Merge patch for GSS context in buffer form.

diff --git a/src/shibresolver/resolver.cpp b/src/shibresolver/resolver.cpp
index 83b6269..f1d5d58 100644 (file)
--- a/src/shibresolver/resolver.cpp
+++ b/src/shibresolver/resolver.cpp
@@ -116,7 +116,9 @@ void ShibbolethResolver::setRequest(const SPRequest* request)
     if (request) {
         const GSSRequest* gss = dynamic_cast<const GSSRequest*>(request);
         if (gss) {
-            addToken(gss->getGSSContext());
+            // TODO: fix API to prevent destruction of contexts
+            gss_ctx_id_t ctx = gss->getGSSContext();
+            addToken(&ctx);
         }
     }
 #endif
@@ -143,44 +145,49 @@ void ShibbolethResolver::addToken(const XMLObject* token)
 }
 
 #ifdef SHIBRESOLVER_HAVE_GSSAPI
-void ShibbolethResolver::addToken(gss_ctx_id_t ctx)
+void ShibbolethResolver::addToken(gss_ctx_id_t* ctx)
 {
     if (m_gsswrapper) {
         delete m_gsswrapper;
         m_gsswrapper = NULL;
     }
 
-    if (ctx != GSS_C_NO_CONTEXT) {
-        OM_uint32 minor;
-        gss_buffer_desc contextbuf;
-        contextbuf.length = 0;
-        contextbuf.value = NULL;
-        OM_uint32 major = gss_export_sec_context(&minor, &ctx, &contextbuf);
+    if (ctx && *ctx != GSS_C_NO_CONTEXT) {
+        OM_uint32 major, minor;
+        gss_buffer_desc contextbuf = GSS_C_EMPTY_BUFFER;
+
+        major = gss_export_sec_context(&minor, ctx, &contextbuf);
         if (major == GSS_S_COMPLETE) {
-            xsecsize_t len=0;
-            XMLByte* out=Base64::encode(reinterpret_cast<const XMLByte*>(contextbuf.value), contextbuf.length, &len);
-            if (out) {
-                string s;
-                s.append(reinterpret_cast<char*>(out), len);
-                auto_ptr_XMLCh temp(s.c_str());
-#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE
-                XMLString::release(&out);
-#else
-                XMLString::release((char**)&out);
-#endif
-                static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I);
-                m_gsswrapper = new AnyElementImpl(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI);
-                m_gsswrapper->setTextContent(temp.get());
-            }
-            else {
-                Category::getInstance(SHIBRESOLVER_LOGCAT).error("error while base64-encoding GSS context");
-            }
+            addToken(&contextbuf);
+            gss_release_buffer(&minor, &contextbuf);
         }
         else {
             Category::getInstance(SHIBRESOLVER_LOGCAT).error("error exporting GSS context");
         }
     }
 }
+
+void ShibbolethResolver::addToken(const gss_buffer_t contextbuf)
+{
+    xsecsize_t len=0;
+    XMLByte* out=Base64::encode(reinterpret_cast<const XMLByte*>(contextbuf->value), contextbuf->length, &len);
+    if (out) {
+        string s;
+        s.append(reinterpret_cast<char*>(out), len);
+        auto_ptr_XMLCh temp(s.c_str());
+#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE
+        XMLString::release(&out);
+#else
+        XMLString::release((char**)&out);
+#endif
+        static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I);
+        m_gsswrapper = new AnyElementImpl(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI);
+        m_gsswrapper->setTextContent(temp.get());
+    }
+    else {
+        Category::getInstance(SHIBRESOLVER_LOGCAT).error("error while base64-encoding GSS context");
+    }
+}
 #endif
 
 void ShibbolethResolver::addAttribute(Attribute* attr)

diff --git a/src/shibresolver/resolver.h b/src/shibresolver/resolver.h
index 179a4ba..7ae1634 100644 (file)
--- a/src/shibresolver/resolver.h
+++ b/src/shibresolver/resolver.h
@@ -101,11 +101,20 @@ namespace shibresolver {
 #ifdef SHIBRESOLVER_HAVE_GSSAPI
         /**
          * Adds a GSS-API security context as input to the resolver.
-         * <p>The caller retains ownership of the context.
+         * <p>The caller loses ownership of the context.
          *
          * @param ctx an input context to evaluate
          */
-        void addToken(gss_ctx_id_t ctx);
+        void addToken(gss_ctx_id_t* ctx);
+
+        /**
+         * Adds a GSS-API exported security context as input to
+         * the resolver.
+         * <p>The caller retains ownership of the buffer.
+         *
+         * @param ctx an input exported security context to evaluate
+         */
+        void addToken(gss_buffer_t token);
 #endif
 
         /**