From: Luke Howard <lukeh@padl.com>
Date: Tue, 21 Sep 2010 10:49:23 +0000 (+0200)
Subject: Merge branch 'oldradius'
X-Git-Tag: vm/20110310~253
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.git;a=commitdiff_plain;h=b47c10882ea3409098780eb9608d3008c91f076d;hp=849faf84b633a519a29c54f182a4ac643425b760

Merge branch 'oldradius'

Conflicts:
	mech_eap/accept_sec_context.c
	mech_eap/init_sec_context.c
---

diff --git a/TODO b/TODO
index c3a0e92..41465a9 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
-- hook up SAML library
-- hook up libradsec, AVP parsing logic
+- hook up libradius, AVP parsing logic
 - better handling of mechanism-specific error namespace
 - better interfaces for initiator EAP configuration/credential management
diff --git a/util_attr.h b/util_attr.h
index e2820c0..8c4360e 100644
--- a/util_attr.h
+++ b/util_attr.h
@@ -44,10 +44,10 @@ typedef bool
                                const gss_buffer_t attribute,
                                void *data);
 
-#define ATTR_TYPE_RADIUS            0U
-#define ATTR_TYPE_SAML_ASSERTION    1U
-#define ATTR_TYPE_SAML              2U
-#define ATTR_TYPE_LOCAL             3U
+#define ATTR_TYPE_RADIUS            0U                  /* RADIUS AVPs */
+#define ATTR_TYPE_SAML_ASSERTION    1U                  /* SAML assertion */
+#define ATTR_TYPE_SAML              2U                  /* SAML attributes */
+#define ATTR_TYPE_LOCAL             3U                  /* Local attributes */
 #define ATTR_TYPE_MIN               ATTR_TYPE_RADIUS
 #define ATTR_TYPE_MAX               ATTR_TYPE_LOCAL
 
diff --git a/util_radius.cpp b/util_radius.cpp
index 7c6552a..2c55bff 100644
--- a/util_radius.cpp
+++ b/util_radius.cpp
@@ -133,6 +133,28 @@ alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
     return false;
 }
 
+static bool
+isSecretAttributeP(int attrid, int vendor)
+{
+    bool ret = false;
+
+    switch (vendor) {
+    case RADIUS_VENDOR_ID_MICROSOFT:
+        switch (attrid) {
+        case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
+        case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
+            ret = true;
+            break;
+        default:
+            break;
+        }
+    default:
+        break;
+    }
+
+    return ret;
+}
+
 bool
 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
 {
@@ -142,6 +164,9 @@ gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addA
     for (vp = m_avps; vp != NULL; vp = vp->next) {
         gss_buffer_desc attribute;
 
+        if (isSecretAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
+            continue;
+
         if (alreadyAddedAttributeP(seen, vp))
             continue;
 
@@ -238,6 +263,9 @@ gss_eap_radius_attr_provider::getAttribute(int attrid,
 
     *more = 0;
 
+    if (isSecretAttributeP(attrid, vendor))
+        return false;
+
     vp = rc_avpair_get(m_avps, attrid, vendor);
     if (vp == NULL)
         return false;
@@ -299,7 +327,9 @@ gss_eap_radius_attr_provider::getAttribute(int attrid,
                                            gss_buffer_t display_value,
                                            int *more) const
 {
-    return getAttribute(attrid, 0, authenticated, complete,
+
+    return getAttribute(ATTRID(attrid), VENDOR(attrid),
+                        authenticated, complete,
                         value, display_value, more);
 }