
m_attributes.erase(m_attributes.begin() + i);
gss_eap_shib_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
void *data) const
{
+ assert(m_initialized);
+
for (vector<Attribute*>::const_iterator a = m_attributes.begin();
a != m_attributes.end();
++a)
{
const Attribute *ret = NULL;
+ assert(m_initialized);
+
for (vector<Attribute *>::const_iterator a = m_attributes.begin();
a != m_attributes.end();
++a)
gss_buffer_desc buf;
int nvalues, i = *more;
+ assert(m_initialized);
+
*more = 0;
shibAttr = getAttribute(attr);
{
gss_any_t output;
+ assert(m_initialized);
+
if (authenticated && !m_authenticated)
return (gss_any_t)NULL;
gss_eap_shib_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
gss_any_t input) const
{
+ assert(m_initialized);
+
vector <Attribute *> *v = ((vector <Attribute *> *)input);
delete v;
}
{
JSONObject obj;
- obj.set("authenticated", m_authenticated);
+ if (m_initialized == false)
+ return obj; /* don't export incomplete context */
JSONObject attrs = JSONObject::array();
obj.set("attributes", attrs);
+ obj.set("authenticated", m_authenticated);
+
return obj;
}
assert(m_authenticated == false);
assert(m_attributes.size() == 0);
- m_authenticated = obj["authenticated"].integer();
-
JSONObject attrs = obj["attributes"];
size_t nelems = attrs.size();
m_attributes.push_back(attribute);
}
+ m_authenticated = obj["authenticated"].integer();
+ m_initialized = true;
+
return true;
}
bool authenticated(void) const { return m_authenticated; }
- friend bool
- addRadiusAttribute(const gss_eap_attr_provider *source,
- const gss_buffer_t attribute,
- void *data);
-
+ bool m_initialized;
+ bool m_authenticated;
std::vector<shibsp::Attribute *> m_attributes;
- int m_authenticated;
};
-
extern "C" {
#endif