X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=moonshot%2Fmech_eap%2Futil_radius.cpp;h=9111e209759a34ec1e2f83dbc3bb18e00adcd139;hb=f8cc49e125b030bc7c81373984d12e54abc3cb11;hp=0ab02b9d425a8f66041f9fbc8515bdc8afd54b78;hpb=d84482d8743a8aee9af75de6d94acd053d3e5540;p=moonshot.git diff --git a/moonshot/mech_eap/util_radius.cpp b/moonshot/mech_eap/util_radius.cpp index 0ab02b9..9111e20 100644 --- a/moonshot/mech_eap/util_radius.cpp +++ b/moonshot/mech_eap/util_radius.cpp @@ -96,7 +96,7 @@ gss_eap_radius_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager return false; /* We assume libradsec validated this for us */ - assert(pairfind(m_vps, PW_MESSAGE_AUTHENTICATOR) != NULL); + GSSEAP_ASSERT(pairfind(m_vps, PW_MESSAGE_AUTHENTICATOR) != NULL); m_authenticated = true; } } @@ -151,7 +151,7 @@ isInternalAttributeP(uint16_t attrid, uint16_t vendor) bool bInternalAttribute = false; /* should have been filtered */ - assert(!isSecretAttributeP(attrid, vendor)); + GSSEAP_ASSERT(!isSecretAttributeP(attrid, vendor)); switch (vendor) { case VENDORPEC_UKERNA: @@ -490,32 +490,8 @@ gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_ bool gss_eap_radius_attr_provider::init(void) { - struct rs_context *radContext; - gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS, createAttrContext); -#if 1 - /* - * This hack is necessary in order to force the loading of the global - * dictionary, otherwise accepting reauthentication tokens fails unless - * the acceptor has already accepted a normal authentication token. - */ - if (rs_context_create(&radContext) != 0) - return false; - - if (rs_context_read_config(radContext, RS_CONFIG_FILE) != 0) { - rs_context_destroy(radContext); - return false; - } - - if (rs_context_init_freeradius_dict(radContext, NULL)) { - rs_context_destroy(radContext); - return false; - } - - rs_context_destroy(radContext); -#endif - return true; } @@ -671,7 +647,7 @@ avpToJson(const VALUE_PAIR *vp) { JSONObject obj; - assert(vp->length <= MAX_STRING_LEN); + GSSEAP_ASSERT(vp->length <= MAX_STRING_LEN); switch (vp->type) { case PW_TYPE_INTEGER: @@ -809,7 +785,7 @@ gss_eap_radius_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx, pNext = &vp->next; } - m_authenticated = obj["authenticated"].integer(); + m_authenticated = obj["authenticated"].integer() ? true : false; return true; } @@ -855,7 +831,7 @@ gssEapRadiusMapError(OM_uint32 *minor, { int code; - assert(err != NULL); + GSSEAP_ASSERT(err != NULL); code = rs_err_code(err, 0); @@ -871,3 +847,53 @@ gssEapRadiusMapError(OM_uint32 *minor, return GSS_S_FAILURE; } + +OM_uint32 +gssEapCreateRadiusContext(OM_uint32 *minor, + gss_cred_id_t cred, + struct rs_context **pRadContext) +{ + const char *configFile = RS_CONFIG_FILE; + struct rs_context *radContext; + struct rs_alloc_scheme ralloc; + struct rs_error *err; + OM_uint32 major; + + *pRadContext = NULL; + + if (rs_context_create(&radContext) != 0) { + *minor = GSSEAP_RADSEC_CONTEXT_FAILURE; + return GSS_S_FAILURE; + } + + if (cred->radiusConfigFile.value != NULL) + configFile = (const char *)cred->radiusConfigFile.value; + + ralloc.calloc = GSSEAP_CALLOC; + ralloc.malloc = GSSEAP_MALLOC; + ralloc.free = GSSEAP_FREE; + ralloc.realloc = GSSEAP_REALLOC; + + rs_context_set_alloc_scheme(radContext, &ralloc); + + if (rs_context_read_config(radContext, configFile) != 0) { + err = rs_err_ctx_pop(radContext); + goto fail; + } + + if (rs_context_init_freeradius_dict(radContext, NULL) != 0) { + err = rs_err_ctx_pop(radContext); + goto fail; + } + + *pRadContext = radContext; + + *minor = 0; + return GSS_S_COMPLETE; + +fail: + major = gssEapRadiusMapError(minor, err); + rs_context_destroy(radContext); + + return major; +}