From: Scott Cantor Date: Mon, 28 Mar 2011 18:42:49 +0000 (+0000) Subject: Merge patch for GSS context in buffer form. X-Git-Tag: 1.0.0~24 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fcpp-sp-resolver.git;a=commitdiff_plain;h=8c308951c88a1c5e3f3db97f25a706492f7d234c Merge patch for GSS context in buffer form. --- diff --git a/src/shibresolver/resolver.cpp b/src/shibresolver/resolver.cpp index 83b6269..f1d5d58 100644 --- a/src/shibresolver/resolver.cpp +++ b/src/shibresolver/resolver.cpp @@ -116,7 +116,9 @@ void ShibbolethResolver::setRequest(const SPRequest* request) if (request) { const GSSRequest* gss = dynamic_cast(request); if (gss) { - addToken(gss->getGSSContext()); + // TODO: fix API to prevent destruction of contexts + gss_ctx_id_t ctx = gss->getGSSContext(); + addToken(&ctx); } } #endif @@ -143,44 +145,49 @@ void ShibbolethResolver::addToken(const XMLObject* token) } #ifdef SHIBRESOLVER_HAVE_GSSAPI -void ShibbolethResolver::addToken(gss_ctx_id_t ctx) +void ShibbolethResolver::addToken(gss_ctx_id_t* ctx) { if (m_gsswrapper) { delete m_gsswrapper; m_gsswrapper = NULL; } - if (ctx != GSS_C_NO_CONTEXT) { - OM_uint32 minor; - gss_buffer_desc contextbuf; - contextbuf.length = 0; - contextbuf.value = NULL; - OM_uint32 major = gss_export_sec_context(&minor, &ctx, &contextbuf); + if (ctx && *ctx != GSS_C_NO_CONTEXT) { + OM_uint32 major, minor; + gss_buffer_desc contextbuf = GSS_C_EMPTY_BUFFER; + + major = gss_export_sec_context(&minor, ctx, &contextbuf); if (major == GSS_S_COMPLETE) { - xsecsize_t len=0; - XMLByte* out=Base64::encode(reinterpret_cast(contextbuf.value), contextbuf.length, &len); - if (out) { - string s; - s.append(reinterpret_cast(out), len); - auto_ptr_XMLCh temp(s.c_str()); -#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE - XMLString::release(&out); -#else - XMLString::release((char**)&out); -#endif - static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I); - m_gsswrapper = new AnyElementImpl(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI); - m_gsswrapper->setTextContent(temp.get()); - } - else { - Category::getInstance(SHIBRESOLVER_LOGCAT).error("error while base64-encoding GSS context"); - } + addToken(&contextbuf); + gss_release_buffer(&minor, &contextbuf); } else { Category::getInstance(SHIBRESOLVER_LOGCAT).error("error exporting GSS context"); } } } + +void ShibbolethResolver::addToken(const gss_buffer_t contextbuf) +{ + xsecsize_t len=0; + XMLByte* out=Base64::encode(reinterpret_cast(contextbuf->value), contextbuf->length, &len); + if (out) { + string s; + s.append(reinterpret_cast(out), len); + auto_ptr_XMLCh temp(s.c_str()); +#ifdef SHIBSP_XERCESC_HAS_XMLBYTE_RELEASE + XMLString::release(&out); +#else + XMLString::release((char**)&out); +#endif + static const XMLCh _GSSAPI[] = UNICODE_LITERAL_6(G,S,S,A,P,I); + m_gsswrapper = new AnyElementImpl(shibspconstants::SHIB2ATTRIBUTEMAP_NS, _GSSAPI); + m_gsswrapper->setTextContent(temp.get()); + } + else { + Category::getInstance(SHIBRESOLVER_LOGCAT).error("error while base64-encoding GSS context"); + } +} #endif void ShibbolethResolver::addAttribute(Attribute* attr) diff --git a/src/shibresolver/resolver.h b/src/shibresolver/resolver.h index 179a4ba..7ae1634 100644 --- a/src/shibresolver/resolver.h +++ b/src/shibresolver/resolver.h @@ -101,11 +101,20 @@ namespace shibresolver { #ifdef SHIBRESOLVER_HAVE_GSSAPI /** * Adds a GSS-API security context as input to the resolver. - *

The caller retains ownership of the context. + *

The caller loses ownership of the context. * * @param ctx an input context to evaluate */ - void addToken(gss_ctx_id_t ctx); + void addToken(gss_ctx_id_t* ctx); + + /** + * Adds a GSS-API exported security context as input to + * the resolver. + *

The caller retains ownership of the buffer. + * + * @param ctx an input exported security context to evaluate + */ + void addToken(gss_buffer_t token); #endif /**