/* Called by: zxid_ps_addent_invite */
int zxid_put_invite(zxid_conf* cf, struct zxid_invite* inv)
{
char buf[ZXID_MAX_USER];
char invid_c[ZXID_MAX_USER];
char* perms = zxid_render_perms(cf, inv->perms);
memcpy(invid_c, inv->invid->s, MIN(inv->invid->len, sizeof(invid_c)-1));
invid_c[sizeof(invid_c)-1] = 0;
write_all_path_fmt("put_inv", ZXID_MAX_USER, buf,
"%s" ZXID_INV_DIR "%s", cf->cpath, invid_c,
"dn: invid=%.*s\ninvid: %.*s\nuid: %s\ndesc: %.*s\npsobj: %.*s\nps2spredir: %.*s\nmaxusage: %d\nusage: %d\nstarts: %s\nexpires: %s\n%s\n\n",
inv->invid->len, inv->invid->s,
inv->invid->len, inv->invid->s,
inv->uid,
inv->desc?inv->desc->len:0, inv->desc?inv->desc->s:"",
inv->psobj?inv->psobj->len:0, inv->psobj?inv->psobj->s:"",
inv->ps2spredir?inv->ps2spredir->len:0, inv->ps2spredir?inv->ps2spredir->s:"",
inv->maxusage,
inv->usage,
zxid_date_time(cf, inv->starts),
zxid_date_time(cf, inv->expires),
STRNULLCHK(perms));
D("PUT INVITATION invid(%s)", invid_c);
return 1;
}
/* Called by: zxid_ps_addent_invite */
int zxid_put_psobj(zxid_conf* cf, struct zxid_psobj* obj)
{
char* buf = ZX_ALLOC(cf->ctx, ZXID_MAX_USER);
char* children = 0; /* *** groups and children not supported yet. */
char* tags = zxid_render_str_list(cf, obj->invids, "tag");
char* invids = zxid_render_str_list(cf, obj->invids, "invid");
char* perms = zxid_render_perms(cf, obj->perms);
obj->mod_secs = time(0);
write_all_path_fmt("put_psobj", ZXID_MAX_USER, buf,
"%s" ZXID_UID_DIR "%s", cf->cpath, obj->uid,
"dn: psobj=%.*s,uid=%s\npsobj: %.*s\nowner: %s\nidpnid: %.*s\ndispname: %.*s\nnodetype: %d\ncreated: %s\nmodified: %s\n%s%s%s%s\n\n",
obj->psobj->len, obj->psobj->s, obj->uid,
obj->psobj->len, obj->psobj->s, obj->uid,
obj->idpnid?obj->idpnid->len:0, obj->idpnid?obj->idpnid->s:"",
obj->dispname?obj->dispname->len:0, obj->dispname?obj->dispname->s:"", /* *** Should really support multiple */
obj->nodetype,
zxid_date_time(cf, obj->create_secs),
zxid_date_time(cf, obj->mod_secs),
STRNULLCHK(children),
STRNULLCHK(tags),
STRNULLCHK(invids),
STRNULLCHK(perms));
ZX_FREE(cf->ctx, buf);
D("PUT PSOBJ(%.*s)", obj->psobj->len, obj->psobj->s);
return 1;
}
/* Called by: zxid_wsc_call, zxid_wsc_prepare_call */
static int zxid_wsc_prep_secmech(zxid_conf* cf, zxid_ses* ses, zxid_epr* epr, struct zx_e_Envelope_s* env)
{
int secmech;
struct zx_wsse_Security_s* sec;
struct zx_wsse_SecurityTokenReference_s* str;
struct zx_e_Header_s* hdr;
if (!epr || !env) {
ERR("MUST supply epr %p and envelope as arguments", epr);
return 0;
}
hdr = env->Header;
zx_add_content(cf->ctx, &hdr->MessageID->gg, zxid_mk_id(cf, "urn:M", ZXID_ID_BITS));
sec = hdr->Security;
if (!sec || !sec->Timestamp || !sec->Timestamp->Created) {
ERR("MUST supply wsse:Security and Timestamp %p", sec);
return 0;
}
zx_add_content(cf->ctx, &sec->Timestamp->Created->gg, zxid_date_time(cf, time(0)));
/* Clear away any credentials from previous iteration, if any. *** clear kids list, too */
sec->Signature = 0;
sec->BinarySecurityToken = 0;
sec->SecurityTokenReference = 0;
sec->Assertion = 0;
sec->EncryptedAssertion = 0;
sec->sa11_Assertion = 0;
sec->ff12_Assertion = 0;
/* Sign all Headers that have Id set. See wsc_sign_sec_mech() */
secmech = zxid_map_sec_mech(epr);
switch (secmech) {
case ZXID_SEC_MECH_NULL:
D("secmech null %d", secmech);
break;
case ZXID_SEC_MECH_BEARER:
zxid_choose_sectok(cf, ses, epr, sec);
str = sec->SecurityTokenReference = zx_NEW_wsse_SecurityTokenReference(cf->ctx, 0);
zx_add_kid_before(&sec->gg, zx_wsu_Timestamp_ELEM, &str->gg);
str->KeyIdentifier = zx_NEW_wsse_KeyIdentifier(cf->ctx, &str->gg);
str->KeyIdentifier->ValueType = zx_ref_attr(cf->ctx, &str->KeyIdentifier->gg, zx_ValueType_ATTR, SAMLID_TOK_PROFILE);
if (sec->Assertion)
zx_add_content(cf->ctx, &str->KeyIdentifier->gg, &sec->Assertion->ID->g);
/* *** In case of encrypted assertion, how is the KeyIdentifier populated? */
zxid_wsf_sign(cf, cf->wsc_sign, sec, str, hdr, env->Body);
D("secmech bearer %d", secmech);
break;
case ZXID_SEC_MECH_SAML:
zxid_choose_sectok(cf, ses, epr, sec);
/* *** Sign SEC, MID, TO, ACT (if any) */
zxid_wsf_sign(cf, cf->wsc_sign, sec, 0, hdr, env->Body);
D("secmech saml hok %d", secmech);
break;
case ZXID_SEC_MECH_X509:
/* *** Sign SEC, MID, TO, ACT (if any) */
zxid_wsf_sign(cf, cf->wsc_sign, sec, 0, hdr, env->Body);
D("secmech x509 %d", secmech);
break;
case ZXID_SEC_MECH_PEERS:
/* *** ? */
D("secmech peers %d", secmech);
break;
default:
ERR("Unknown secmech %d", secmech);
return 0;
}
return 1;
}