################################################################################
-### Copyright (C) 2014-2017 VMware, Inc. All rights reserved.
+### Copyright (c) 2014-2017,2023 VMware, Inc. All rights reserved.
###
### This program is free software; you can redistribute it and/or modify
### it under the terms of version 2 of the GNU General Public License as
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2016,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
#include "VGAuthError.h"
+/* clang-format off */
+
/*
* @file VGAuthProto.h
*
#define VGAUTH_REQUESTVALIDATESAMLBEARERTOKEN_ELEMENT_NAME "ValidateSamlBToken"
+
#define VGAUTH_VALIDATESAMLBEARERTOKEN_REQUEST_FORMAT \
VGAUTH_REQUEST_FORMAT_START \
"<"VGAUTH_REQUESTNAME_ELEMENT_NAME">"VGAUTH_REQUESTVALIDATESAMLBEARERTOKEN_ELEMENT_NAME"</"VGAUTH_REQUESTNAME_ELEMENT_NAME">" \
"<"VGAUTH_VALIDATE_ONLY_ELEMENT_NAME">%s</"VGAUTH_VALIDATE_ONLY_ELEMENT_NAME">" \
VGAUTH_REQUEST_FORMAT_END
+
#define VGAUTH_VALIDATESAMLBEARERTOKEN_REPLY_FORMAT_START \
VGAUTH_REPLY_FORMAT_START \
"<"VGAUTH_USERNAME_ELEMENT_NAME">%s</"VGAUTH_USERNAME_ELEMENT_NAME">" \
VGAUTH_USERHANDLESAMLINFO_FORMAT_END \
VGAUTH_REPLY_FORMAT_END
+/* clang-format on */
#endif // _VGAUTHPROTO_H_
/*********************************************************
- * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
int *num, // OUT
VGAuthMappedAlias **maList); // OUT
+/* clang-format off */
VGAuthError VGAuth_SendValidateSamlBearerTokenRequest(VGAuthContext *ctx,
gboolean validateOnly,
const char *samlToken,
const char *userName,
VGAuthUserHandle **userHandle);
+
+/* clang-format on */
+
VGAuthError VGAuth_CreateHandleForUsername(VGAuthContext *ctx,
const char *userName,
VGAuthUserHandleType type,
/*********************************************************
- * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
* authenticated.</li>
* </ol>
*
- * @remark One @a extraParams is supported:
+ * @remark Supported @a extraParams:
* VGAUTH_PARAM_VALIDATE_INFO_ONLY, which must have the value
* VGAUTH_PARAM_VALUE_TRUE or VGAUTH_PARAM_VALUE_FALSE.
* If set, SAML token validation is done, but the returned
/*********************************************************
- * Copyright (C) 2011-2019 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2019,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
#define VGAUTH_PARAM_VALIDATE_INFO_ONLY "validateInfoOnly"
+
VGAuthError VGAuth_ValidateSamlBearerToken(VGAuthContext *ctx,
const char *samlToken,
const char *userName,
/*********************************************************
- * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
VGAuthError err;
SAMLTokenData token;
- err = SAMLVerifyAssertion(xmlText, token, certs);
+ err = SAMLVerifyAssertion(xmlText,
+ token, certs);
if (VGAUTH_E_OK != err) {
return err;
}
* The token must first be verified, then the certificate chain used
* verify it must be checked against the appropriate certificate store.
*
- * @param[in] xmlText The text of the SAML assertion.
- * @param[in] userName Optional username to authenticate as.
- * @param[out] userNameOut The user that the token has authenticated as.
- * @param[out] subjNameOut The subject in the token.
- * @param[out] verifySi The subjectInfo associated with the entry
- * in the ID provider store used to verify the
- * SAML cert.
+ * @param[in] xmlText The text of the SAML assertion.
+ * @param[in] userName Optional username to authenticate as.
+ * @param[out] userNameOut The user that the token has authenticated as.
+ * @param[out] subjNameOut The subject in the token.
+ * @param[out] verifySi The subjectInfo associated with the entry
+ * in the ID provider store used to verify the
+ * SAML cert.
*
* @return VGAUTH_E_OK on success, VGAuthError on failure
*
ServiceSubject subj;
int i;
- err = SAMLVerifyAssertion(xmlText, token, certs);
+ err = SAMLVerifyAssertion(xmlText,
+ token, certs);
if (VGAUTH_E_OK != err) {
return err;
}
return VGAUTH_E_AUTHENTICATION_DENIED;
}
- if (!SAMLCheckSignature(doc, certs)) {
+ if (!SAMLCheckSignature(doc,
+ certs)) {
return VGAUTH_E_AUTHENTICATION_DENIED;
}
*
* Verifies the signature on an XML document.
*
- * @param[in] doc Parsed XML document.
- * @param[out] numCerts Number of certs in the token.
- * @param[out] certChain Certs in the token. Caller should g_free() array and
- * contents.
+ * @param[in] doc Parsed XML document.
+ * @param[out] numCerts Number of certs in the token.
+ * @param[out] certChain Certs in the token. Caller should g_free() array and
+ * contents.
*
* @return TRUE on success.
*
goto done;
}
+
/*
* Create a signature context with the key manager
*/
* Verifies a XML text as a SAML token.
* Parses the XML, then verifies Subject, Conditions and Signature.
*
- * @param[in] token Text of SAML token.
- * @param[out] subject Subject of SAML token, Caller must g_free().
- * @param[out] numCerts Number of certs in the token.
- * @param[out] certChain Certs in the token. Caller should g_free() array and
- * contents.
+ * @param[in] token Text of SAML token.
+ * @param[out] subject Subject of SAML token, Caller must g_free().
+ * @param[out] numCerts Number of certs in the token.
+ * @param[out] certChain Certs in the token. Caller should g_free()
+ * array and contents.
*
* @return matching TRUE on success.
*
}
#endif
- bRet = VerifySignature(doc, numCerts, certChain);
+ bRet = VerifySignature(doc,
+ numCerts, certChain);
if (FALSE == bRet) {
g_warning("Failed to verify Signature\n");
// XXX Can we log the token at this point without risking security?
}
+
+
/*
******************************************************************************
* SAML_VerifyBearerToken -- */ /**
* The token must first be verified, then the certificate chain used
* verify it must be checked against the appropriate certificate store.
*
- * @param[in] xmlText The text of the SAML assertion.
- * @param[in] userName Optional username to authenticate as.
- * @param[out] userNameOut The user that the token has authenticated as.
- * @param[out] subjNameOut The subject in the token. Caller must g_free().
- * @param[out] verifyAi The alias info associated with the entry
- * in the alias store used to verify the
- * SAML cert.
+ * @param[in] xmlText The text of the SAML assertion.
+ * @param[in] userName Optional username to authenticate as.
+ * @param[out] userNameOut The user that the token has authenticated as.
+ * @param[out] subjNameOut The subject in the token. Caller must g_free().
+ * @param[out] verifyAi The alias info associated with the entry
+ * in the alias store used to verify the
+ * SAML cert.
*
* @return VGAUTH_E_OK on success, VGAuthError on failure
*
/*********************************************************
- * Copyright (C) 2011-2016 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2016,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
/*********************************************************
- * Copyright (C) 2011-2017 VMware, Inc. All rights reserved.
+ * Copyright (C) 2011-2017,2023 VMware, Inc. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as published
gchar *ServiceDecodeUserName(const char *userName);
VGAuthError SAML_Init(void);
+
+/* clang-format off */
VGAuthError SAML_VerifyBearerToken(const char *xmlText,
const char *userName,
char **userNameOut,
char **userNameOut,
char **subjectNameOut,
ServiceAliasInfo **verifyAi);
+/* clang-format on */
+
void SAML_Shutdown(void);
void SAML_Reload(void);
projects / thirdparty / open-vm-tools.git / commitdiff
