X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil_radius.cpp;h=5462acc1f197ea8f030fdcc240c38304fb7e0110;hb=1362e293dfa2caa348b55aed5861efdb483ef813;hp=48fa6f0d2a5e0df9da883c2f91c59407e3a095be;hpb=a41fa883097ba57aeb39d0f8cd6aa9aa961c8666;p=moonshot.git diff --git a/mech_eap/util_radius.cpp b/mech_eap/util_radius.cpp index 48fa6f0..5462acc 100644 --- a/mech_eap/util_radius.cpp +++ b/mech_eap/util_radius.cpp @@ -63,12 +63,12 @@ gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void) } bool -gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager, +gss_eap_radius_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager, const gss_eap_attr_provider *ctx) { const gss_eap_radius_attr_provider *radius; - if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx)) + if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx)) return false; radius = static_cast(ctx); @@ -82,11 +82,11 @@ gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *ma } bool -gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager, +gss_eap_radius_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager, const gss_cred_id_t gssCred, const gss_ctx_id_t gssCtx) { - if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx)) + if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx)) return false; if (gssCtx != GSS_C_NO_CONTEXT) { @@ -189,8 +189,7 @@ copyAvps(const VALUE_PAIR *src) vpcopy = paircopyvp(vp); if (vpcopy == NULL) { pairfree(&dst); - throw new std::bad_alloc; - return NULL; + throw std::bad_alloc(); } *pDst = vpcopy; pDst = &vpcopy->next; @@ -223,7 +222,7 @@ gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addA attribute.value = attrid; attribute.length = strlen(attrid); - if (!addAttribute(this, &attribute, data)) + if (!addAttribute(m_manager, this, &attribute, data)) return false; seen.push_back(std::string(vp->name)); @@ -263,7 +262,7 @@ getAttributeId(const gss_buffer_t attr) } bool -gss_eap_radius_attr_provider::setAttribute(int complete, +gss_eap_radius_attr_provider::setAttribute(int complete GSSEAP_UNUSED, uint32_t attrid, const gss_buffer_t value) { @@ -428,7 +427,7 @@ gss_eap_radius_attr_provider::getAttribute(uint16_t attribute, gss_any_t gss_eap_radius_attr_provider::mapToAny(int authenticated, - gss_buffer_t type_id) const + gss_buffer_t type_id GSSEAP_UNUSED) const { if (authenticated && !m_authenticated) return (gss_any_t)NULL; @@ -437,10 +436,11 @@ gss_eap_radius_attr_provider::mapToAny(int authenticated, } void -gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id, +gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED, gss_any_t input) const { - pairfree((VALUE_PAIR **)&input); + VALUE_PAIR *vp = (VALUE_PAIR *)input; + pairfree(&vp); } bool @@ -448,9 +448,7 @@ gss_eap_radius_attr_provider::init(void) { struct rs_context *radContext; - gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS, - "urn:ietf:params:gss-eap:radius-avp", - createAttrContext); + gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS, createAttrContext); #if 1 /* @@ -458,7 +456,16 @@ gss_eap_radius_attr_provider::init(void) * dictionary, otherwise accepting reauthentication tokens fails unless * the acceptor has already accepted a normal authentication token. */ - if (rs_context_create(&radContext, RS_DICT_FILE) != 0) { + if (rs_context_create(&radContext) != 0) + return false; + + if (rs_context_read_config(radContext, RS_CONFIG_FILE) != 0) { + rs_context_destroy(radContext); + return false; + } + + if (rs_context_init_freeradius_dict(radContext, NULL)) { + rs_context_destroy(radContext); return false; } @@ -495,7 +502,7 @@ gssEapRadiusAddAvp(OM_uint32 *minor, VALUE_PAIR *vp; size_t n = remain; - /* + /* * There's an extra byte of padding; RADIUS AVPs can only * be 253 octets. */ @@ -606,120 +613,115 @@ OM_uint32 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor) { gss_eap_radius_attr_provider::finalize(); - return GSS_S_COMPLETE; -} -/* - * Encoding is: - * 4 octet NBO attribute ID | 4 octet attribute length | attribute data - */ -static size_t -avpSize(const VALUE_PAIR *vp) -{ - size_t size = 4 + 1; - - if (vp != NULL) - size += vp->length; - - return size; + *minor = 0; + return GSS_S_COMPLETE; } -static bool -avpExport(const VALUE_PAIR *vp, - unsigned char **pBuffer, - size_t *pRemain) +static JSONObject +avpToJson(const VALUE_PAIR *vp) { - unsigned char *p = *pBuffer; - size_t remain = *pRemain; + JSONObject obj; - assert(remain >= avpSize(vp)); - - store_uint32_be(vp->attribute, p); + assert(vp->length <= MAX_STRING_LEN); switch (vp->type) { case PW_TYPE_INTEGER: case PW_TYPE_IPADDR: case PW_TYPE_DATE: - p[4] = 4; - store_uint32_be(vp->lvalue, p + 5); + obj.set("value", vp->lvalue); break; - default: - assert(vp->length <= MAX_STRING_LEN); - p[4] = (uint8_t)vp->length; - memcpy(p + 5, vp->vp_octets, vp->length); + case PW_TYPE_STRING: + obj.set("value", vp->vp_strvalue); break; - } + default: { + char *b64; - *pBuffer += 5 + p[4]; - *pRemain -= 5 + p[4]; + if (base64Encode(vp->vp_octets, vp->length, &b64) < 0) + throw std::bad_alloc(); - return true; + obj.set("value", b64); + GSSEAP_FREE(b64); + break; + } + } + + obj.set("type", vp->attribute); + return obj; } static bool -avpImport(VALUE_PAIR **pVp, - unsigned char **pBuffer, - size_t *pRemain) +jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj) { - unsigned char *p = *pBuffer; - size_t remain = *pRemain; VALUE_PAIR *vp = NULL; DICT_ATTR *da; uint32_t attrid; - if (remain < avpSize(NULL)) - goto fail; + JSONObject type = obj["type"]; + JSONObject value = obj["value"]; - attrid = load_uint32_be(p); - p += 4; - remain -= 4; + if (!type.isInteger()) + goto fail; + attrid = type.integer(); da = dict_attrbyvalue(attrid); if (da != NULL) { vp = pairalloc(da); } else { - vp = paircreate(attrid, PW_TYPE_STRING); - } - if (vp == NULL) { - throw new std::bad_alloc; - goto fail; + int type = base64Valid(value.string()) ? + PW_TYPE_OCTETS : PW_TYPE_STRING; + vp = paircreate(attrid, type); } - - if (remain < p[0]) - goto fail; + if (vp == NULL) + throw std::bad_alloc(); switch (vp->type) { case PW_TYPE_INTEGER: case PW_TYPE_IPADDR: case PW_TYPE_DATE: - if (p[0] != 4) + if (!value.isInteger()) goto fail; vp->length = 4; - vp->lvalue = load_uint32_be(p + 1); - p += 5; - remain -= 5; + vp->lvalue = value.integer(); break; - case PW_TYPE_STRING: - default: - if (p[0] >= MAX_STRING_LEN) + case PW_TYPE_STRING: { + if (!value.isString()) goto fail; - vp->length = (uint32_t)p[0]; - memcpy(vp->vp_octets, p + 1, vp->length); + const char *str = value.string(); + size_t len = strlen(str); - if (vp->type == PW_TYPE_STRING) - vp->vp_strvalue[vp->length] = '\0'; + if (len >= MAX_STRING_LEN) + goto fail; - p += 1 + vp->length; - remain -= 1 + vp->length; + vp->length = len; + memcpy(vp->vp_strvalue, str, len + 1); break; } + case PW_TYPE_OCTETS: + default: { + if (!value.isString()) + goto fail; + + const char *str = value.string(); + ssize_t len = strlen(str); + + /* this optimization requires base64Decode only understand packed encoding */ + if (len >= BASE64_EXPAND(MAX_STRING_LEN)) + goto fail; + + len = base64Decode(str, vp->vp_octets); + if (len < 0) + goto fail; + + vp->length = len; + break; + } + } *pVp = vp; - *pBuffer = p; - *pRemain = remain; return true; @@ -730,55 +732,61 @@ fail: return false; } +const char * +gss_eap_radius_attr_provider::name(void) const +{ + return "radius"; +} + bool -gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx, - const gss_buffer_t buffer) +gss_eap_radius_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, + JSONObject &obj) { - unsigned char *p = (unsigned char *)buffer->value; - size_t remain = buffer->length; VALUE_PAIR **pNext = &m_vps; - if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer)) + if (!gss_eap_attr_provider::initWithJsonObject(ctx, obj)) return false; - do { - VALUE_PAIR *attr; + JSONObject attrs = obj["attributes"]; + size_t nelems = attrs.size(); + + for (size_t i = 0; i < nelems; i++) { + JSONObject attr = attrs[i]; + VALUE_PAIR *vp; - if (!avpImport(&attr, &p, &remain)) + if (!jsonToAvp(&vp, attr)) return false; - *pNext = attr; - pNext = &attr->next; - } while (remain != 0); + *pNext = vp; + pNext = &vp->next; + } + + m_authenticated = obj["authenticated"].integer(); return true; } -void -gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const +const char * +gss_eap_radius_attr_provider::prefix(void) const { - VALUE_PAIR *vp; - unsigned char *p; - size_t remain = 0; + return "urn:ietf:params:gss-eap:radius-avp"; +} - for (vp = m_vps; vp != NULL; vp = vp->next) { - remain += avpSize(vp); - } +JSONObject +gss_eap_radius_attr_provider::jsonRepresentation(void) const +{ + JSONObject obj, attrs = JSONObject::array(); - buffer->value = GSSEAP_MALLOC(remain); - if (buffer->value == NULL) { - throw new std::bad_alloc; - return; + for (VALUE_PAIR *vp = m_vps; vp != NULL; vp = vp->next) { + JSONObject attr = avpToJson(vp); + attrs.append(attr); } - buffer->length = remain; - p = (unsigned char *)buffer->value; + obj.set("attributes", attrs); - for (vp = m_vps; vp != NULL; vp = vp->next) { - avpExport(vp, &p, &remain); - } + obj.set("authenticated", m_authenticated); - assert(remain == 0); + return obj; } time_t