2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
36 gss_eap_radius_attr_provider::copyAvps(const VALUE_PAIR *src)
39 VALUE_PAIR *dst = NULL, **pDst = &dst;
41 for (vp = src; vp != NULL; vp = vp->next) {
44 vp2 = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp2));
49 memcpy(vp2, vp, sizeof(*vp));
58 gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
62 m_authenticated = false;
65 gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
70 rc_avpair_free(m_avps);
74 gss_eap_radius_attr_provider::initFromGssCred(const gss_cred_id_t cred)
78 return !GSS_ERROR(gssEapRadiusAllocHandle(&minor, cred, &m_rh));
82 gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
83 const gss_eap_attr_provider *ctx)
85 const gss_eap_radius_attr_provider *radius;
87 if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
90 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
93 radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
94 if (radius->m_avps != NULL) {
95 m_avps = copyAvps(radius->getAvps());
102 gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
103 const gss_cred_id_t gssCred,
104 const gss_ctx_id_t gssCtx)
106 if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
109 if (!initFromGssCred(gssCred))
112 if (gssCtx != GSS_C_NO_CONTEXT) {
113 if (gssCtx->acceptorCtx.avps != NULL) {
114 m_avps = copyAvps(gssCtx->acceptorCtx.avps);
124 alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
126 for (std::vector<std::string>::const_iterator a = attrs.begin();
129 if (strcmp(vp->name, (*a).c_str()) == 0)
137 isHiddenAttributeP(int attrid, int vendor)
142 case RADIUS_VENDOR_ID_MICROSOFT:
144 case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
145 case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
151 case RADIUS_VENDOR_ID_GSS_EAP:
162 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
165 std::vector <std::string> seen;
167 for (vp = m_avps; vp != NULL; vp = vp->next) {
168 gss_buffer_desc attribute;
170 if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
173 if (alreadyAddedAttributeP(seen, vp))
176 attribute.value = (void *)vp->name;
177 attribute.length = strlen(vp->name);
179 if (!addAttribute(this, &attribute, data))
182 seen.push_back(std::string(vp->name));
189 gss_eap_radius_attr_provider::setAttribute(int complete,
190 const gss_buffer_t attr,
191 const gss_buffer_t value)
196 gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
201 gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
205 gss_buffer_t display_value,
209 gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
216 duplicateBuffer(*attr, &strAttr);
217 s = (char *)strAttr.value;
219 if (isdigit(((char *)strAttr.value)[0])) {
220 attrid = strtoul(s, NULL, 10);
222 d = rc_dict_findattr(m_rh, (char *)s);
224 gss_release_buffer(&tmpMinor, &strAttr);
230 gss_release_buffer(&tmpMinor, &strAttr);
232 return getAttribute(attrid, authenticated, complete,
233 value, display_value, more);
237 isPrintableAttributeP(VALUE_PAIR *vp)
242 for (i = 0; i < sizeof(vp->strvalue); i++) {
243 if (gotChar && vp->strvalue[i] == '\0')
246 if (!isprint(vp->strvalue[i]))
257 gss_eap_radius_attr_provider::getAttribute(int attrid,
262 gss_buffer_t display_value,
267 int i = *more, count = 0;
268 char name[NAME_LENGTH + 1];
269 char displayString[AUTH_STRING_LEN + 1];
270 gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
271 gss_buffer_desc displayBuf = GSS_C_EMPTY_BUFFER;
275 if (isHiddenAttributeP(attrid, vendor))
281 for (vp = rc_avpair_get(m_avps, attrid, vendor);
283 vp = rc_avpair_get(vp->next, attrid, vendor)) {
285 if (rc_avpair_get(vp->next, attrid, vendor) != NULL)
291 if (vp == NULL && *more == 0)
294 if (vp->type == PW_TYPE_STRING) {
295 valueBuf.value = (void *)vp->strvalue;
296 valueBuf.length = vp->lvalue;
298 valueBuf.value = (void *)&vp->lvalue;
302 if (value != GSS_C_NO_BUFFER)
303 duplicateBuffer(valueBuf, value);
305 if (display_value != GSS_C_NO_BUFFER &&
306 isPrintableAttributeP(vp)) {
307 if (rc_avpair_tostr(m_rh, vp, name, NAME_LENGTH,
308 displayString, AUTH_STRING_LEN) != 0) {
309 gss_release_buffer(&tmpMinor, value);
313 displayBuf.value = (void *)displayString;
314 displayBuf.length = strlen(displayString);
316 duplicateBuffer(displayBuf, display_value);
319 if (authenticated != NULL)
320 *authenticated = m_authenticated;
321 if (complete != NULL)
328 gss_eap_radius_attr_provider::getFragmentedAttribute(int attribute,
332 gss_buffer_t value) const
334 OM_uint32 major, minor;
336 major = getBufferFromAvps(&minor, m_avps, attribute, vendor, value, TRUE);
338 if (authenticated != NULL)
339 *authenticated = m_authenticated;
340 if (complete != NULL)
343 return !GSS_ERROR(major);
347 gss_eap_radius_attr_provider::getAttribute(int attrid,
351 gss_buffer_t display_value,
355 return getAttribute(ATTRID(attrid), VENDOR(attrid),
356 authenticated, complete,
357 value, display_value, more);
361 gss_eap_radius_attr_provider::mapToAny(int authenticated,
362 gss_buffer_t type_id) const
364 if (authenticated && !m_authenticated)
365 return (gss_any_t)NULL;
367 return (gss_any_t)copyAvps(m_avps);
371 gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
372 gss_any_t input) const
374 rc_avpair_free((VALUE_PAIR *)input);
378 gss_eap_radius_attr_provider::init(void)
380 gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
381 "urn:ietf:params:gss-eap:radius-avp",
382 gss_eap_radius_attr_provider::createAttrContext);
387 gss_eap_radius_attr_provider::finalize(void)
389 gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS);
392 gss_eap_attr_provider *
393 gss_eap_radius_attr_provider::createAttrContext(void)
395 return new gss_eap_radius_attr_provider;
399 addAvpFromBuffer(OM_uint32 *minor,
406 if (rc_avpair_add(rh, vp, type,
407 buffer->value, buffer->length, vendor) == NULL) {
408 return GSS_S_FAILURE;
411 return GSS_S_COMPLETE;
415 getBufferFromAvps(OM_uint32 *minor,
426 buffer->value = NULL;
428 vp = rc_avpair_get(vps, type, vendor);
430 return GSS_S_UNAVAILABLE;
433 buffer->length += vp->lvalue;
434 } while (concat && (vp = rc_avpair_get(vp->next, type, vendor)) != NULL);
436 buffer->value = GSSEAP_MALLOC(buffer->length);
437 if (buffer->value == NULL) {
439 return GSS_S_FAILURE;
442 p = (unsigned char *)buffer->value;
444 for (vp = rc_avpair_get(vps, type, vendor);
445 concat && vp != NULL;
446 vp = rc_avpair_get(vp->next, type, vendor)) {
447 memcpy(p, vp->strvalue, vp->lvalue);
452 return GSS_S_COMPLETE;
456 gssEapRadiusAttrProviderInit(OM_uint32 *minor)
458 return gss_eap_radius_attr_provider::init()
459 ? GSS_S_COMPLETE : GSS_S_FAILURE;
463 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
465 gss_eap_radius_attr_provider::finalize();
466 return GSS_S_COMPLETE;
470 gssEapRadiusAllocHandle(OM_uint32 *minor,
471 const gss_cred_id_t cred,
475 const char *config = RC_CONFIG_FILE;
479 if (cred != GSS_C_NO_CREDENTIAL && cred->radiusConfigFile != NULL)
480 config = cred->radiusConfigFile;
482 rh = rc_read_config((char *)config);
486 return GSS_S_FAILURE;
489 if (rc_read_dictionary(rh, rc_conf_str(rh, (char *)"dictionary")) != 0) {
491 return GSS_S_FAILURE;
495 return GSS_S_COMPLETE;
499 * This is a super-inefficient coding but the API is going to change
500 * as are the data structures, so not putting a lot of work in now.
503 avpSize(const VALUE_PAIR *vp)
505 return NAME_LENGTH + 1 + 12 + AUTH_STRING_LEN + 1;
509 avpExport(const VALUE_PAIR *vp,
510 unsigned char **pBuffer,
513 unsigned char *p = *pBuffer;
514 size_t remain = *pRemain;
516 assert(remain >= avpSize(vp));
518 memcpy(p, vp->name, NAME_LENGTH + 1);
519 p += NAME_LENGTH + 1;
520 remain -= NAME_LENGTH + 1;
522 store_uint32_be(vp->attribute, &p[0]);
523 store_uint32_be(vp->type, &p[4]);
524 store_uint32_be(vp->lvalue, &p[8]);
529 memcpy(p, vp->strvalue, AUTH_STRING_LEN + 1);
530 p += AUTH_STRING_LEN + 1;
531 remain -= AUTH_STRING_LEN + 1;
541 avpImport(VALUE_PAIR **pVp,
542 unsigned char **pBuffer,
545 unsigned char *p = *pBuffer;
546 size_t remain = *pRemain;
549 if (remain < avpSize(NULL)) {
553 vp = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp));
555 throw new std::bad_alloc;
560 memcpy(vp->name, p, NAME_LENGTH + 1);
561 p += NAME_LENGTH + 1;
562 remain -= NAME_LENGTH + 1;
564 vp->attribute = load_uint32_be(&p[0]);
565 vp->type = load_uint32_be(&p[4]);
566 vp->lvalue = load_uint32_be(&p[8]);
571 memcpy(vp->strvalue, p, AUTH_STRING_LEN + 1);
572 p += AUTH_STRING_LEN + 1;
573 remain -= AUTH_STRING_LEN + 1;
583 gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
584 const gss_buffer_t buffer)
586 unsigned char *p = (unsigned char *)buffer->value;
587 size_t remain = buffer->length;
589 VALUE_PAIR **pNext = &m_avps;
591 if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
594 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
600 count = load_uint32_be(p);
607 if (!avpImport(&attr, &p, &remain))
614 } while (remain != 0);
623 gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
630 for (vp = m_avps; vp != NULL; vp = vp->next) {
631 remain += avpSize(vp);
635 buffer->value = GSSEAP_MALLOC(remain);
636 if (buffer->value == NULL) {
637 throw new std::bad_alloc;
640 buffer->length = remain;
642 p = (unsigned char *)buffer->value;
644 store_uint32_be(count, p);
648 for (vp = m_avps; vp != NULL; vp = vp->next) {
649 avpExport(vp, &p, &remain);