Exemple #1
0
/* Called by:  zxid_ps_addent_invite */
int zxid_put_invite(zxid_conf* cf, struct zxid_invite* inv)
{
  char buf[ZXID_MAX_USER];
  char invid_c[ZXID_MAX_USER];
  char* perms = zxid_render_perms(cf, inv->perms);
  memcpy(invid_c, inv->invid->s, MIN(inv->invid->len, sizeof(invid_c)-1));
  invid_c[sizeof(invid_c)-1] = 0;

  write_all_path_fmt("put_inv", ZXID_MAX_USER, buf,
		     "%s" ZXID_INV_DIR "%s", cf->cpath, invid_c,
		     "dn: invid=%.*s\ninvid: %.*s\nuid: %s\ndesc: %.*s\npsobj: %.*s\nps2spredir: %.*s\nmaxusage: %d\nusage: %d\nstarts: %s\nexpires: %s\n%s\n\n",
		     inv->invid->len, inv->invid->s,
		     inv->invid->len, inv->invid->s,
		     inv->uid,
		     inv->desc?inv->desc->len:0, inv->desc?inv->desc->s:"",
		     inv->psobj?inv->psobj->len:0, inv->psobj?inv->psobj->s:"",
		     inv->ps2spredir?inv->ps2spredir->len:0, inv->ps2spredir?inv->ps2spredir->s:"",
		     inv->maxusage,
		     inv->usage,
		     zxid_date_time(cf, inv->starts),
		     zxid_date_time(cf, inv->expires),
		     STRNULLCHK(perms));
  D("PUT INVITATION invid(%s)", invid_c);
  return 1;
}
Exemple #2
0
/* Called by:  zxid_ps_addent_invite */
int zxid_put_psobj(zxid_conf* cf, struct zxid_psobj* obj)
{
  char* buf = ZX_ALLOC(cf->ctx, ZXID_MAX_USER);
  char* children = 0;  /* *** groups and children not supported yet. */
  char* tags = zxid_render_str_list(cf, obj->invids, "tag");
  char* invids = zxid_render_str_list(cf, obj->invids, "invid");
  char* perms = zxid_render_perms(cf, obj->perms);
  obj->mod_secs = time(0);
  
  write_all_path_fmt("put_psobj", ZXID_MAX_USER, buf,
		     "%s" ZXID_UID_DIR "%s", cf->cpath, obj->uid,
		     "dn: psobj=%.*s,uid=%s\npsobj: %.*s\nowner: %s\nidpnid: %.*s\ndispname: %.*s\nnodetype: %d\ncreated: %s\nmodified: %s\n%s%s%s%s\n\n",
		     obj->psobj->len, obj->psobj->s, obj->uid,
		     obj->psobj->len, obj->psobj->s, obj->uid,
		     obj->idpnid?obj->idpnid->len:0, obj->idpnid?obj->idpnid->s:"",
		     obj->dispname?obj->dispname->len:0, obj->dispname?obj->dispname->s:"",  /* *** Should really support multiple */
		     obj->nodetype,
		     zxid_date_time(cf, obj->create_secs),
		     zxid_date_time(cf, obj->mod_secs),
		     STRNULLCHK(children),
		     STRNULLCHK(tags),
		     STRNULLCHK(invids),
		     STRNULLCHK(perms));
  ZX_FREE(cf->ctx, buf);
  D("PUT PSOBJ(%.*s)", obj->psobj->len, obj->psobj->s);
  return 1;
}
Exemple #3
0
/* Called by:  zxid_wsc_call, zxid_wsc_prepare_call */
static int zxid_wsc_prep_secmech(zxid_conf* cf, zxid_ses* ses, zxid_epr* epr, struct zx_e_Envelope_s* env)
{
  int secmech;
  struct zx_wsse_Security_s* sec;
  struct zx_wsse_SecurityTokenReference_s* str;
  struct zx_e_Header_s* hdr;
  
  if (!epr || !env) {
    ERR("MUST supply epr %p and envelope as arguments", epr);
    return 0;
  }

  hdr = env->Header;
  zx_add_content(cf->ctx, &hdr->MessageID->gg, zxid_mk_id(cf, "urn:M", ZXID_ID_BITS));
  sec = hdr->Security;
  if (!sec || !sec->Timestamp || !sec->Timestamp->Created) {
    ERR("MUST supply wsse:Security and Timestamp %p", sec);
    return 0;
  }
  zx_add_content(cf->ctx, &sec->Timestamp->Created->gg, zxid_date_time(cf, time(0)));
    
  /* Clear away any credentials from previous iteration, if any. *** clear kids list, too */
  sec->Signature = 0;
  sec->BinarySecurityToken = 0;
  sec->SecurityTokenReference = 0;
  sec->Assertion = 0;
  sec->EncryptedAssertion = 0;
  sec->sa11_Assertion = 0;
  sec->ff12_Assertion = 0;
    
  /* Sign all Headers that have Id set. See wsc_sign_sec_mech() */
  secmech = zxid_map_sec_mech(epr);
  switch (secmech) {
  case ZXID_SEC_MECH_NULL:
    D("secmech null %d", secmech);
    break;
  case ZXID_SEC_MECH_BEARER:
    zxid_choose_sectok(cf, ses, epr, sec);
    str = sec->SecurityTokenReference = zx_NEW_wsse_SecurityTokenReference(cf->ctx, 0);
    zx_add_kid_before(&sec->gg, zx_wsu_Timestamp_ELEM, &str->gg);
    str->KeyIdentifier = zx_NEW_wsse_KeyIdentifier(cf->ctx, &str->gg);
    str->KeyIdentifier->ValueType = zx_ref_attr(cf->ctx, &str->KeyIdentifier->gg, zx_ValueType_ATTR, SAMLID_TOK_PROFILE);
    if (sec->Assertion)
      zx_add_content(cf->ctx, &str->KeyIdentifier->gg, &sec->Assertion->ID->g);
    /* *** In case of encrypted assertion, how is the KeyIdentifier populated? */
    
    zxid_wsf_sign(cf, cf->wsc_sign, sec, str, hdr, env->Body);
    D("secmech bearer %d", secmech);
    break;
  case ZXID_SEC_MECH_SAML:
    zxid_choose_sectok(cf, ses, epr, sec);
    /* *** Sign SEC, MID, TO, ACT (if any) */
    zxid_wsf_sign(cf, cf->wsc_sign, sec, 0, hdr, env->Body);
    D("secmech saml hok %d", secmech);
    break;
  case ZXID_SEC_MECH_X509:
    /* *** Sign SEC, MID, TO, ACT (if any) */
    zxid_wsf_sign(cf, cf->wsc_sign, sec, 0, hdr, env->Body);
    D("secmech x509 %d", secmech);
    break;
  case ZXID_SEC_MECH_PEERS:
    /* *** ? */
    D("secmech peers %d", secmech);
    break;
  default:
    ERR("Unknown secmech %d", secmech);
    return 0;
  }
  return 1;
}