#include "gssapiP_eap.h"
+static gss_buffer_desc radiusUrnPrefix = {
+ sizeof("urn:radius:") - 1,
+ (void *)"urn:radius:"
+};
+
VALUE_PAIR *
gss_eap_radius_attr_provider::copyAvps(const VALUE_PAIR *src)
{
}
static bool
-isSecretAttributeP(int attrid, int vendor)
+isHiddenAttributeP(int attrid, int vendor)
{
bool ret = false;
switch (vendor) {
- case RADIUS_VENDOR_ID_MICROSOFT:
+ case VENDOR_ID_MICROSOFT:
switch (attrid) {
- case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
- case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
+ case VENDOR_ATTR_MS_MPPE_SEND_KEY:
+ case VENDOR_ATTR_MS_MPPE_RECV_KEY:
ret = true;
break;
default:
break;
}
+ case VENDOR_ID_UKERNA:
+ ret = true;
+ break;
default:
break;
}
for (vp = m_avps; vp != NULL; vp = vp->next) {
gss_buffer_desc attribute;
-
- if (isSecretAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
+ char attrid[64];
+ if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
continue;
if (alreadyAddedAttributeP(seen, vp))
continue;
- attribute.value = (void *)vp->name;
- attribute.length = strlen(vp->name);
+ snprintf(attrid, sizeof(attrid), "%s%d",
+ (char *)radiusUrnPrefix.value, vp->attribute);
+
+ attribute.value = attrid;
+ attribute.length = strlen(attrid);
if (!addAttribute(this, &attribute, data))
return false;
char *s;
/* XXX vendor */
-
duplicateBuffer(*attr, &strAttr);
s = (char *)strAttr.value;
- if (isdigit(((char *)strAttr.value)[0])) {
+ if (attr->length < radiusUrnPrefix.length ||
+ memcmp(s, radiusUrnPrefix.value, radiusUrnPrefix.length) != 0)
+ return false;
+
+ s += radiusUrnPrefix.length;
+
+ if (isdigit(*s)) {
attrid = strtoul(s, NULL, 10);
} else {
d = rc_dict_findattr(m_rh, (char *)s);
isPrintableAttributeP(VALUE_PAIR *vp)
{
size_t i;
+ int gotChar = 0;
for (i = 0; i < sizeof(vp->strvalue); i++) {
+ if (gotChar && vp->strvalue[i] == '\0')
+ return true;
+
if (!isprint(vp->strvalue[i]))
return false;
+
+ if (!gotChar)
+ gotChar++;
}
return true;
{
OM_uint32 tmpMinor;
VALUE_PAIR *vp;
- int i = *more;
- int max = 0;
+ int i = *more, count = 0;
char name[NAME_LENGTH + 1];
char displayString[AUTH_STRING_LEN + 1];
gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
*more = 0;
- if (isSecretAttributeP(attrid, vendor))
- return false;
-
- vp = rc_avpair_get(m_avps, attrid, vendor);
- if (vp == NULL)
+ if (isHiddenAttributeP(attrid, vendor))
return false;
if (i == -1)
i = 0;
- do {
- if (i == max)
+ for (vp = rc_avpair_get(m_avps, attrid, vendor);
+ vp != NULL;
+ vp = rc_avpair_get(vp->next, attrid, vendor)) {
+ if (count++ == i) {
+ if (rc_avpair_get(vp->next, attrid, vendor) != NULL)
+ *more = count;
break;
+ }
+ }
- max++;
- } while ((vp = rc_avpair_get(vp->next, attrid, vendor)) != NULL);
-
- if (i > max)
+ if (vp == NULL && *more == 0)
return false;
if (vp->type == PW_TYPE_STRING) {
if (complete != NULL)
*complete = true;
- if (max > i)
- *more = i;
-
return true;
}
bool
+gss_eap_radius_attr_provider::getFragmentedAttribute(int attribute,
+ int vendor,
+ int *authenticated,
+ int *complete,
+ gss_buffer_t value) const
+{
+ OM_uint32 major, minor;
+
+ major = getBufferFromAvps(&minor, m_avps, attribute, vendor, value, TRUE);
+
+ if (authenticated != NULL)
+ *authenticated = m_authenticated;
+ if (complete != NULL)
+ *complete = true;
+
+ return !GSS_ERROR(major);
+}
+
+bool
gss_eap_radius_attr_provider::getAttribute(int attrid,
int *authenticated,
int *complete,
rc_avpair_free((VALUE_PAIR *)input);
}
-void
-gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
-{
- buffer->length = 0;
- buffer->value = NULL;
-}
-
-bool
-gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
- const gss_buffer_t buffer)
-{
- if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
- return false;
-
- if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
- return false;
-
- return true;
-}
-
bool
gss_eap_radius_attr_provider::init(void)
{
rc_handle *rh,
VALUE_PAIR **vp,
int type,
+ int vendor,
gss_buffer_t buffer)
{
- if (rc_avpair_add(rh, vp, type, buffer->value, buffer->length, 0) == NULL) {
+ if (rc_avpair_add(rh, vp, type,
+ buffer->value, buffer->length, vendor) == NULL) {
return GSS_S_FAILURE;
}
getBufferFromAvps(OM_uint32 *minor,
VALUE_PAIR *vps,
int type,
+ int vendor,
gss_buffer_t buffer,
int concat)
{
buffer->length = 0;
buffer->value = NULL;
- vp = rc_avpair_get(vps, type, 0);
+ vp = rc_avpair_get(vps, type, vendor);
if (vp == NULL)
return GSS_S_UNAVAILABLE;
do {
buffer->length += vp->lvalue;
- } while (concat && (vp = rc_avpair_get(vp->next, type, 0)) != NULL);
+ } while (concat && (vp = rc_avpair_get(vp->next, type, vendor)) != NULL);
buffer->value = GSSEAP_MALLOC(buffer->length);
if (buffer->value == NULL) {
p = (unsigned char *)buffer->value;
- for (vp = rc_avpair_get(vps, type, 0);
+ for (vp = rc_avpair_get(vps, type, vendor);
concat && vp != NULL;
- vp = rc_avpair_get(vp->next, type, 0)) {
+ vp = rc_avpair_get(vp->next, type, vendor)) {
memcpy(p, vp->strvalue, vp->lvalue);
p += vp->lvalue;
}
*pHandle = rh;
return GSS_S_COMPLETE;
}
+
+/*
+ * This is a super-inefficient coding but the API is going to change
+ * as are the data structures, so not putting a lot of work in now.
+ */
+static size_t
+avpSize(const VALUE_PAIR *vp)
+{
+ return NAME_LENGTH + 1 + 12 + AUTH_STRING_LEN + 1;
+}
+
+static bool
+avpExport(const VALUE_PAIR *vp,
+ unsigned char **pBuffer,
+ size_t *pRemain)
+{
+ unsigned char *p = *pBuffer;
+ size_t remain = *pRemain;
+
+ assert(remain >= avpSize(vp));
+
+ memcpy(p, vp->name, NAME_LENGTH + 1);
+ p += NAME_LENGTH + 1;
+ remain -= NAME_LENGTH + 1;
+
+ store_uint32_be(vp->attribute, &p[0]);
+ store_uint32_be(vp->type, &p[4]);
+ store_uint32_be(vp->lvalue, &p[8]);
+
+ p += 12;
+ remain -= 12;
+
+ memcpy(p, vp->strvalue, AUTH_STRING_LEN + 1);
+ p += AUTH_STRING_LEN + 1;
+ remain -= AUTH_STRING_LEN + 1;
+
+ *pBuffer = p;
+ *pRemain = remain;
+
+ return true;
+
+}
+
+static bool
+avpImport(VALUE_PAIR **pVp,
+ unsigned char **pBuffer,
+ size_t *pRemain)
+{
+ unsigned char *p = *pBuffer;
+ size_t remain = *pRemain;
+ VALUE_PAIR *vp;
+
+ if (remain < avpSize(NULL)) {
+ return false;
+ }
+
+ vp = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp));
+ if (vp == NULL) {
+ throw new std::bad_alloc;
+ return false;
+ }
+ vp->next = NULL;
+
+ memcpy(vp->name, p, NAME_LENGTH + 1);
+ p += NAME_LENGTH + 1;
+ remain -= NAME_LENGTH + 1;
+
+ vp->attribute = load_uint32_be(&p[0]);
+ vp->type = load_uint32_be(&p[4]);
+ vp->lvalue = load_uint32_be(&p[8]);
+
+ p += 12;
+ remain -= 12;
+
+ memcpy(vp->strvalue, p, AUTH_STRING_LEN + 1);
+ p += AUTH_STRING_LEN + 1;
+ remain -= AUTH_STRING_LEN + 1;
+
+ *pVp = vp;
+ *pBuffer = p;
+ *pRemain = remain;
+
+ return true;
+}
+
+bool
+gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
+ const gss_buffer_t buffer)
+{
+ unsigned char *p = (unsigned char *)buffer->value;
+ size_t remain = buffer->length;
+ OM_uint32 count;
+ VALUE_PAIR **pNext = &m_avps;
+
+ if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
+ return false;
+
+ if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
+ return false;
+
+ if (remain < 4)
+ return false;
+
+ count = load_uint32_be(p);
+ p += 4;
+ remain -= 4;
+
+ do {
+ VALUE_PAIR *attr;
+
+ if (!avpImport(&attr, &p, &remain))
+ return false;
+
+ *pNext = attr;
+ pNext = &attr->next;
+
+ count--;
+ } while (remain != 0);
+
+ if (count != 0)
+ return false;
+
+ return true;
+}
+
+void
+gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
+{
+ OM_uint32 count = 0;
+ VALUE_PAIR *vp;
+ unsigned char *p;
+ size_t remain = 4;
+
+ for (vp = m_avps; vp != NULL; vp = vp->next) {
+ remain += avpSize(vp);
+ count++;
+ }
+
+ buffer->value = GSSEAP_MALLOC(remain);
+ if (buffer->value == NULL) {
+ throw new std::bad_alloc;
+ return;
+ }
+ buffer->length = remain;
+
+ p = (unsigned char *)buffer->value;
+
+ store_uint32_be(count, p);
+ p += 4;
+ remain -= 4;
+
+ for (vp = m_avps; vp != NULL; vp = vp->next) {
+ avpExport(vp, &p, &remain);
+ }
+
+ assert(remain == 0);
+}
+
+time_t
+gss_eap_radius_attr_provider::getExpiryTime(void) const
+{
+ VALUE_PAIR *vp;
+
+ vp = rc_avpair_get(m_avps, PW_SESSION_TIMEOUT, 0);
+ if (vp == NULL || vp->lvalue == 0)
+ return 0;
+
+ return time(NULL) + vp->lvalue;
+}