From 1cbdc3bd2770078ccefc5bf7271e9ff8f1f20d35 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Mon, 14 Nov 2011 18:23:49 +1100
Subject: [PATCH 1/1] use "26" as prefix for vendor attributes

---
 mech_eap/README.samba4   |  2 +-
 mech_eap/TODO            |  1 +
 mech_eap/util_radius.cpp | 37 ++++++++++++++++++++++++-------------
 3 files changed, 26 insertions(+), 14 deletions(-)

diff --git a/mech_eap/README.samba4 b/mech_eap/README.samba4
index a044cba..e1e19fe 100644
--- a/mech_eap/README.samba4
+++ b/mech_eap/README.samba4
@@ -16,7 +16,7 @@ Shibboleth
 * Add a mapping from the PAC RADIUS attribute to urn:mspac: in the file
   /usr/local/etc/shibboleth/attribute-map.xml:
 
-  <GSSAPIAttribute name="urn:ietf:params:gssapi:aaa-radius 25622.133"
+  <GSSAPIAttribute name="urn:ietf:params:gssapi:aaa-radius 26.25622.133"
    id="urn:mspac:" binary="true"/>
 
 FreeRADIUS
diff --git a/mech_eap/TODO b/mech_eap/TODO
index 0111459..78d92c8 100644
--- a/mech_eap/TODO
+++ b/mech_eap/TODO
@@ -1,3 +1,4 @@
+- draft-ietf-radext-radius-extensions
 - integration with initiator-side EAP channel bindings
 - investigate initiator-side credential locking
 - always intern OIDs so they never need to be freed
diff --git a/mech_eap/util_radius.cpp b/mech_eap/util_radius.cpp
index 29f83c4..81f5e7f 100644
--- a/mech_eap/util_radius.cpp
+++ b/mech_eap/util_radius.cpp
@@ -252,8 +252,9 @@ gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addA
         if (alreadyAddedAttributeP(seen, attrid))
             continue;
 
+        /* TODO support draft-ietf-radext-radius-extensions */
         if (attrid.first != 0) {
-            snprintf(buf, sizeof(buf), "%u.%u", attrid.first, attrid.second);
+            snprintf(buf, sizeof(buf), "26.%u.%u", attrid.first, attrid.second);
         } else {
             snprintf(buf, sizeof(buf), "%u", attrid.second);
         }
@@ -277,28 +278,38 @@ getAttributeId(const gss_buffer_t desc,
     OM_uint32 tmpMinor;
     gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
     char *s;
-    bool ret;
+    bool ret = false;
 
     /* need to duplicate because attr may not be NUL terminated */
     duplicateBuffer(*desc, &strAttr);
     s = (char *)strAttr.value;
 
+    /* TODO support draft-ietf-radext-radius-extensions */
     if (isdigit(*s)) {
-        char *s2;
-        unsigned int tmp = strtoul(s, &s2, 10);
-
-        if (*s2 == '.') {
-            /* Vendor attributes formatted as Vendor.Attribute */
-            attrid->first = tmp;
-            attrid->second = strtoul(s2 + 1, NULL, 10);
-            ret = true;
-        } else if (*s2 == '\0') {
+        unsigned int tmp = strtoul(s, &s, 10);
+
+        if (*s == '.') {
+            s++;
+
+            switch (tmp) {
+            case PW_VENDOR_SPECIFIC:
+                /* attribute name formatted as 26.Vendor.Attribute */
+                attrid->first = strtoul(s, &s, 10);
+                if (*s == '.') {
+                    s++;
+                    attrid->second = strtoul(s, &s, 10);
+                    ret = (*s == '\0');
+                }
+                break;
+            default:
+                break;
+            }
+        } else if (*s == '\0') {
             /* Non-vendor attrbiute */
             attrid->first = 0;
             attrid->second = tmp;
             ret = true;
-        } else
-            ret = false;
+        }
     } else {
         /* No digits */
         ret = (rs_attr_find(s, &attrid->second, &attrid->first) == RSE_OK);
-- 
2.1.4