ctx->initiatorName->attrCtx = gssEapCreateAttrContext(cred, ctx);
vp = rc_avpair_get(ctx->acceptorCtx.avps,
- RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY,
- RADIUS_VENDOR_ID_MICROSOFT);
+ VENDOR_ATTR_MS_MPPE_SEND_KEY,
+ VENDOR_ID_MICROSOFT);
if (ctx->encryptionType != ENCTYPE_NULL && vp != NULL) {
major = gssEapDeriveRfc3961Key(minor,
(unsigned char *)vp->strvalue,
{
OM_uint32 major, tmpMinor;
gss_buffer_desc nameBuf;
+ krb5_principal krbPrinc;
/* Awaits further specification */
if (ctx->acceptorName == GSS_C_NO_NAME)
return GSS_S_COMPLETE;
- major = gss_display_name(minor, ctx->acceptorName, &nameBuf, NULL);
+ krbPrinc = ctx->acceptorName->krbPrincipal;
+ assert(krbPrinc != NULL);
+
+ if (krbPrinc->length < 2)
+ return GSS_S_BAD_NAME;
+
+ nameBuf.value = krbPrinc->data[0].data;
+ nameBuf.length = krbPrinc->data[0].length;
+
+ major = addAvpFromBuffer(minor, ctx->acceptorCtx.radHandle, avps,
+ VENDOR_ATTR_GSS_ACCEPTOR_SERVICE_NAME,
+ VENDOR_ID_GSS_EAP,
+ &nameBuf);
if (GSS_ERROR(major))
return major;
+ nameBuf.value = krbPrinc->data[1].data;
+ nameBuf.length = krbPrinc->data[2].length;
+
major = addAvpFromBuffer(minor, ctx->acceptorCtx.radHandle, avps,
- RADIUS_VENDOR_ATTR_GSS_EAP_ACCEPTOR_SERVICE_NAME,
- RADIUS_VENDOR_ID_GSS_EAP,
+ VENDOR_ATTR_GSS_ACCEPTOR_HOST_NAME,
+ VENDOR_ID_GSS_EAP,
&nameBuf);
if (GSS_ERROR(major))
return major;
- gss_release_buffer(&tmpMinor, &nameBuf);
+ if (krbPrinc->realm.data != NULL) {
+ nameBuf.value = krbPrinc->realm.data;
+ nameBuf.length = krbPrinc->realm.length;
- return major;
+ major = addAvpFromBuffer(minor, ctx->acceptorCtx.radHandle, avps,
+ VENDOR_ATTR_GSS_ACCEPTOR_REALM_NAME,
+ VENDOR_ID_GSS_EAP,
+ &nameBuf);
+ if (GSS_ERROR(major))
+ return major;
+ }
+
+ return GSS_S_COMPLETE;
}
static OM_uint32
#define CRED_FLAG_ACCEPT 0x00000002
#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004
#define CRED_FLAG_PASSWORD 0x00000008
+#define CRED_FLAG_DISABLE_LOCAL_ATTRS 0x00010000
+#define CRED_FLAG_SET_CRED_OPTION_MASK 0x00FF0000
struct gss_cred_id_struct {
GSSEAP_MUTEX mutex;
bool ret = false;
switch (vendor) {
- case RADIUS_VENDOR_ID_MICROSOFT:
+ case VENDOR_ID_MICROSOFT:
switch (attrid) {
- case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
- case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
+ case VENDOR_ATTR_MS_MPPE_SEND_KEY:
+ case VENDOR_ATTR_MS_MPPE_RECV_KEY:
ret = true;
break;
default:
break;
}
- case RADIUS_VENDOR_ID_GSS_EAP:
+ case VENDOR_ID_GSS_EAP:
ret = true;
break;
default:
#define RC_CONFIG_FILE SYSCONFDIR "/radiusclient/radiusclient.conf"
/* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */
-#define RADIUS_VENDOR_ID_MICROSOFT 311
+#define VENDOR_ID_MICROSOFT 311
-enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
- RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
+enum { VENDOR_ATTR_MS_MPPE_SEND_KEY = 16,
+ VENDOR_ATTR_MS_MPPE_RECV_KEY = 17
};
-/* OK, this is completely unassigned */
-#define RADIUS_VENDOR_ID_GSS_EAP 5322
+#define VENDOR_ID_GSS_EAP 5322 /* XXX TODO assign */
-enum { RADIUS_VENDOR_ATTR_GSS_EAP_ACCEPTOR_SERVICE_NAME = 1,
- RADIUS_VENDOR_ATTR_GSS_EAP_ACCEPTOR_HOST_NAME,
- RADIUS_VENDOR_ATTR_GSS_EAP_ACCEPTOR_REALM_NAME,
- RADIUS_VENDOR_ATTR_GSS_EAP_SAML_AAA_ASSERTION
+enum { VENDOR_ATTR_GSS_ACCEPTOR_SERVICE_NAME = 1,
+ VENDOR_ATTR_GSS_ACCEPTOR_HOST_NAME,
+ VENDOR_ATTR_GSS_ACCEPTOR_REALM_NAME,
+ VENDOR_ATTR_SAML_AAA_ASSERTION
};
#ifdef __cplusplus
radius = static_cast<const gss_eap_radius_attr_provider *>
(m_manager->getProvider(ATTR_TYPE_RADIUS));
if (radius != NULL &&
- radius->getFragmentedAttribute(RADIUS_VENDOR_ATTR_GSS_EAP_SAML_AAA_ASSERTION,
- RADIUS_VENDOR_ID_GSS_EAP,
+ radius->getFragmentedAttribute(VENDOR_ATTR_SAML_AAA_ASSERTION,
+ VENDOR_ID_GSS_EAP,
&authenticated, &complete, &value)) {
setAssertion(&value, authenticated);
gss_release_buffer(&minor, &value);