bool
gss_eap_radius_attr_provider::init(void)
{
+ struct rs_context *radContext;
+
gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
"urn:ietf:params:gss-eap:radius-avp",
createAttrContext);
+
+#if 1
+ /*
+ * This hack is necessary in order to force the loading of the global
+ * dictionary, otherwise accepting reauthentication tokens fails unless
+ * the acceptor has already accepted a normal authentication token.
+ */
+ if (rs_context_create(&radContext, RS_DICT_FILE) != 0) {
+ return false;
+ }
+
+ rs_context_destroy(radContext);
+#endif
+
return true;
}
VALUE_PAIR *vp;
size_t n = remain;
- if (n > MAX_STRING_LEN)
- n = MAX_STRING_LEN;
+ /*
+ * There's an extra byte of padding; RADIUS AVPs can only
+ * be 253 octets.
+ */
+ if (n >= MAX_STRING_LEN)
+ n = MAX_STRING_LEN - 1;
vp = paircreate(attrid, PW_TYPE_OCTETS);
if (vp == NULL) {
remain -= 4;
da = dict_attrbyvalue(attrid);
- if (da == NULL)
- goto fail;
-
- vp = pairalloc(da);
+ if (da != NULL) {
+ vp = pairalloc(da);
+ } else {
+ vp = paircreate(attrid, PW_TYPE_STRING);
+ }
if (vp == NULL) {
throw new std::bad_alloc;
goto fail;
remain -= 5;
break;
case PW_TYPE_STRING:
- /* check enough room to NUL terminate */
- if (p[0] == MAX_STRING_LEN)
- goto fail;
- else
- /* fallthrough */
default:
- if (p[0] > MAX_STRING_LEN)
+ if (p[0] >= MAX_STRING_LEN)
goto fail;
vp->length = (uint32_t)p[0];
return true;
fail:
- pairbasicfree(vp);
+ if (vp != NULL)
+ pairbasicfree(vp);
+ *pVp = NULL;
return false;
}
projects / mech_eap.git / commitdiff