use "26" as prefix for vendor attributes

diff --git a/mech_eap/README.samba4 b/mech_eap/README.samba4
index a044cba..e1e19fe 100644 (file)
--- a/mech_eap/README.samba4
+++ b/mech_eap/README.samba4
@@ -16,7 +16,7 @@ Shibboleth
 * Add a mapping from the PAC RADIUS attribute to urn:mspac: in the file
   /usr/local/etc/shibboleth/attribute-map.xml:
 
-  <GSSAPIAttribute name="urn:ietf:params:gssapi:aaa-radius 25622.133"
+  <GSSAPIAttribute name="urn:ietf:params:gssapi:aaa-radius 26.25622.133"
    id="urn:mspac:" binary="true"/>
 
 FreeRADIUS

diff --git a/mech_eap/TODO b/mech_eap/TODO
index 0111459..78d92c8 100644 (file)
--- a/mech_eap/TODO
+++ b/mech_eap/TODO
@@ -1,3 +1,4 @@
+- draft-ietf-radext-radius-extensions
 - integration with initiator-side EAP channel bindings
 - investigate initiator-side credential locking
 - always intern OIDs so they never need to be freed

diff --git a/mech_eap/util_radius.cpp b/mech_eap/util_radius.cpp
index 29f83c4..81f5e7f 100644 (file)
--- a/mech_eap/util_radius.cpp
+++ b/mech_eap/util_radius.cpp
@@ -252,8 +252,9 @@ gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addA
         if (alreadyAddedAttributeP(seen, attrid))
             continue;
 
+        /* TODO support draft-ietf-radext-radius-extensions */
         if (attrid.first != 0) {
-            snprintf(buf, sizeof(buf), "%u.%u", attrid.first, attrid.second);
+            snprintf(buf, sizeof(buf), "26.%u.%u", attrid.first, attrid.second);
         } else {
             snprintf(buf, sizeof(buf), "%u", attrid.second);
         }
@@ -277,28 +278,38 @@ getAttributeId(const gss_buffer_t desc,
     OM_uint32 tmpMinor;
     gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
     char *s;
-    bool ret;
+    bool ret = false;
 
     /* need to duplicate because attr may not be NUL terminated */
     duplicateBuffer(*desc, &strAttr);
     s = (char *)strAttr.value;
 
+    /* TODO support draft-ietf-radext-radius-extensions */
     if (isdigit(*s)) {
-        char *s2;
-        unsigned int tmp = strtoul(s, &s2, 10);
-
-        if (*s2 == '.') {
-            /* Vendor attributes formatted as Vendor.Attribute */
-            attrid->first = tmp;
-            attrid->second = strtoul(s2 + 1, NULL, 10);
-            ret = true;
-        } else if (*s2 == '\0') {
+        unsigned int tmp = strtoul(s, &s, 10);
+
+        if (*s == '.') {
+            s++;
+
+            switch (tmp) {
+            case PW_VENDOR_SPECIFIC:
+                /* attribute name formatted as 26.Vendor.Attribute */
+                attrid->first = strtoul(s, &s, 10);
+                if (*s == '.') {
+                    s++;
+                    attrid->second = strtoul(s, &s, 10);
+                    ret = (*s == '\0');
+                }
+                break;
+            default:
+                break;
+            }
+        } else if (*s == '\0') {
             /* Non-vendor attrbiute */
             attrid->first = 0;
             attrid->second = tmp;
             ret = true;
-        } else
-            ret = false;
+        }
     } else {
         /* No digits */
         ret = (rs_attr_find(s, &attrid->second, &attrid->first) == RSE_OK);