2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
35 static gss_buffer_desc radiusUrnPrefix = {
36 sizeof("urn:radius:") - 1,
41 gss_eap_radius_attr_provider::copyAvps(const VALUE_PAIR *src)
44 VALUE_PAIR *dst = NULL, **pDst = &dst;
46 for (vp = src; vp != NULL; vp = vp->next) {
49 vp2 = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp2));
54 memcpy(vp2, vp, sizeof(*vp));
63 gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
67 m_authenticated = false;
70 gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
75 rc_avpair_free(m_avps);
79 gss_eap_radius_attr_provider::initFromGssCred(const gss_cred_id_t cred)
83 return !GSS_ERROR(gssEapRadiusAllocHandle(&minor, cred, &m_rh));
87 gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
88 const gss_eap_attr_provider *ctx)
90 const gss_eap_radius_attr_provider *radius;
92 if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
95 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
98 radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
99 if (radius->m_avps != NULL) {
100 m_avps = copyAvps(radius->getAvps());
107 gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
108 const gss_cred_id_t gssCred,
109 const gss_ctx_id_t gssCtx)
111 if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
114 if (!initFromGssCred(gssCred))
117 if (gssCtx != GSS_C_NO_CONTEXT) {
118 if (gssCtx->acceptorCtx.avps != NULL) {
119 m_avps = copyAvps(gssCtx->acceptorCtx.avps);
129 alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
131 for (std::vector<std::string>::const_iterator a = attrs.begin();
134 if (strcmp(vp->name, (*a).c_str()) == 0)
142 isHiddenAttributeP(int attrid, int vendor)
147 case RADIUS_VENDOR_ID_MICROSOFT:
149 case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
150 case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
156 case RADIUS_VENDOR_ID_GSS_EAP:
167 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
170 std::vector <std::string> seen;
172 for (vp = m_avps; vp != NULL; vp = vp->next) {
173 gss_buffer_desc attribute;
174 #ifndef RADIUS_STRING_ATTRS
177 if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
180 if (alreadyAddedAttributeP(seen, vp))
183 #ifdef RADIUS_STRING_ATTRS
184 attribute.value = (void *)vp->name;
185 attribute.length = strlen(vp->name);
187 snprintf(attrid, sizeof(attrid), "%s%d",
188 (char *)radiusUrnPrefix.value, vp->attribute);
190 attribute.value = attrid;
191 attribute.length = strlen(attrid);
192 #endif /* RADIUS_STRING_ATTRS */
194 if (!addAttribute(this, &attribute, data))
197 seen.push_back(std::string(vp->name));
204 gss_eap_radius_attr_provider::setAttribute(int complete,
205 const gss_buffer_t attr,
206 const gss_buffer_t value)
211 gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
216 gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
220 gss_buffer_t display_value,
224 gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
230 duplicateBuffer(*attr, &strAttr);
231 s = (char *)strAttr.value;
233 if (attr->length >= radiusUrnPrefix.length &&
234 memcmp(s, radiusUrnPrefix.value, radiusUrnPrefix.length) == 0) {
235 s += radiusUrnPrefix.length;
236 attrid = strtoul(s, NULL, 10);
238 d = rc_dict_findattr(m_rh, (char *)s);
240 gss_release_buffer(&tmpMinor, &strAttr);
246 gss_release_buffer(&tmpMinor, &strAttr);
248 return getAttribute(attrid, authenticated, complete,
249 value, display_value, more);
253 isPrintableAttributeP(VALUE_PAIR *vp)
258 for (i = 0; i < sizeof(vp->strvalue); i++) {
259 if (gotChar && vp->strvalue[i] == '\0')
262 if (!isprint(vp->strvalue[i]))
273 gss_eap_radius_attr_provider::getAttribute(int attrid,
278 gss_buffer_t display_value,
283 int i = *more, count = 0;
284 char name[NAME_LENGTH + 1];
285 char displayString[AUTH_STRING_LEN + 1];
286 gss_buffer_desc valueBuf = GSS_C_EMPTY_BUFFER;
287 gss_buffer_desc displayBuf = GSS_C_EMPTY_BUFFER;
291 if (isHiddenAttributeP(attrid, vendor))
297 for (vp = rc_avpair_get(m_avps, attrid, vendor);
299 vp = rc_avpair_get(vp->next, attrid, vendor)) {
301 if (rc_avpair_get(vp->next, attrid, vendor) != NULL)
307 if (vp == NULL && *more == 0)
310 if (vp->type == PW_TYPE_STRING) {
311 valueBuf.value = (void *)vp->strvalue;
312 valueBuf.length = vp->lvalue;
314 valueBuf.value = (void *)&vp->lvalue;
318 if (value != GSS_C_NO_BUFFER)
319 duplicateBuffer(valueBuf, value);
321 if (display_value != GSS_C_NO_BUFFER &&
322 isPrintableAttributeP(vp)) {
323 if (rc_avpair_tostr(m_rh, vp, name, NAME_LENGTH,
324 displayString, AUTH_STRING_LEN) != 0) {
325 gss_release_buffer(&tmpMinor, value);
329 displayBuf.value = (void *)displayString;
330 displayBuf.length = strlen(displayString);
332 duplicateBuffer(displayBuf, display_value);
335 if (authenticated != NULL)
336 *authenticated = m_authenticated;
337 if (complete != NULL)
344 gss_eap_radius_attr_provider::getFragmentedAttribute(int attribute,
348 gss_buffer_t value) const
350 OM_uint32 major, minor;
352 major = getBufferFromAvps(&minor, m_avps, attribute, vendor, value, TRUE);
354 if (authenticated != NULL)
355 *authenticated = m_authenticated;
356 if (complete != NULL)
359 return !GSS_ERROR(major);
363 gss_eap_radius_attr_provider::getAttribute(int attrid,
367 gss_buffer_t display_value,
371 return getAttribute(ATTRID(attrid), VENDOR(attrid),
372 authenticated, complete,
373 value, display_value, more);
377 gss_eap_radius_attr_provider::mapToAny(int authenticated,
378 gss_buffer_t type_id) const
380 if (authenticated && !m_authenticated)
381 return (gss_any_t)NULL;
383 return (gss_any_t)copyAvps(m_avps);
387 gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
388 gss_any_t input) const
390 rc_avpair_free((VALUE_PAIR *)input);
394 gss_eap_radius_attr_provider::init(void)
396 gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
397 "urn:ietf:params:gss-eap:radius-avp",
398 gss_eap_radius_attr_provider::createAttrContext);
403 gss_eap_radius_attr_provider::finalize(void)
405 gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS);
408 gss_eap_attr_provider *
409 gss_eap_radius_attr_provider::createAttrContext(void)
411 return new gss_eap_radius_attr_provider;
415 addAvpFromBuffer(OM_uint32 *minor,
422 if (rc_avpair_add(rh, vp, type,
423 buffer->value, buffer->length, vendor) == NULL) {
424 return GSS_S_FAILURE;
427 return GSS_S_COMPLETE;
431 getBufferFromAvps(OM_uint32 *minor,
442 buffer->value = NULL;
444 vp = rc_avpair_get(vps, type, vendor);
446 return GSS_S_UNAVAILABLE;
449 buffer->length += vp->lvalue;
450 } while (concat && (vp = rc_avpair_get(vp->next, type, vendor)) != NULL);
452 buffer->value = GSSEAP_MALLOC(buffer->length);
453 if (buffer->value == NULL) {
455 return GSS_S_FAILURE;
458 p = (unsigned char *)buffer->value;
460 for (vp = rc_avpair_get(vps, type, vendor);
461 concat && vp != NULL;
462 vp = rc_avpair_get(vp->next, type, vendor)) {
463 memcpy(p, vp->strvalue, vp->lvalue);
468 return GSS_S_COMPLETE;
472 gssEapRadiusAttrProviderInit(OM_uint32 *minor)
474 return gss_eap_radius_attr_provider::init()
475 ? GSS_S_COMPLETE : GSS_S_FAILURE;
479 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
481 gss_eap_radius_attr_provider::finalize();
482 return GSS_S_COMPLETE;
486 gssEapRadiusAllocHandle(OM_uint32 *minor,
487 const gss_cred_id_t cred,
491 const char *config = RC_CONFIG_FILE;
495 if (cred != GSS_C_NO_CREDENTIAL && cred->radiusConfigFile != NULL)
496 config = cred->radiusConfigFile;
498 rh = rc_read_config((char *)config);
502 return GSS_S_FAILURE;
505 if (rc_read_dictionary(rh, rc_conf_str(rh, (char *)"dictionary")) != 0) {
507 return GSS_S_FAILURE;
511 return GSS_S_COMPLETE;
515 * This is a super-inefficient coding but the API is going to change
516 * as are the data structures, so not putting a lot of work in now.
519 avpSize(const VALUE_PAIR *vp)
521 return NAME_LENGTH + 1 + 12 + AUTH_STRING_LEN + 1;
525 avpExport(const VALUE_PAIR *vp,
526 unsigned char **pBuffer,
529 unsigned char *p = *pBuffer;
530 size_t remain = *pRemain;
532 assert(remain >= avpSize(vp));
534 memcpy(p, vp->name, NAME_LENGTH + 1);
535 p += NAME_LENGTH + 1;
536 remain -= NAME_LENGTH + 1;
538 store_uint32_be(vp->attribute, &p[0]);
539 store_uint32_be(vp->type, &p[4]);
540 store_uint32_be(vp->lvalue, &p[8]);
545 memcpy(p, vp->strvalue, AUTH_STRING_LEN + 1);
546 p += AUTH_STRING_LEN + 1;
547 remain -= AUTH_STRING_LEN + 1;
557 avpImport(VALUE_PAIR **pVp,
558 unsigned char **pBuffer,
561 unsigned char *p = *pBuffer;
562 size_t remain = *pRemain;
565 if (remain < avpSize(NULL)) {
569 vp = (VALUE_PAIR *)GSSEAP_CALLOC(1, sizeof(*vp));
571 throw new std::bad_alloc;
576 memcpy(vp->name, p, NAME_LENGTH + 1);
577 p += NAME_LENGTH + 1;
578 remain -= NAME_LENGTH + 1;
580 vp->attribute = load_uint32_be(&p[0]);
581 vp->type = load_uint32_be(&p[4]);
582 vp->lvalue = load_uint32_be(&p[8]);
587 memcpy(vp->strvalue, p, AUTH_STRING_LEN + 1);
588 p += AUTH_STRING_LEN + 1;
589 remain -= AUTH_STRING_LEN + 1;
599 gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
600 const gss_buffer_t buffer)
602 unsigned char *p = (unsigned char *)buffer->value;
603 size_t remain = buffer->length;
605 VALUE_PAIR **pNext = &m_avps;
607 if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
610 if (!initFromGssCred(GSS_C_NO_CREDENTIAL))
616 count = load_uint32_be(p);
623 if (!avpImport(&attr, &p, &remain))
630 } while (remain != 0);
639 gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
646 for (vp = m_avps; vp != NULL; vp = vp->next) {
647 remain += avpSize(vp);
651 buffer->value = GSSEAP_MALLOC(remain);
652 if (buffer->value == NULL) {
653 throw new std::bad_alloc;
656 buffer->length = remain;
658 p = (unsigned char *)buffer->value;
660 store_uint32_be(count, p);
664 for (vp = m_avps; vp != NULL; vp = vp->next) {
665 avpExport(vp, &p, &remain);