/*
* OK, obviously there is no real security here, this is simply
* for testing the token exchange; this code will be completely
- * replaced with libradsec once that library is available.
+ * replaced with libradius once that library is available.
*/
user->methods[0].vendor = EAP_VENDOR_IETF;
user->methods[0].method = EAP_TYPE_MSCHAPV2;
user->password = (unsigned char *)strdup(" ");
user->password_len = 1;
+ gssCtx->initiatorName->attrCtx = gssEapCreateAttrContext(NULL, gssCtx);
+ if (gssCtx->initiatorName->attrCtx != NULL)
+ gssCtx->initiatorName->flags |= NAME_FLAG_COMPOSITE;
+
return 0;
}
token->value = NULL;
/*
- * The format of this token awaits definition by libradsec.
+ * The format of this token awaits definition by libradius.
*/
return GSS_S_COMPLETE;
}
OM_uint32 major, tmpMinor;
gss_ctx_id_t ctx = *context_handle;
+ interprocess_token->length = 0;
+ interprocess_token->value = NULL;
+
if (ctx == GSS_C_NO_CONTEXT)
return GSS_S_NO_CONTEXT;
return major;
}
+#ifdef GSSEAP_DEBUG
assert(remain == 0);
+#endif
*minor = 0;
major = GSS_S_COMPLETE;
#include "gssapiP_eap.h"
+#include <typeinfo>
#include <string>
#include <exception>
#include <new>
static OM_uint32
mapException(OM_uint32 *minor, std::exception &e)
{
- *minor = 0;
- return GSS_S_FAILURE;
+ OM_uint32 major = GSS_S_FAILURE;
+
+ /* XXX TODO implement other mappings */
+ if (typeid(e) == typeid(std::bad_alloc))
+ *minor = ENOMEM;
+ else
+ *minor = 0;
+
+#ifdef GSSEAP_DEBUG
+ /* rethrow for now for debugging */
+ throw e;
+#endif
+
+ return major;
}
void
try {
name->attrCtx->exportToBuffer(buffer);
- if (buffer->length == 0)
- return GSS_S_FAILURE;
} catch (std::exception &e) {
return mapException(minor, e);
}
gss_buffer_t type_id,
gss_any_t *output)
{
+ if (name->attrCtx == NULL)
+ return GSS_S_UNAVAILABLE;
+
try {
*output = name->attrCtx->mapToAny(authenticated, type_id);
} catch (std::exception &e) {
const gss_buffer_t nameBuffer,
gss_name_t *pName)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major;
krb5_context krbContext;
krb5_principal krbPrinc;
char *service, *host;
const gss_buffer_t nameBuffer,
gss_name_t *pName)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major;
krb5_context krbContext;
krb5_principal krbPrinc;
char *nameString;
OM_uint32 major = GSS_S_FAILURE, tmpMinor;
krb5_context krbContext;
char *krbName = NULL;
- size_t krbNameLen;
+ size_t krbNameLen, exportedNameLen;
unsigned char *p;
gss_buffer_desc attrs = GSS_C_EMPTY_BUFFER;
}
krbNameLen = strlen(krbName);
- exportedName->length = 0;
+ exportedNameLen = 0;
if (flags & EXPORT_NAME_FLAG_OID) {
- exportedName->length += 6 + GSS_EAP_MECHANISM->length;
+ exportedNameLen += 6 + GSS_EAP_MECHANISM->length;
}
- exportedName->length += 4 + krbNameLen;
+ exportedNameLen += 4 + krbNameLen;
if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
major = gssEapExportAttrContext(minor, name, &attrs);
if (GSS_ERROR(major))
goto cleanup;
- exportedName->length += 4 + attrs.length;
+ exportedNameLen += 4 + attrs.length;
}
- exportedName->value = GSSEAP_MALLOC(exportedName->length);
+ exportedName->value = GSSEAP_MALLOC(exportedNameLen);
if (exportedName->value == NULL) {
major = GSS_S_FAILURE;
*minor = ENOMEM;
goto cleanup;
}
+ exportedName->length = exportedNameLen;
+
p = (unsigned char *)exportedName->value;
if (flags & EXPORT_NAME_FLAG_OID) {
#include "gssapiP_eap.h"
+gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
+{
+ m_authenticated = false;
+}
+
+gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
+{
+}
+
bool
gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
return true;
}
-gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
-{
-}
-
bool
gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
{
void
gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
{
+ buffer->length = 0;
+ buffer->value = NULL;
}
bool
if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
return false;
- return false;
+ return true;
}
bool
struct gss_eap_radius_attr_provider : gss_eap_attr_provider {
public:
- gss_eap_radius_attr_provider(void) {}
+ gss_eap_radius_attr_provider(void);
~gss_eap_radius_attr_provider(void);
bool initFromExistingContext(const gss_eap_attr_ctx *source,
* gss_eap_saml_assertion_provider is for retrieving the underlying
* assertion.
*/
+gss_eap_saml_assertion_provider::gss_eap_saml_assertion_provider(void)
+{
+ m_assertion = NULL;
+ m_authenticated = false;
+}
+
+gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
+{
+ delete m_assertion;
+}
+
bool
gss_eap_saml_assertion_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
return true;
}
-gss_eap_saml_assertion_provider::~gss_eap_saml_assertion_provider(void)
-{
- delete m_assertion;
-}
-
void
gss_eap_saml_assertion_provider::setAssertion(const saml2::Assertion *assertion,
bool authenticated)
return (saml->getAssertion() != NULL);
}
-gss_eap_saml_attr_provider::~gss_eap_saml_attr_provider(void)
-{
- /* Nothing to do, we're just a wrapper around the assertion provider. */
-}
-
bool
gss_eap_saml_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute,
void *data) const
struct gss_eap_saml_assertion_provider : gss_eap_attr_provider {
public:
- gss_eap_saml_assertion_provider(void) {}
+ gss_eap_saml_assertion_provider(void);
~gss_eap_saml_assertion_provider(void);
bool initFromExistingContext(const gss_eap_attr_ctx *source,
struct gss_eap_saml_attr_provider : gss_eap_attr_provider {
public:
gss_eap_saml_attr_provider(void) {}
- ~gss_eap_saml_attr_provider(void);
+ ~gss_eap_saml_attr_provider(void) {}
bool getAttributeTypes(gss_eap_attr_enumeration_cb, void *data) const;
void setAttribute(int complete,
using namespace xercesc;
using namespace std;
+gss_eap_shib_attr_provider::gss_eap_shib_attr_provider(void)
+{
+ m_authenticated = false;
+}
+
+gss_eap_shib_attr_provider::~gss_eap_shib_attr_provider(void)
+{
+ for_each(m_attributes.begin(),
+ m_attributes.end(),
+ xmltooling::cleanup<Attribute>())
+ ;
+}
+
bool
gss_eap_shib_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
return true;
}
-gss_eap_shib_attr_provider::~gss_eap_shib_attr_provider(void)
-{
- for_each(m_attributes.begin(),
- m_attributes.end(),
- xmltooling::cleanup<Attribute>())
- ;
-}
-
int
gss_eap_shib_attr_provider::getAttributeIndex(const gss_buffer_t attr) const
{
struct gss_eap_shib_attr_provider : gss_eap_attr_provider {
public:
- gss_eap_shib_attr_provider(void) {}
+ gss_eap_shib_attr_provider(void);
~gss_eap_shib_attr_provider(void);
bool initFromExistingContext(const gss_eap_attr_ctx *source,