* SUCH DAMAGE.
*/
+/*
+ * RADIUS attribute provider implementation.
+ */
+
#include "gssapiP_eap.h"
-VALUE_PAIR *
-gss_eap_radius_attr_provider::copyAvps(const VALUE_PAIR *src)
-{
- const VALUE_PAIR *vp;
- VALUE_PAIR *dst = NULL, **pDst = &dst;
+/* stuff that should be provided by libradsec/libfreeradius-radius */
+#define VENDORATTR(vendor, attr) (((vendor) << 16) | (attr))
- for (vp = src; vp != NULL; vp = vp->next) {
- VALUE_PAIR *vp2;
+#ifndef ATTRID
+#define ATTRID(attr) ((attr) & 0xFFFF)
+#endif
- vp2 = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp2));
- if (vp2 == NULL) {
- rc_avpair_free(dst);
- return NULL;
- }
- memcpy(vp2, vp, sizeof(*vp));
- vp2->next = NULL;
- *pDst = vp2;
- pDst = &vp2->next;
- }
+static gss_buffer_desc radiusUrnPrefix = {
+ sizeof("urn:x-radius:") - 1,
+ (void *)"urn:x-radius:"
+};
- return dst;
-}
+static VALUE_PAIR *copyAvps(const VALUE_PAIR *src);
gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
{
- m_rh = NULL;
- m_avps = NULL;
+ m_vps = NULL;
m_authenticated = false;
}
gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
{
- if (m_rh != NULL)
- rc_config_free(m_rh);
- if (m_avps != NULL)
- rc_avpair_free(m_avps);
-}
-
-bool
-gss_eap_radius_attr_provider::initFromGssCred(const gss_cred_id_t cred)
-{
- OM_uint32 minor;
-
- return !GSS_ERROR(gssEapRadiusAllocHandle(&minor, cred, &m_rh));
+ if (m_vps != NULL)
+ pairfree(&m_vps);
}
bool
if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
return false;
- if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
- return false;
-
radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
- if (radius->m_avps != NULL) {
- m_avps = copyAvps(radius->getAvps());
- }
+
+ if (radius->m_vps != NULL)
+ m_vps = copyAvps(const_cast<VALUE_PAIR *>(radius->getAvps()));
+
+ m_authenticated = radius->m_authenticated;
return true;
}
if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
return false;
- if (!initFromGssCred(gssCred))
- return false;
-
if (gssCtx != GSS_C_NO_CONTEXT) {
- if (gssCtx->acceptorCtx.avps != NULL) {
- m_avps = copyAvps(gssCtx->acceptorCtx.avps);
- if (m_avps == NULL)
+ if (gssCtx->acceptorCtx.vps != NULL) {
+ m_vps = copyAvps(gssCtx->acceptorCtx.vps);
+ if (m_vps == NULL)
return false;
+
+ /* We assume libradsec validated this for us */
+ assert(pairfind(m_vps, PW_MESSAGE_AUTHENTICATOR) != NULL);
+ m_authenticated = true;
}
}
}
static bool
-isSecretAttributeP(int attrid, int vendor)
+isSecretAttributeP(uint16_t attrid, uint16_t vendor)
{
- bool ret = false;
+ bool bSecretAttribute = false;
switch (vendor) {
- case RADIUS_VENDOR_ID_MICROSOFT:
+ case VENDORPEC_MS:
switch (attrid) {
- case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
- case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
- ret = true;
+ case PW_MS_MPPE_SEND_KEY:
+ case PW_MS_MPPE_RECV_KEY:
+ bSecretAttribute = true;
break;
default:
break;
break;
}
- return ret;
+ return bSecretAttribute;
+}
+
+static bool
+isSecretAttributeP(uint32_t attribute)
+{
+ return isSecretAttributeP(ATTRID(attribute), VENDOR(attribute));
+}
+
+static bool
+isInternalAttributeP(uint16_t attrid, uint16_t vendor)
+{
+ bool bInternalAttribute = false;
+
+ /* should have been filtered */
+ assert(!isSecretAttributeP(attrid, vendor));
+
+ switch (vendor) {
+ case VENDORPEC_UKERNA:
+ bInternalAttribute = true;
+ break;
+ default:
+ break;
+ }
+
+ return bInternalAttribute;
+}
+
+static bool
+isInternalAttributeP(uint32_t attribute)
+{
+ return isInternalAttributeP(ATTRID(attribute), VENDOR(attribute));
+}
+
+/*
+ * Copy AVP list, same as paircopy except it filters out attributes
+ * containing keys.
+ */
+static VALUE_PAIR *
+copyAvps(const VALUE_PAIR *src)
+{
+ const VALUE_PAIR *vp;
+ VALUE_PAIR *dst = NULL, **pDst = &dst;
+
+ for (vp = src; vp != NULL; vp = vp->next) {
+ VALUE_PAIR *vpcopy;
+
+ if (isSecretAttributeP(vp->attribute))
+ continue;
+
+ vpcopy = paircopyvp(vp);
+ if (vpcopy == NULL) {
+ pairfree(&dst);
+ throw new std::bad_alloc;
+ return NULL;
+ }
+ *pDst = vpcopy;
+ pDst = &vpcopy->next;
+ }
+
+ return dst;
}
bool
-gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
+gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
+ void *data) const
{
VALUE_PAIR *vp;
std::vector <std::string> seen;
- for (vp = m_avps; vp != NULL; vp = vp->next) {
+ for (vp = m_vps; vp != NULL; vp = vp->next) {
gss_buffer_desc attribute;
+ char attrid[64];
- if (isSecretAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
+ /* Don't advertise attributes that are internal to the GSS-EAP mechanism */
+ if (isInternalAttributeP(vp->attribute))
continue;
if (alreadyAddedAttributeP(seen, vp))
continue;
- attribute.value = (void *)vp->name;
- attribute.length = strlen(vp->name);
+ snprintf(attrid, sizeof(attrid), "%s%d",
+ (char *)radiusUrnPrefix.value, vp->attribute);
+
+ attribute.value = attrid;
+ attribute.length = strlen(attrid);
if (!addAttribute(this, &attribute, data))
return false;
return true;
}
-void
-gss_eap_radius_attr_provider::setAttribute(int complete,
- const gss_buffer_t attr,
- const gss_buffer_t value)
-{
-}
-
-void
-gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
-{
-}
-
-bool
-gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
- int *authenticated,
- int *complete,
- gss_buffer_t value,
- gss_buffer_t display_value,
- int *more) const
+uint32_t
+getAttributeId(const gss_buffer_t attr)
{
OM_uint32 tmpMinor;
gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
- DICT_ATTR *d;
- int attrid;
+ DICT_ATTR *da;
char *s;
+ uint32_t attrid = 0;
- /* XXX vendor */
+ if (attr->length < radiusUrnPrefix.length ||
+ memcmp(attr->value, radiusUrnPrefix.value, radiusUrnPrefix.length) != 0)
+ return 0;
+ /* need to duplicate because attr may not be NUL terminated */
duplicateBuffer(*attr, &strAttr);
- s = (char *)strAttr.value;
+ s = (char *)strAttr.value + radiusUrnPrefix.length;
- if (isdigit(((char *)strAttr.value)[0])) {
+ if (isdigit(*s)) {
attrid = strtoul(s, NULL, 10);
} else {
- d = rc_dict_findattr(m_rh, (char *)s);
- if (d == NULL) {
- gss_release_buffer(&tmpMinor, &strAttr);
- return false;
- }
- attrid = d->value;
+ da = dict_attrbyname(s);
+ if (da != NULL)
+ attrid = da->attr;
}
gss_release_buffer(&tmpMinor, &strAttr);
- return getAttribute(attrid, authenticated, complete,
- value, display_value, more);
+ return attrid;
}
-static bool
-isPrintableAttributeP(VALUE_PAIR *vp)
+bool
+gss_eap_radius_attr_provider::setAttribute(int complete,
+ uint32_t attrid,
+ const gss_buffer_t value)
{
- size_t i;
+ OM_uint32 major = GSS_S_UNAVAILABLE, minor;
- for (i = 0; i < sizeof(vp->strvalue); i++) {
- if (!isprint(vp->strvalue[i]))
- return false;
+ if (!isSecretAttributeP(attrid) &&
+ !isInternalAttributeP(attrid)) {
+ deleteAttribute(attrid);
+
+ major = gssEapRadiusAddAvp(&minor, &m_vps,
+ ATTRID(attrid), VENDOR(attrid),
+ value);
}
+ return !GSS_ERROR(major);
+}
+
+bool
+gss_eap_radius_attr_provider::setAttribute(int complete,
+ const gss_buffer_t attr,
+ const gss_buffer_t value)
+{
+ uint32_t attrid = getAttributeId(attr);
+
+ if (!attrid)
+ return false;
+
+ return setAttribute(complete, attrid, value);
+}
+
+bool
+gss_eap_radius_attr_provider::deleteAttribute(uint32_t attrid)
+{
+ if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid) ||
+ pairfind(m_vps, attrid) == NULL)
+ return false;
+
+ pairdelete(&m_vps, attrid);
+
return true;
}
bool
-gss_eap_radius_attr_provider::getAttribute(int attrid,
- int vendor,
+gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t attr)
+{
+ uint32_t attrid = getAttributeId(attr);
+
+ if (!attrid)
+ return false;
+
+ return deleteAttribute(attrid);
+}
+
+bool
+gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
int *authenticated,
int *complete,
gss_buffer_t value,
gss_buffer_t display_value,
int *more) const
{
- OM_uint32 tmpMinor;
- VALUE_PAIR *vp;
- int i = *more;
- int max = 0;
- char name[NAME_LENGTH + 1];
- char displayString[AUTH_STRING_LEN + 1];
- gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
- gss_buffer_desc displayBuf = GSS_C_EMPTY_BUFFER;
-
- *more = 0;
+ uint32_t attrid;
- if (isSecretAttributeP(attrid, vendor))
+ attrid = getAttributeId(attr);
+ if (!attrid)
return false;
- vp = rc_avpair_get(m_avps, attrid, vendor);
- if (vp == NULL)
- return false;
+ return getAttribute(attrid, authenticated, complete,
+ value, display_value, more);
+}
+
+bool
+gss_eap_radius_attr_provider::getAttribute(uint32_t attrid,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value,
+ gss_buffer_t display_value,
+ int *more) const
+{
+ VALUE_PAIR *vp;
+ int i = *more, count = 0;
+
+ *more = 0;
if (i == -1)
i = 0;
- do {
- if (i == max)
+ for (vp = pairfind(m_vps, attrid);
+ vp != NULL;
+ vp = pairfind(vp->next, attrid)) {
+ if (count++ == i) {
+ if (pairfind(vp->next, attrid) != NULL)
+ *more = count;
break;
+ }
+ }
- max++;
- } while ((vp = rc_avpair_get(vp->next, attrid, vendor)) != NULL);
-
- if (i > max)
+ if (vp == NULL && *more == 0)
return false;
- if (vp->type == PW_TYPE_STRING) {
- valueBuf.value = (void *)vp->strvalue;
- valueBuf.length = vp->lvalue;
- } else {
- valueBuf.value = (void *)&vp->lvalue;
- valueBuf.length = 4;
- }
+ if (value != GSS_C_NO_BUFFER) {
+ gss_buffer_desc valueBuf;
+
+ valueBuf.value = (void *)vp->vp_octets;
+ valueBuf.length = vp->length;
- if (value != GSS_C_NO_BUFFER)
duplicateBuffer(valueBuf, value);
+ }
- if (display_value != GSS_C_NO_BUFFER &&
- isPrintableAttributeP(vp)) {
- if (rc_avpair_tostr(m_rh, vp, name, NAME_LENGTH,
- displayString, AUTH_STRING_LEN) != 0) {
- gss_release_buffer(&tmpMinor, value);
- return false;
- }
+ if (display_value != GSS_C_NO_BUFFER) {
+ char displayString[MAX_STRING_LEN];
+ gss_buffer_desc displayBuf;
+ displayBuf.length = vp_prints_value(displayString,
+ sizeof(displayString), vp, 0);
displayBuf.value = (void *)displayString;
- displayBuf.length = strlen(displayString);
duplicateBuffer(displayBuf, display_value);
}
if (complete != NULL)
*complete = true;
- if (max > i)
- *more = i;
-
return true;
}
bool
-gss_eap_radius_attr_provider::getAttribute(int attrid,
+gss_eap_radius_attr_provider::getFragmentedAttribute(uint16_t attribute,
+ uint16_t vendor,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value) const
+{
+ OM_uint32 major, minor;
+
+ major = gssEapRadiusGetAvp(&minor, m_vps, attribute, vendor, value, TRUE);
+
+ if (authenticated != NULL)
+ *authenticated = m_authenticated;
+ if (complete != NULL)
+ *complete = true;
+
+ return !GSS_ERROR(major);
+}
+
+bool
+gss_eap_radius_attr_provider::getAttribute(uint16_t attribute,
+ uint16_t vendor,
int *authenticated,
int *complete,
gss_buffer_t value,
int *more) const
{
- return getAttribute(ATTRID(attrid), VENDOR(attrid),
+ return getAttribute(VENDORATTR(attribute, vendor),
authenticated, complete,
value, display_value, more);
}
if (authenticated && !m_authenticated)
return (gss_any_t)NULL;
- return (gss_any_t)copyAvps(m_avps);
+ return (gss_any_t)copyAvps(m_vps);
}
void
gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
gss_any_t input) const
{
- rc_avpair_free((VALUE_PAIR *)input);
+ pairfree((VALUE_PAIR **)&input);
}
bool
}
OM_uint32
-addAvpFromBuffer(OM_uint32 *minor,
- rc_handle *rh,
- VALUE_PAIR **vp,
- int type,
- gss_buffer_t buffer)
+gssEapRadiusAddAvp(OM_uint32 *minor,
+ VALUE_PAIR **vps,
+ uint16_t attribute,
+ uint16_t vendor,
+ const gss_buffer_t buffer)
{
- if (rc_avpair_add(rh, vp, type, buffer->value, buffer->length, 0) == NULL) {
- return GSS_S_FAILURE;
+ uint32_t attrid = VENDORATTR(vendor, attribute);
+ unsigned char *p = (unsigned char *)buffer->value;
+ size_t remain = buffer->length;
+
+ do {
+ VALUE_PAIR *vp;
+ size_t n = remain;
+
+ if (n > MAX_STRING_LEN)
+ n = MAX_STRING_LEN;
+
+ vp = paircreate(attrid, PW_TYPE_OCTETS);
+ if (vp == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
+
+ memcpy(vp->vp_octets, p, n);
+ vp->length = n;
+
+ pairadd(vps, vp);
+
+ p += n;
+ remain -= n;
+ } while (remain != 0);
+
+ return GSS_S_COMPLETE;
+}
+
+OM_uint32
+gssEapRadiusGetRawAvp(OM_uint32 *minor,
+ VALUE_PAIR *vps,
+ uint16_t attribute,
+ uint16_t vendor,
+ VALUE_PAIR **vp)
+{
+ uint32_t attr = VENDORATTR(vendor, attribute);
+
+ *vp = pairfind(vps, attr);
+ if (*vp == NULL) {
+ *minor = GSSEAP_NO_SUCH_ATTR;
+ return GSS_S_UNAVAILABLE;
}
return GSS_S_COMPLETE;
}
OM_uint32
-getBufferFromAvps(OM_uint32 *minor,
- VALUE_PAIR *vps,
- int type,
- gss_buffer_t buffer,
- int concat)
+gssEapRadiusGetAvp(OM_uint32 *minor,
+ VALUE_PAIR *vps,
+ uint16_t attribute,
+ uint16_t vendor,
+ gss_buffer_t buffer,
+ int concat)
{
VALUE_PAIR *vp;
unsigned char *p;
+ uint32_t attr = VENDORATTR(vendor, attribute);
buffer->length = 0;
buffer->value = NULL;
- vp = rc_avpair_get(vps, type, 0);
- if (vp == NULL)
+ vp = pairfind(vps, attr);
+ if (vp == NULL) {
+ *minor = GSSEAP_NO_SUCH_ATTR;
return GSS_S_UNAVAILABLE;
+ }
do {
- buffer->length += vp->lvalue;
- } while (concat && (vp = rc_avpair_get(vp->next, type, 0)) != NULL);
+ buffer->length += vp->length;
+ } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
buffer->value = GSSEAP_MALLOC(buffer->length);
if (buffer->value == NULL) {
p = (unsigned char *)buffer->value;
- for (vp = rc_avpair_get(vps, type, 0);
+ for (vp = pairfind(vps, attr);
concat && vp != NULL;
- vp = rc_avpair_get(vp->next, type, 0)) {
- memcpy(p, vp->strvalue, vp->lvalue);
- p += vp->lvalue;
+ vp = pairfind(vp->next, attr)) {
+ memcpy(p, vp->vp_octets, vp->length);
+ p += vp->length;
}
*minor = 0;
}
OM_uint32
-gssEapRadiusAttrProviderInit(OM_uint32 *minor)
-{
- return gss_eap_radius_attr_provider::init()
- ? GSS_S_COMPLETE : GSS_S_FAILURE;
-}
-
-OM_uint32
-gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
+gssEapRadiusFreeAvps(OM_uint32 *minor,
+ VALUE_PAIR **vps)
{
- gss_eap_radius_attr_provider::finalize();
+ pairfree(vps);
+ *minor = 0;
return GSS_S_COMPLETE;
}
OM_uint32
-gssEapRadiusAllocHandle(OM_uint32 *minor,
- const gss_cred_id_t cred,
- rc_handle **pHandle)
+gssEapRadiusAttrProviderInit(OM_uint32 *minor)
{
- rc_handle *rh;
- const char *config = RC_CONFIG_FILE;
-
- *pHandle = NULL;
-
- if (cred != GSS_C_NO_CREDENTIAL && cred->radiusConfigFile != NULL)
- config = cred->radiusConfigFile;
-
- rh = rc_read_config((char *)config);
- if (rh == NULL) {
- *minor = errno;
- rc_config_free(rh);
+ if (!gss_eap_radius_attr_provider::init()) {
+ *minor = GSSEAP_RADSEC_INIT_FAILURE;
return GSS_S_FAILURE;
}
- if (rc_read_dictionary(rh, rc_conf_str(rh, (char *)"dictionary")) != 0) {
- *minor = errno;
- return GSS_S_FAILURE;
- }
+ return GSS_S_COMPLETE;
+}
- *pHandle = rh;
+OM_uint32
+gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
+{
+ gss_eap_radius_attr_provider::finalize();
return GSS_S_COMPLETE;
}
/*
- * This is a super-inefficient coding but the API is going to change
- * as are the data structures, so not putting a lot of work in now.
+ * Encoding is:
+ * 4 octet NBO attribute ID | 4 octet attribute length | attribute data
*/
static size_t
avpSize(const VALUE_PAIR *vp)
{
- return NAME_LENGTH + 1 + 12 + AUTH_STRING_LEN + 1;
+ size_t size = 4 + 1;
+
+ if (vp != NULL)
+ size += vp->length;
+
+ return size;
}
static bool
assert(remain >= avpSize(vp));
- memcpy(p, vp->name, NAME_LENGTH + 1);
- p += NAME_LENGTH + 1;
- remain -= NAME_LENGTH + 1;
-
- store_uint32_be(vp->attribute, &p[0]);
- store_uint32_be(vp->type, &p[4]);
- store_uint32_be(vp->lvalue, &p[8]);
+ store_uint32_be(vp->attribute, p);
- p += 12;
- remain -= 12;
-
- memcpy(p, vp->strvalue, AUTH_STRING_LEN + 1);
- p += AUTH_STRING_LEN + 1;
- remain -= AUTH_STRING_LEN + 1;
+ switch (vp->type) {
+ case PW_TYPE_INTEGER:
+ case PW_TYPE_IPADDR:
+ case PW_TYPE_DATE:
+ p[4] = 4;
+ store_uint32_be(vp->lvalue, p + 5);
+ break;
+ default:
+ assert(vp->length <= MAX_STRING_LEN);
+ p[4] = (uint8_t)vp->length;
+ memcpy(p + 5, vp->vp_octets, vp->length);
+ break;
+ }
- *pBuffer = p;
- *pRemain = remain;
+ *pBuffer += 5 + p[4];
+ *pRemain -= 5 + p[4];
return true;
{
unsigned char *p = *pBuffer;
size_t remain = *pRemain;
- VALUE_PAIR *vp;
+ VALUE_PAIR *vp = NULL;
+ DICT_ATTR *da;
+ uint32_t attrid;
- if (remain < avpSize(NULL)) {
- return false;
- }
+ if (remain < avpSize(NULL))
+ goto fail;
+
+ attrid = load_uint32_be(p);
+ p += 4;
+ remain -= 4;
+
+ da = dict_attrbyvalue(attrid);
+ if (da == NULL)
+ goto fail;
- vp = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp));
+ vp = pairalloc(da);
if (vp == NULL) {
throw new std::bad_alloc;
- return false;
+ goto fail;
}
- vp->next = NULL;
- memcpy(vp->name, p, NAME_LENGTH + 1);
- p += NAME_LENGTH + 1;
- remain -= NAME_LENGTH + 1;
+ if (remain < p[0])
+ goto fail;
+
+ switch (vp->type) {
+ case PW_TYPE_INTEGER:
+ case PW_TYPE_IPADDR:
+ case PW_TYPE_DATE:
+ if (p[0] != 4)
+ goto fail;
+
+ vp->length = 4;
+ vp->lvalue = load_uint32_be(p + 1);
+ p += 5;
+ remain -= 5;
+ break;
+ case PW_TYPE_STRING:
+ /* check enough room to NUL terminate */
+ if (p[0] == MAX_STRING_LEN)
+ goto fail;
+ else
+ /* fallthrough */
+ default:
+ if (p[0] > MAX_STRING_LEN)
+ goto fail;
- vp->attribute = load_uint32_be(&p[0]);
- vp->type = load_uint32_be(&p[4]);
- vp->lvalue = load_uint32_be(&p[8]);
+ vp->length = (uint32_t)p[0];
+ memcpy(vp->vp_octets, p + 1, vp->length);
- p += 12;
- remain -= 12;
+ if (vp->type == PW_TYPE_STRING)
+ vp->vp_strvalue[vp->length] = '\0';
- memcpy(vp->strvalue, p, AUTH_STRING_LEN + 1);
- p += AUTH_STRING_LEN + 1;
- remain -= AUTH_STRING_LEN + 1;
+ p += 1 + vp->length;
+ remain -= 1 + vp->length;
+ break;
+ }
*pVp = vp;
*pBuffer = p;
*pRemain = remain;
return true;
+
+fail:
+ pairbasicfree(vp);
+ return false;
}
bool
{
unsigned char *p = (unsigned char *)buffer->value;
size_t remain = buffer->length;
- OM_uint32 count;
- VALUE_PAIR **pNext = &m_avps;
+ VALUE_PAIR **pNext = &m_vps;
if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
return false;
- if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
- return false;
-
- if (remain < 4)
- return false;
-
- count = load_uint32_be(p);
- p += 4;
- remain -= 4;
-
do {
VALUE_PAIR *attr;
*pNext = attr;
pNext = &attr->next;
-
- count--;
} while (remain != 0);
- if (count != 0)
- return false;
-
return true;
}
void
gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
{
- OM_uint32 count = 0;
VALUE_PAIR *vp;
unsigned char *p;
- size_t remain = 4;
+ size_t remain = 0;
- for (vp = m_avps; vp != NULL; vp = vp->next) {
+ for (vp = m_vps; vp != NULL; vp = vp->next) {
remain += avpSize(vp);
- count++;
}
buffer->value = GSSEAP_MALLOC(remain);
p = (unsigned char *)buffer->value;
- store_uint32_be(count, p);
- p += 4;
- remain -= 4;
-
- for (vp = m_avps; vp != NULL; vp = vp->next) {
+ for (vp = m_vps; vp != NULL; vp = vp->next) {
avpExport(vp, &p, &remain);
}
assert(remain == 0);
}
+
+time_t
+gss_eap_radius_attr_provider::getExpiryTime(void) const
+{
+ VALUE_PAIR *vp;
+
+ vp = pairfind(m_vps, PW_SESSION_TIMEOUT);
+ if (vp == NULL || vp->lvalue == 0)
+ return 0;
+
+ return time(NULL) + vp->lvalue;
+}
+
+OM_uint32
+gssEapRadiusMapError(OM_uint32 *minor,
+ struct rs_error *err)
+{
+ int code;
+
+ assert(err != NULL);
+
+ code = rs_err_code(err, 0);
+
+ if (code == RSE_OK) {
+ *minor = 0;
+ return GSS_S_COMPLETE;
+ }
+
+ *minor = ERROR_TABLE_BASE_rse + code;
+
+ gssEapSaveStatusInfo(*minor, "%s", rs_err_msg(err, 0));
+ rs_err_free(err);
+
+ return GSS_S_FAILURE;
+}