add better JSON type checking to RADIUS decoder

[mech_eap.orig] / util_attr.cpp

diff --git a/util_attr.cpp b/util_attr.cpp
index 80d2781..384769f 100644 (file)
--- a/util_attr.cpp
+++ b/util_attr.cpp
@@ -40,6 +40,7 @@
 #include <string>
 #include <sstream>
 #include <exception>
+#include <stdexcept>
 #include <new>
 
 /* lazy initialisation */
@@ -54,11 +55,17 @@ gssEapAttrProvidersInitInternal(void)
     assert(gssEapAttrProvidersInitStatus == GSS_S_UNAVAILABLE);
 
     major = gssEapRadiusAttrProviderInit(&minor);
-    if (major == GSS_S_COMPLETE)
-        major = gssEapSamlAttrProvidersInit(&minor);
-    if (major == GSS_S_COMPLETE)
-        major = gssEapLocalAttrProviderInit(&minor);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    major = gssEapSamlAttrProvidersInit(&minor);
+    if (GSS_ERROR(major))
+        goto cleanup;
+
+    /* Allow Shibboleth initialization failure to be non-fatal */
+    gssEapLocalAttrProviderInit(&minor);
 
+cleanup:
 #ifdef GSSEAP_DEBUG
     assert(major == GSS_S_COMPLETE);
 #endif
@@ -274,25 +281,8 @@ gss_eap_attr_ctx::initFromGssContext(const gss_cred_id_t cred,
     return ret;
 }
 
-static DDF
-findSourceForProvider(DDF &sources, const char *key)
-{
-    DDF source = sources.first();
-
-    while (!source.isnull()) {
-        DDF obj = source.getmember(key);
-
-        if (strcmp(key, source.name()) == 0)
-            break;
-
-        source = sources.next();
-    }
-
-    return source;
-}
-
 bool
-gss_eap_attr_ctx::unmarshallAndInit(DDF &obj)
+gss_eap_attr_ctx::initWithJsonObject(JSONObject &obj)
 {
     bool ret = false;
     bool foundSource[ATTR_TYPE_MAX + 1];
@@ -306,23 +296,26 @@ gss_eap_attr_ctx::unmarshallAndInit(DDF &obj)
 
     m_flags = obj["flags"].integer();
 
-    DDF sources = obj["sources"];
+    JSONObject sources = obj["sources"];
 
     /* Initialize providers from serialized state */
     for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) {
+        gss_eap_attr_provider *provider;
+        const char *key;
+
         if (!providerEnabled(type)) {
             releaseProvider(type);
             continue;
         }
 
-        gss_eap_attr_provider *provider = m_providers[type];
-        const char *key = provider->marshallingKey();
+        provider = m_providers[type];
+        key = provider->name();
         if (key == NULL)
             continue;
 
-        DDF source = findSourceForProvider(sources, key);
-        if (source.isnull() ||
-            !provider->unmarshallAndInit(this, source)) {
+        JSONObject source = sources.get(key);
+        if (!source.isNull() &&
+            !provider->initWithJsonObject(this, source)) {
             releaseProvider(type);
             return false;
         }
@@ -330,7 +323,7 @@ gss_eap_attr_ctx::unmarshallAndInit(DDF &obj)
         foundSource[type] = true;
     }
 
-    /* Initialize remaining providers from initialized providers */ 
+    /* Initialize remaining providers from initialized providers */
     for (type = ATTR_TYPE_MIN; type <= ATTR_TYPE_MAX; type++) {
         gss_eap_attr_provider *provider;
 
@@ -351,31 +344,33 @@ gss_eap_attr_ctx::unmarshallAndInit(DDF &obj)
     return true;
 }
 
-DDF
-gss_eap_attr_ctx::marshall(void) const
+JSONObject
+gss_eap_attr_ctx::jsonRepresentation(void) const
 {
-    DDF obj(NULL);
+    JSONObject obj, sources;
     unsigned int i;
 
-    obj.addmember("version").integer(1);
-    obj.addmember("flags").integer(m_flags);
-
-    DDF sources = obj.addmember("sources").list();
+    obj.set("version", 1);
+    obj.set("flags", m_flags);
 
     for (i = ATTR_TYPE_MIN; i <= ATTR_TYPE_MAX; i++) {
-        gss_eap_attr_provider *provider = m_providers[i];
+        gss_eap_attr_provider *provider;
+        const char *key;
 
+        provider = m_providers[i];
         if (provider == NULL)
             continue; /* provider not initialised */
 
-        const char *key = provider->marshallingKey();
+        key = provider->name();
         if (key == NULL)
             continue; /* provider does not have state */
 
-        DDF source = provider->marshall();
-        sources.add(source.name(key));
+        JSONObject source = provider->jsonRepresentation();
+        sources.set(key, source);
     }
 
+    obj.set("sources", sources);
+
     return obj;
 }
 
@@ -385,20 +380,22 @@ gss_eap_attr_ctx::marshall(void) const
 bool
 gss_eap_attr_ctx::initFromBuffer(const gss_buffer_t buffer)
 {
+    OM_uint32 major, minor;
     bool ret;
+    char *s;
+    json_error_t error;
 
-    if (buffer->length == 0)
+    major = bufferToString(&minor, buffer, &s);
+    if (GSS_ERROR(major))
         return false;
 
-    DDF obj(NULL);
-    std::string str((const char *)buffer->value, buffer->length);
-    std::istringstream source(str);
-
-    source >> obj;
-
-    ret = unmarshallAndInit(obj);
+    JSONObject obj = JSONObject::load(s, 0, &error);
+    if (!obj.isNull()) {
+        ret = initWithJsonObject(obj);
+    } else
+        ret = false;
 
-    obj.destroy();
+    GSSEAP_FREE(s);
 
     return ret;
 }
@@ -536,10 +533,8 @@ gss_eap_attr_ctx::getAttributeTypes(gss_buffer_set_t *attrs)
     unsigned int i;
 
     major = gss_create_empty_buffer_set(&minor, attrs);
-    if (GSS_ERROR(major)) {
+    if (GSS_ERROR(major))
         throw new std::bad_alloc;
-        return false;
-    }
 
     args.attrs = *attrs;
 
@@ -635,15 +630,19 @@ gss_eap_attr_ctx::releaseAnyNameMapping(gss_buffer_t type_id,
 void
 gss_eap_attr_ctx::exportToBuffer(gss_buffer_t buffer) const
 {
-    DDF obj = marshall();
-    std::ostringstream sink;
+    OM_uint32 minor;
+    char *s;
 
-    sink << obj;
-    std::string str = sink.str();
+    JSONObject obj = jsonRepresentation();
+
+#if 0
+    obj.dump(stdout);
+#endif
 
-    duplicateBuffer(str, buffer);
+    s = obj.dump(JSON_COMPACT);
 
-    obj.destroy();
+    if (GSS_ERROR(makeStringBuffer(&minor, s, buffer)))
+        throw new std::bad_alloc;
 }
 
 /*
@@ -680,11 +679,16 @@ gss_eap_attr_ctx::mapException(OM_uint32 *minor, std::exception &e) const
     OM_uint32 major;
 
     /* Errors we handle ourselves */
-    major = GSS_S_FAILURE;
-
     if (typeid(e) == typeid(std::bad_alloc)) {
         *minor = ENOMEM;
         goto cleanup;
+    } else if (typeid(e) == typeid(std::runtime_error)) {
+        major = GSS_S_BAD_NAME;
+        *minor = GSSEAP_BAD_ATTR_TOKEN;
+        goto cleanup;
+    } else if (this == NULL) {
+        major = GSS_S_FAILURE;
+        goto cleanup;
     }
 
     /* Errors we delegate to providers */
@@ -879,8 +883,10 @@ gssEapGetNameAttribute(OM_uint32 *minor,
                        gss_buffer_t display_value,
                        int *more)
 {
-    *authenticated = 0;
-    *complete = 0;
+    if (authenticated != NULL)
+        *authenticated = 0;
+    if (complete != NULL)
+        *complete = 0;
 
     if (value != NULL) {
         value->length = 0;
@@ -1015,7 +1021,7 @@ gssEapImportAttrContext(OM_uint32 *minor,
             if (!ctx->initFromBuffer(buffer)) {
                 delete ctx;
                 *minor = GSSEAP_BAD_ATTR_TOKEN;
-                return GSS_S_DEFECTIVE_TOKEN;
+                return GSS_S_BAD_NAME;
             }
             name->attrCtx = ctx;
         } catch (std::exception &e) {
@@ -1141,12 +1147,10 @@ gssEapCreateAttrContext(OM_uint32 *minor,
     major = GSS_S_FAILURE;
 
     try {
-        ctx = new gss_eap_attr_ctx();
+        *pAttrContext = ctx = new gss_eap_attr_ctx();
         if (ctx->initFromGssContext(gssCred, gssCtx)) {
             *minor = 0;
             major = GSS_S_COMPLETE;
-        } else {
-            delete ctx;
         }
     } catch (std::exception &e) {
         if (ctx != NULL)
@@ -1154,8 +1158,10 @@ gssEapCreateAttrContext(OM_uint32 *minor,
     }
 
     if (major == GSS_S_COMPLETE) {
-        *pAttrContext = ctx;
         *pExpiryTime = ctx->getExpiryTime();
+    } else {
+        delete ctx;
+        *pAttrContext = NULL;
     }
 
     return major;