/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
static bool
isSecretAttributeP(uint16_t attrid, uint16_t vendor)
{
- bool ret = false;
+ bool bSecretAttribute = false;
switch (vendor) {
case VENDORPEC_MS:
switch (attrid) {
case PW_MS_MPPE_SEND_KEY:
case PW_MS_MPPE_RECV_KEY:
- ret = true;
+ bSecretAttribute = true;
break;
default:
break;
break;
}
- return ret;
+ return bSecretAttribute;
}
static bool
static bool
isInternalAttributeP(uint16_t attrid, uint16_t vendor)
{
- bool ret = false;
+ bool bInternalAttribute = false;
/* should have been filtered */
assert(!isSecretAttributeP(attrid, vendor));
switch (vendor) {
case VENDORPEC_UKERNA:
- ret = true;
+ bInternalAttribute = true;
break;
default:
break;
}
- return ret;
+ return bInternalAttribute;
}
static bool
}
bool
-gss_eap_radius_attr_provider::setAttribute(int complete,
+gss_eap_radius_attr_provider::setAttribute(int complete GSSEAP_UNUSED,
uint32_t attrid,
const gss_buffer_t value)
{
gss_any_t
gss_eap_radius_attr_provider::mapToAny(int authenticated,
- gss_buffer_t type_id) const
+ gss_buffer_t type_id GSSEAP_UNUSED) const
{
if (authenticated && !m_authenticated)
return (gss_any_t)NULL;
}
void
-gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
+gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
gss_any_t input) const
{
pairfree((VALUE_PAIR **)&input);
bool
gss_eap_radius_attr_provider::init(void)
{
+ struct rs_context *radContext;
+
gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
"urn:ietf:params:gss-eap:radius-avp",
- gss_eap_radius_attr_provider::createAttrContext);
+ createAttrContext);
+
+#if 1
+ /*
+ * This hack is necessary in order to force the loading of the global
+ * dictionary, otherwise accepting reauthentication tokens fails unless
+ * the acceptor has already accepted a normal authentication token.
+ */
+ if (rs_context_create(&radContext, RS_DICT_FILE) != 0) {
+ return false;
+ }
+
+ rs_context_destroy(radContext);
+#endif
+
return true;
}
VALUE_PAIR *vp;
size_t n = remain;
- if (n > MAX_STRING_LEN)
- n = MAX_STRING_LEN;
+ /*
+ * There's an extra byte of padding; RADIUS AVPs can only
+ * be 253 octets.
+ */
+ if (n >= MAX_STRING_LEN)
+ n = MAX_STRING_LEN - 1;
vp = paircreate(attrid, PW_TYPE_OCTETS);
if (vp == NULL) {
gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
{
gss_eap_radius_attr_provider::finalize();
+
+ *minor = 0;
return GSS_S_COMPLETE;
}
remain -= 4;
da = dict_attrbyvalue(attrid);
- if (da == NULL)
- goto fail;
-
- vp = pairalloc(da);
+ if (da != NULL) {
+ vp = pairalloc(da);
+ } else {
+ vp = paircreate(attrid, PW_TYPE_STRING);
+ }
if (vp == NULL) {
throw new std::bad_alloc;
goto fail;
remain -= 5;
break;
case PW_TYPE_STRING:
- /* check enough room to NUL terminate */
- if (p[0] == MAX_STRING_LEN)
- goto fail;
- else
- /* fallthrough */
default:
- if (p[0] > MAX_STRING_LEN)
+ if (p[0] >= MAX_STRING_LEN)
goto fail;
vp->length = (uint32_t)p[0];
return true;
fail:
- pairbasicfree(vp);
+ if (vp != NULL)
+ pairbasicfree(vp);
+ *pVp = NULL;
return false;
}
*minor = ERROR_TABLE_BASE_rse + code;
- gssEapSaveStatusInfo(*minor, "%s", rs_err_msg(err, 0));
+ gssEapSaveStatusInfo(*minor, "%s", rs_err_msg(err));
rs_err_free(err);
return GSS_S_FAILURE;