2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
35 static gss_buffer_desc radiusUrnPrefix = {
36 sizeof("urn:x-radius:") - 1,
37 (void *)"urn:x-radius:"
41 gss_eap_radius_attr_provider::copyAvps(const VALUE_PAIR *src)
44 VALUE_PAIR *dst = NULL, **pDst = &dst;
46 for (vp = src; vp != NULL; vp = vp->next) {
49 vp2 = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp2));
54 memcpy(vp2, vp, sizeof(*vp));
63 gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
67 m_authenticated = false;
70 gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
75 rc_avpair_free(m_avps);
79 gss_eap_radius_attr_provider::initFromGssCred(const gss_cred_id_t cred)
83 return !GSS_ERROR(gssEapRadiusAllocHandle(&minor, cred, &m_rh));
87 gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
88 const gss_eap_attr_provider *ctx)
90 const gss_eap_radius_attr_provider *radius;
92 if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
95 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
98 radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
99 if (radius->m_avps != NULL) {
100 m_avps = copyAvps(radius->getAvps());
107 gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
108 const gss_cred_id_t gssCred,
109 const gss_ctx_id_t gssCtx)
111 if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
114 if (!initFromGssCred(gssCred))
117 if (gssCtx != GSS_C_NO_CONTEXT) {
118 if (gssCtx->acceptorCtx.avps != NULL) {
119 m_avps = copyAvps(gssCtx->acceptorCtx.avps);
129 alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
131 for (std::vector<std::string>::const_iterator a = attrs.begin();
134 if (strcmp(vp->name, (*a).c_str()) == 0)
142 isHiddenAttributeP(int attrid, int vendor)
147 case VENDOR_ID_MICROSOFT:
149 case VENDOR_ATTR_MS_MPPE_SEND_KEY:
150 case VENDOR_ATTR_MS_MPPE_RECV_KEY:
156 case VENDOR_ID_UKERNA:
167 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
170 std::vector <std::string> seen;
172 for (vp = m_avps; vp != NULL; vp = vp->next) {
173 gss_buffer_desc attribute;
175 if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
178 if (alreadyAddedAttributeP(seen, vp))
181 snprintf(attrid, sizeof(attrid), "%s%d",
182 (char *)radiusUrnPrefix.value, vp->attribute);
184 attribute.value = attrid;
185 attribute.length = strlen(attrid);
187 if (!addAttribute(this, &attribute, data))
190 seen.push_back(std::string(vp->name));
197 gss_eap_radius_attr_provider::setAttribute(int complete,
198 const gss_buffer_t attr,
199 const gss_buffer_t value)
204 gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
209 gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
213 gss_buffer_t display_value,
217 gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
223 duplicateBuffer(*attr, &strAttr);
224 s = (char *)strAttr.value;
226 if (attr->length < radiusUrnPrefix.length ||
227 memcmp(s, radiusUrnPrefix.value, radiusUrnPrefix.length) != 0)
230 s += radiusUrnPrefix.length;
233 attrid = strtoul(s, NULL, 10);
235 d = rc_dict_findattr(m_rh, (char *)s);
237 gss_release_buffer(&tmpMinor, &strAttr);
243 gss_release_buffer(&tmpMinor, &strAttr);
245 return getAttribute(attrid, authenticated, complete,
246 value, display_value, more);
250 isPrintableAttributeP(VALUE_PAIR *vp)
255 for (i = 0; i < sizeof(vp->strvalue); i++) {
256 if (gotChar && vp->strvalue[i] == '\0')
259 if (!isprint(vp->strvalue[i]))
270 gss_eap_radius_attr_provider::getAttribute(int attrid,
275 gss_buffer_t display_value,
280 int i = *more, count = 0;
281 char name[NAME_LENGTH + 1];
282 char displayString[AUTH_STRING_LEN + 1];
283 gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
284 gss_buffer_desc displayBuf = GSS_C_EMPTY_BUFFER;
288 if (isHiddenAttributeP(attrid, vendor))
294 for (vp = rc_avpair_get(m_avps, attrid, vendor);
296 vp = rc_avpair_get(vp->next, attrid, vendor)) {
298 if (rc_avpair_get(vp->next, attrid, vendor) != NULL)
304 if (vp == NULL && *more == 0)
307 if (vp->type == PW_TYPE_STRING) {
308 valueBuf.value = (void *)vp->strvalue;
309 valueBuf.length = vp->lvalue;
311 valueBuf.value = (void *)&vp->lvalue;
315 if (value != GSS_C_NO_BUFFER)
316 duplicateBuffer(valueBuf, value);
318 if (display_value != GSS_C_NO_BUFFER &&
319 isPrintableAttributeP(vp)) {
320 if (rc_avpair_tostr(m_rh, vp, name, NAME_LENGTH,
321 displayString, AUTH_STRING_LEN) != 0) {
322 gss_release_buffer(&tmpMinor, value);
326 displayBuf.value = (void *)displayString;
327 displayBuf.length = strlen(displayString);
329 duplicateBuffer(displayBuf, display_value);
332 if (authenticated != NULL)
333 *authenticated = m_authenticated;
334 if (complete != NULL)
341 gss_eap_radius_attr_provider::getFragmentedAttribute(int attribute,
345 gss_buffer_t value) const
347 OM_uint32 major, minor;
349 major = getBufferFromAvps(&minor, m_avps, attribute, vendor, value, TRUE);
351 if (authenticated != NULL)
352 *authenticated = m_authenticated;
353 if (complete != NULL)
356 return !GSS_ERROR(major);
360 gss_eap_radius_attr_provider::getAttribute(int attrid,
364 gss_buffer_t display_value,
368 return getAttribute(ATTRID(attrid), VENDOR(attrid),
369 authenticated, complete,
370 value, display_value, more);
374 gss_eap_radius_attr_provider::mapToAny(int authenticated,
375 gss_buffer_t type_id) const
377 if (authenticated && !m_authenticated)
378 return (gss_any_t)NULL;
380 return (gss_any_t)copyAvps(m_avps);
384 gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
385 gss_any_t input) const
387 rc_avpair_free((VALUE_PAIR *)input);
391 gss_eap_radius_attr_provider::init(void)
393 gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
394 "urn:ietf:params:gss-eap:radius-avp",
395 gss_eap_radius_attr_provider::createAttrContext);
400 gss_eap_radius_attr_provider::finalize(void)
402 gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS);
405 gss_eap_attr_provider *
406 gss_eap_radius_attr_provider::createAttrContext(void)
408 return new gss_eap_radius_attr_provider;
412 addAvpFromBuffer(OM_uint32 *minor,
419 if (rc_avpair_add(rh, vp, type,
420 buffer->value, buffer->length, vendor) == NULL) {
421 return GSS_S_FAILURE;
424 return GSS_S_COMPLETE;
428 getBufferFromAvps(OM_uint32 *minor,
439 buffer->value = NULL;
441 vp = rc_avpair_get(vps, type, vendor);
443 return GSS_S_UNAVAILABLE;
446 buffer->length += vp->lvalue;
447 } while (concat && (vp = rc_avpair_get(vp->next, type, vendor)) != NULL);
449 buffer->value = GSSEAP_MALLOC(buffer->length);
450 if (buffer->value == NULL) {
452 return GSS_S_FAILURE;
455 p = (unsigned char *)buffer->value;
457 for (vp = rc_avpair_get(vps, type, vendor);
458 concat && vp != NULL;
459 vp = rc_avpair_get(vp->next, type, vendor)) {
460 memcpy(p, vp->strvalue, vp->lvalue);
465 return GSS_S_COMPLETE;
469 gssEapRadiusAttrProviderInit(OM_uint32 *minor)
471 return gss_eap_radius_attr_provider::init()
472 ? GSS_S_COMPLETE : GSS_S_FAILURE;
476 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
478 gss_eap_radius_attr_provider::finalize();
479 return GSS_S_COMPLETE;
483 gssEapRadiusAllocHandle(OM_uint32 *minor,
484 const gss_cred_id_t cred,
488 const char *config = RC_CONFIG_FILE;
492 if (cred != GSS_C_NO_CREDENTIAL && cred->radiusConfigFile != NULL)
493 config = cred->radiusConfigFile;
495 rh = rc_read_config((char *)config);
499 return GSS_S_FAILURE;
502 if (rc_read_dictionary(rh, rc_conf_str(rh, (char *)"dictionary")) != 0) {
504 return GSS_S_FAILURE;
508 return GSS_S_COMPLETE;
512 * This is a super-inefficient coding but the API is going to change
513 * as are the data structures, so not putting a lot of work in now.
516 avpSize(const VALUE_PAIR *vp)
518 return NAME_LENGTH + 1 + 12 + AUTH_STRING_LEN + 1;
522 avpExport(const VALUE_PAIR *vp,
523 unsigned char **pBuffer,
526 unsigned char *p = *pBuffer;
527 size_t remain = *pRemain;
529 assert(remain >= avpSize(vp));
531 memcpy(p, vp->name, NAME_LENGTH + 1);
532 p += NAME_LENGTH + 1;
533 remain -= NAME_LENGTH + 1;
535 store_uint32_be(vp->attribute, &p[0]);
536 store_uint32_be(vp->type, &p[4]);
537 store_uint32_be(vp->lvalue, &p[8]);
542 memcpy(p, vp->strvalue, AUTH_STRING_LEN + 1);
543 p += AUTH_STRING_LEN + 1;
544 remain -= AUTH_STRING_LEN + 1;
554 avpImport(VALUE_PAIR **pVp,
555 unsigned char **pBuffer,
558 unsigned char *p = *pBuffer;
559 size_t remain = *pRemain;
562 if (remain < avpSize(NULL)) {
566 vp = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp));
568 throw new std::bad_alloc;
573 memcpy(vp->name, p, NAME_LENGTH + 1);
574 p += NAME_LENGTH + 1;
575 remain -= NAME_LENGTH + 1;
577 vp->attribute = load_uint32_be(&p[0]);
578 vp->type = load_uint32_be(&p[4]);
579 vp->lvalue = load_uint32_be(&p[8]);
584 memcpy(vp->strvalue, p, AUTH_STRING_LEN + 1);
585 p += AUTH_STRING_LEN + 1;
586 remain -= AUTH_STRING_LEN + 1;
596 gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
597 const gss_buffer_t buffer)
599 unsigned char *p = (unsigned char *)buffer->value;
600 size_t remain = buffer->length;
602 VALUE_PAIR **pNext = &m_avps;
604 if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
607 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
613 count = load_uint32_be(p);
620 if (!avpImport(&attr, &p, &remain))
627 } while (remain != 0);
636 gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
643 for (vp = m_avps; vp != NULL; vp = vp->next) {
644 remain += avpSize(vp);
648 buffer->value = GSSEAP_MALLOC(remain);
649 if (buffer->value == NULL) {
650 throw new std::bad_alloc;
653 buffer->length = remain;
655 p = (unsigned char *)buffer->value;
657 store_uint32_be(count, p);
661 for (vp = m_avps; vp != NULL; vp = vp->next) {
662 avpExport(vp, &p, &remain);
669 gss_eap_radius_attr_provider::getExpiryTime(void) const
673 vp = rc_avpair_get(m_avps, PW_SESSION_TIMEOUT, 0);
674 if (vp == NULL || vp->lvalue == 0)
677 return time(NULL) + vp->lvalue;
projects / mech_eap.git / blob