/*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* SUCH DAMAGE.
*/
+/*
+ * RADIUS attribute provider implementation.
+ */
+
#include "gssapiP_eap.h"
/* stuff that should be provided by libradsec/libfreeradius-radius */
static bool
isSecretAttributeP(uint16_t attrid, uint16_t vendor)
{
- bool ret = false;
+ bool bSecretAttribute = false;
switch (vendor) {
case VENDORPEC_MS:
switch (attrid) {
case PW_MS_MPPE_SEND_KEY:
case PW_MS_MPPE_RECV_KEY:
- ret = true;
+ bSecretAttribute = true;
break;
default:
break;
break;
}
- return ret;
+ return bSecretAttribute;
}
static bool
}
static bool
-isHiddenAttributeP(uint16_t attrid, uint16_t vendor)
+isInternalAttributeP(uint16_t attrid, uint16_t vendor)
{
- bool ret = false;
+ bool bInternalAttribute = false;
/* should have been filtered */
assert(!isSecretAttributeP(attrid, vendor));
switch (vendor) {
case VENDORPEC_UKERNA:
- ret = true;
+ bInternalAttribute = true;
break;
default:
break;
}
- return ret;
+ return bInternalAttribute;
}
static bool
-isHiddenAttributeP(uint32_t attribute)
+isInternalAttributeP(uint32_t attribute)
{
- return isHiddenAttributeP(ATTRID(attribute), VENDOR(attribute));
+ return isInternalAttributeP(ATTRID(attribute), VENDOR(attribute));
}
/*
}
bool
-gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
+gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
+ void *data) const
{
VALUE_PAIR *vp;
std::vector <std::string> seen;
gss_buffer_desc attribute;
char attrid[64];
- if (isHiddenAttributeP(vp->attribute))
+ /* Don't advertise attributes that are internal to the GSS-EAP mechanism */
+ if (isInternalAttributeP(vp->attribute))
continue;
if (alreadyAddedAttributeP(seen, vp))
OM_uint32 major = GSS_S_UNAVAILABLE, minor;
if (!isSecretAttributeP(attrid) &&
- !isHiddenAttributeP(attrid)) {
+ !isInternalAttributeP(attrid)) {
deleteAttribute(attrid);
major = gssEapRadiusAddAvp(&minor, &m_vps,
bool
gss_eap_radius_attr_provider::deleteAttribute(uint32_t attrid)
{
- if (isSecretAttributeP(attrid) || isHiddenAttributeP(attrid) ||
+ if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid) ||
pairfind(m_vps, attrid) == NULL)
return false;
pairdelete(&m_vps, attrid);
+
return true;
}
*more = 0;
- if (isHiddenAttributeP(attrid))
- return false;
-
if (i == -1)
i = 0;
bool
gss_eap_radius_attr_provider::init(void)
{
+ struct rs_context *radContext;
+
gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
"urn:ietf:params:gss-eap:radius-avp",
- gss_eap_radius_attr_provider::createAttrContext);
+ createAttrContext);
+
+#if 1
+ /*
+ * This hack is necessary in order to force the loading of the global
+ * dictionary, otherwise accepting reauthentication tokens fails unless
+ * the acceptor has already accepted a normal authentication token.
+ */
+ if (rs_context_create(&radContext, RS_DICT_FILE) != 0) {
+ return false;
+ }
+
+ rs_context_destroy(radContext);
+#endif
+
return true;
}
uint32_t attr = VENDORATTR(vendor, attribute);
*vp = pairfind(vps, attr);
+ if (*vp == NULL) {
+ *minor = GSSEAP_NO_SUCH_ATTR;
+ return GSS_S_UNAVAILABLE;
+ }
- return (*vp == NULL) ? GSS_S_UNAVAILABLE : GSS_S_COMPLETE;
+ return GSS_S_COMPLETE;
}
OM_uint32
buffer->value = NULL;
vp = pairfind(vps, attr);
- if (vp == NULL)
+ if (vp == NULL) {
+ *minor = GSSEAP_NO_SUCH_ATTR;
return GSS_S_UNAVAILABLE;
+ }
do {
buffer->length += vp->length;
return true;
fail:
- pairbasicfree(vp);
+ if (vp != NULL)
+ pairbasicfree(vp);
+ *pVp = NULL;
return false;
}