#include "gssapiP_eap.h"
-#include <xercesc/util/Base64.hpp>
-
/* stuff that should be provided by libradsec/libfreeradius-radius */
#define VENDORATTR(vendor, attr) (((vendor) << 16) | (attr))
}
bool
-gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
+gss_eap_radius_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
{
const gss_eap_radius_attr_provider *radius;
- if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
+ if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx))
return false;
radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
}
bool
-gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
+gss_eap_radius_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager,
const gss_cred_id_t gssCred,
const gss_ctx_id_t gssCtx)
{
- if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
+ if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx))
return false;
if (gssCtx != GSS_C_NO_CONTEXT) {
vpcopy = paircopyvp(vp);
if (vpcopy == NULL) {
pairfree(&dst);
- throw new std::bad_alloc;
- return NULL;
+ throw std::bad_alloc();
}
*pDst = vpcopy;
pDst = &vpcopy->next;
VALUE_PAIR *vp;
size_t n = remain;
- /*
+ /*
* There's an extra byte of padding; RADIUS AVPs can only
* be 253 octets.
*/
return GSS_S_COMPLETE;
}
-static DDF
-avpMarshall(const VALUE_PAIR *vp)
+static JSONObject
+avpToJson(const VALUE_PAIR *vp)
{
- DDF obj(NULL);
-
- obj.addmember("type").integer(vp->attribute);
+ JSONObject obj;
assert(vp->length <= MAX_STRING_LEN);
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
case PW_TYPE_DATE:
- obj.addmember("value").integer(vp->lvalue);
+ obj.set("value", vp->lvalue);
break;
case PW_TYPE_STRING:
- obj.addmember("value").string(vp->vp_strvalue);
+ obj.set("value", vp->vp_strvalue);
break;
default: {
- XMLSize_t len;
- XMLByte *b64 = xercesc::Base64::encode(vp->vp_octets, vp->length, &len);
+ char *b64;
- if (b64[len - 1] == '\n')
- b64[--len] = '\0'; /* XXX there may be embedded newlines */
+ if (base64Encode(vp->vp_octets, vp->length, &b64) < 0)
+ throw std::bad_alloc();
- obj.addmember("value").string((char *)b64);
- delete b64;
+ obj.set("value", b64);
+ GSSEAP_FREE(b64);
break;
}
}
+ obj.set("type", vp->attribute);
+
return obj;
}
static bool
-avpUnmarshall(VALUE_PAIR **pVp, DDF &obj)
+jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj)
{
VALUE_PAIR *vp = NULL;
DICT_ATTR *da;
uint32_t attrid;
- attrid = obj["type"].integer();
+ JSONObject type = obj["type"];
+ JSONObject value = obj["value"];
+ if (!type.isInteger())
+ goto fail;
+
+ attrid = type.integer();
da = dict_attrbyvalue(attrid);
if (da != NULL) {
vp = pairalloc(da);
} else {
- vp = paircreate(attrid, PW_TYPE_STRING);
- }
- if (vp == NULL) {
- throw new std::bad_alloc;
- goto fail;
+ int type = base64Valid(value.string()) ?
+ PW_TYPE_OCTETS : PW_TYPE_STRING;
+ vp = paircreate(attrid, type);
}
+ if (vp == NULL)
+ throw std::bad_alloc();
switch (vp->type) {
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
case PW_TYPE_DATE:
+ if (!value.isInteger())
+ goto fail;
+
vp->length = 4;
- vp->lvalue = obj["value"].integer();;
+ vp->lvalue = value.integer();
break;
case PW_TYPE_STRING: {
- const char *str = obj["value"].string();
+ if (!value.isString())
+ goto fail;
+
+ const char *str = value.string();
size_t len = strlen(str);
- if (str == NULL || len >= MAX_STRING_LEN)
+
+ if (len >= MAX_STRING_LEN)
goto fail;
vp->length = len;
}
case PW_TYPE_OCTETS:
default: {
- XMLSize_t len;
- const XMLByte *b64 = (const XMLByte *)obj["value"].string();
- XMLByte *data = xercesc::Base64::decode(b64, &len);
- if (data == NULL || len >= MAX_STRING_LEN) {
- delete data;
+ if (!value.isString())
+ goto fail;
+
+ const char *str = value.string();
+ ssize_t len = strlen(str);
+
+ /* this optimization requires base64Decode only understand packed encoding */
+ if (len >= BASE64_EXPAND(MAX_STRING_LEN))
+ goto fail;
+
+ len = base64Decode(str, vp->vp_octets);
+ if (len < 0)
goto fail;
- }
vp->length = len;
- memcpy(vp->vp_octets, data, len);
- vp->vp_octets[len] = '\0';
- delete data;
break;
}
}
}
const char *
-gss_eap_radius_attr_provider::marshallingKey(void) const
+gss_eap_radius_attr_provider::name(void) const
{
return "radius";
}
bool
-gss_eap_radius_attr_provider::unmarshallAndInit(const gss_eap_attr_ctx *ctx,
- DDF &obj)
+gss_eap_radius_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx,
+ JSONObject &obj)
{
VALUE_PAIR **pNext = &m_vps;
- if (!gss_eap_attr_provider::unmarshallAndInit(ctx, obj))
+ if (!gss_eap_attr_provider::initWithJsonObject(ctx, obj))
return false;
- DDF attrs = obj["attributes"];
- DDF attr = attrs.first();
+ JSONObject attrs = obj["attributes"];
+ size_t nelems = attrs.size();
- while (!attr.isnull()) {
+ for (size_t i = 0; i < nelems; i++) {
+ JSONObject attr = attrs[i];
VALUE_PAIR *vp;
- if (!avpUnmarshall(&vp, attr))
+ if (!jsonToAvp(&vp, attr))
return false;
*pNext = vp;
pNext = &vp->next;
-
- attr = attrs.next();
}
+ m_authenticated = obj["authenticated"].integer();
+
return true;
}
return "urn:ietf:params:gss-eap:radius-avp";
}
-DDF
-gss_eap_radius_attr_provider::marshall(void) const
+JSONObject
+gss_eap_radius_attr_provider::jsonRepresentation(void) const
{
- DDF obj(NULL);
- DDF attrs = obj.structure().addmember("attributes").list();
+ JSONObject obj, attrs = JSONObject::array();
for (VALUE_PAIR *vp = m_vps; vp != NULL; vp = vp->next) {
- DDF attr = avpMarshall(vp);
- attrs.add(attr);
+ JSONObject attr = avpToJson(vp);
+ attrs.append(attr);
}
+ obj.set("attributes", attrs);
+
+ obj.set("authenticated", m_authenticated);
+
return obj;
}