From 72e88654dbdfa92789dfe0224e818d2da261005a Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Sat, 2 Apr 2011 08:59:33 +0000
Subject: refactor krb5 plugin to use GSS_C_ATTR_SAML_ASSERTION

git-svn-id: svn://anonsvn.mit.edu/krb5/users/lhoward/saml2@24800 dc483132-0cff-0310-8789-dd5450dbe970
---
 src/plugins/authdata/saml_client/Makefile.in       |  2 +-
 src/plugins/authdata/saml_client/saml_authdata.cpp | 21 +++++++++++----------
 src/plugins/authdata/saml_server/Makefile.in       |  2 +-
 3 files changed, 13 insertions(+), 12 deletions(-)

diff --git a/src/plugins/authdata/saml_client/Makefile.in b/src/plugins/authdata/saml_client/Makefile.in
index eb8ad5f..b40c1d4 100644
--- a/src/plugins/authdata/saml_client/Makefile.in
+++ b/src/plugins/authdata/saml_client/Makefile.in
@@ -18,7 +18,7 @@ SO_EXT=.so
 SHLIB_EXPDEPS = $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
 	$(TOPLIBD)/libkrb5$(SHLIBEXT)
 SAML_LIBS = -L/usr/local/lib -lsaml -lshibresolver -lshibsp -lxml-security-c -lxmltooling -lxerces-c
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto $(SUPPORT_LIB) $(LIBS) $(SAML_LIBS)
+SHLIB_EXPLIBS= $(GSS_LIBS) $(KRB5_BASE_LIBS) $(SUPPORT_LIB) $(LIBS) $(SAML_LIBS)
 
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
diff --git a/src/plugins/authdata/saml_client/saml_authdata.cpp b/src/plugins/authdata/saml_client/saml_authdata.cpp
index 1f2fefd..458813e 100644
--- a/src/plugins/authdata/saml_client/saml_authdata.cpp
+++ b/src/plugins/authdata/saml_client/saml_authdata.cpp
@@ -32,6 +32,8 @@
 
 #include "../saml_server/saml_krb.h"
 
+#include <gssapi/gssapi_ext.h>
+
 #include <shibsp/exceptions.h>
 #include <shibsp/attribute/SimpleAttribute.h>
 #include <shibresolver/resolver.h>
@@ -228,18 +230,12 @@ saml_fini(krb5_context kcontext, void *plugin_context)
 {
 }
 
-static const krb5_data
-saml_assertion_attr = {
-    KV5M_DATA,
-    /* XXX this is for Moonshot interoperability demonstrability only */
-    sizeof("urn:ietf:params:gss-eap:saml-aaa-assertion") - 1,
-    (char *)"urn:ietf:params:gss-eap:saml-aaa-assertion"
-};
-
 static krb5_boolean
 saml_is_assertion_attr(const krb5_data *attr)
 {
-    return data_eq(*attr, saml_assertion_attr);
+    return (attr->length == GSS_C_ATTR_SAML_ASSERTION->length &&
+            memcmp(attr->data, GSS_C_ATTR_SAML_ASSERTION->value,
+                   GSS_C_ATTR_SAML_ASSERTION->length) == 0);
 }
 
 static shibsp::Attribute *
@@ -387,7 +383,12 @@ saml_get_attribute_types(krb5_context kcontext,
         return code;
 
     if (sc->assertion != NULL) {
-        code = krb5int_copy_data_contents_add0(kcontext, &saml_assertion_attr, &attrs[i++]);
+        krb5_data saml;
+
+        saml.length = GSS_C_ATTR_SAML_ASSERTION->length;
+        saml.data = (char *)GSS_C_ATTR_SAML_ASSERTION->value;
+
+        code = krb5int_copy_data_contents_add0(kcontext, &saml, &attrs[i++]);
         if (code != 0) {
             free(attrs);
             return code;
diff --git a/src/plugins/authdata/saml_server/Makefile.in b/src/plugins/authdata/saml_server/Makefile.in
index dfd6b03..9e93d82 100644
--- a/src/plugins/authdata/saml_server/Makefile.in
+++ b/src/plugins/authdata/saml_server/Makefile.in
@@ -19,7 +19,7 @@ SO_EXT=.so
 SAML_LIBS = -L/usr/local/lib -lsaml -lxml-security-c -lxmltooling -lxerces-c
 SHLIB_EXPDEPS = $(TOPLIBD)/libk5crypto$(SHLIBEXT) \
 	$(TOPLIBD)/libkrb5$(SHLIBEXT)
-SHLIB_EXPLIBS= -lkrb5 -lcom_err -lk5crypto -lkdb_ldap -lkdb5 $(SUPPORT_LIB) $(LIBS) @LDAP_LIBS@ $(SAML_LIBS)
+SHLIB_EXPLIBS= $(KRB5_BASE_LIBS) -lkdb_ldap $(KDB5_LIBS) $(SUPPORT_LIB) $(LIBS) @LDAP_LIBS@ $(SAML_LIBS)
 
 SHLIB_DIRS=-L$(TOPLIBD)
 SHLIB_RDIRS=$(KRB5_LIBDIR)
-- 
cgit v1.1