From: Mark Donnelly Date: Mon, 13 Jul 2015 18:34:14 +0000 (-0400) Subject: Add prefix matching test for OIDs. X-Git-Url: http://www.project-moonshot.org/gitweb/?p=gssweb.git;a=commitdiff_plain;h=95edc34cfd372556b91a45e3ba252f8d6f25a491 Add prefix matching test for OIDs. * Add ability to test whether this OID matches a given prefix * Add convenience function for the mech_eap OID prefix test --- diff --git a/json_gssapi/src/datamodel/GSSOID.cpp b/json_gssapi/src/datamodel/GSSOID.cpp index d995ee6..ff4f3e3 100644 --- a/json_gssapi/src/datamodel/GSSOID.cpp +++ b/json_gssapi/src/datamodel/GSSOID.cpp @@ -32,6 +32,8 @@ * */ +#include + #include "GSSOID.h" #include "../GSSException.h" @@ -151,3 +153,43 @@ bool GSSOID::setValue ( gss_OID gssOID ) this->gssInternal = true; return true; } + +bool GSSOID::matchesBaseOID ( const gss_OID_desc &base_oid ) +{ + /* Variables */ + unsigned char *elements = reinterpret_cast (oid->elements); + + /* Error checking */ + /* Setup */ + /* Main processing */ + // We can't match the prefex if we're not longer than the prefix. + if (oid->length <= base_oid.length) + return(false); + + // Match the prefix itself. + if (memcmp(oid->elements, base_oid.elements, base_oid.length) != 0) + return(false); + + // Constrain the suffix to a single OID segment. + // The break between segments is signified whenever an octet has 0 in + // its high-order bit. Check that no octet between the prefix and the + // last octet has 0 in its high-order bit + for (size_t i = base_oid.length; + oid->length - 1 > i; + i++) + { + if( !(elements[i] & 0x80) ) + return(false); + } + + // Add a sanity check that the last octet has 0 in its high-order bit. + if( elements[oid->length - 1] & 0x80 ) + return(false); + + /* Cleanup */ + // No memory allocated, just typecast - nothing to clean up + + /* Return */ + return(true); +} + diff --git a/json_gssapi/src/datamodel/GSSOID.h b/json_gssapi/src/datamodel/GSSOID.h index 9664c06..f6d9929 100644 --- a/json_gssapi/src/datamodel/GSSOID.h +++ b/json_gssapi/src/datamodel/GSSOID.h @@ -41,6 +41,11 @@ #ifndef GSSOID_H #define GSSOID_H +static const gss_OID_desc eap_mech_oid = { + /* 1.3.6.1.5.5.15.1.1 */ + 8, (void *) "\x2B\x06\x01\x05\x05\x0f\x01\x01" }; + + class GSSOID { public: GSSOID() { oid = GSS_C_NO_OID; gssInternal = true; }; @@ -58,6 +63,10 @@ public: bool setValue(gss_OID gssOID); JSONObject *toJSONValue() const; + + bool matchesBaseOID ( const gss_OID_desc &base_oid ); + bool isGssEapMech() { return( matchesBaseOID( eap_mech_oid ) ); } + private: gss_OID oid; bool gssInternal;