2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
35 #define VENDORATTR(vendor, attr) ((vendor) << 16 | (attr))
38 #define ATTRID(attr) ((attr) & 0xFFFF)
41 static gss_buffer_desc radiusUrnPrefix = {
42 sizeof("urn:x-radius:") - 1,
43 (void *)"urn:x-radius:"
47 gssEapCalloc(size_t nmemb, size_t size)
49 return GSSEAP_CALLOC(nmemb, size);
53 gssEapMalloc(size_t size)
55 return GSSEAP_MALLOC(size);
65 gssEapRealloc(void *ptr, size_t size)
67 return GSSEAP_REALLOC(ptr, size);
70 static struct rs_error *
71 radiusAllocHandle(const char *configFile,
75 struct rs_alloc_scheme ralloc;
79 if (configFile == NULL || configFile[0] == '\0')
80 configFile = RS_CONFIG_FILE;
82 if (rs_context_create(&rh, RS_DICT_FILE) != 0)
85 ralloc.calloc = gssEapCalloc;
86 ralloc.malloc = gssEapMalloc;
87 ralloc.free = gssEapFree;
88 ralloc.realloc = gssEapRealloc;
90 rs_context_set_alloc_scheme(rh, &ralloc);
92 if (rs_context_read_config(rh, configFile) != 0) {
93 rs_context_destroy(rh);
94 return rs_err_ctx_pop(rh);
101 gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
105 m_authenticated = false;
108 gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
111 rs_context_destroy(m_rh);
117 gss_eap_radius_attr_provider::allocRadHandle(const std::string &configFile)
119 m_configFile.assign(configFile);
122 * Currently none of the FreeRADIUS functions we use here actually take
123 * a handle, so we may as well leave it as NULL.
126 radiusAllocHandle(m_configFile.c_str(), &m_rh);
128 return (m_rh != NULL);
135 gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
136 const gss_eap_attr_provider *ctx)
138 const gss_eap_radius_attr_provider *radius;
140 if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
143 radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
145 if (!allocRadHandle(radius->m_configFile))
148 if (radius->m_avps != NULL)
149 m_avps = paircopy(const_cast<VALUE_PAIR *>(radius->getAvps()));
155 gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
156 const gss_cred_id_t gssCred,
157 const gss_ctx_id_t gssCtx)
159 std::string configFile(RS_CONFIG_FILE);
161 if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
164 if (gssCred != GSS_C_NO_CREDENTIAL && gssCred->radiusConfigFile != NULL)
165 configFile.assign(gssCred->radiusConfigFile);
167 if (!allocRadHandle(configFile))
170 if (gssCtx != GSS_C_NO_CONTEXT) {
171 if (gssCtx->acceptorCtx.avps != NULL) {
172 m_avps = paircopy(gssCtx->acceptorCtx.avps);
182 alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
184 for (std::vector<std::string>::const_iterator a = attrs.begin();
187 if (strcmp(vp->name, (*a).c_str()) == 0)
195 isHiddenAttributeP(int attrid, uint16_t vendor)
202 case PW_MS_MPPE_SEND_KEY:
203 case PW_MS_MPPE_RECV_KEY:
209 case VENDORPEC_UKERNA:
220 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
223 std::vector <std::string> seen;
225 for (vp = m_avps; vp != NULL; vp = vp->next) {
226 gss_buffer_desc attribute;
228 if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
231 if (alreadyAddedAttributeP(seen, vp))
234 snprintf(attrid, sizeof(attrid), "%s%d",
235 (char *)radiusUrnPrefix.value, vp->attribute);
237 attribute.value = attrid;
238 attribute.length = strlen(attrid);
240 if (!addAttribute(this, &attribute, data))
243 seen.push_back(std::string(vp->name));
250 gss_eap_radius_attr_provider::setAttribute(int complete,
251 const gss_buffer_t attr,
252 const gss_buffer_t value)
257 gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
262 gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
266 gss_buffer_t display_value,
270 gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
275 duplicateBuffer(*attr, &strAttr);
276 s = (char *)strAttr.value;
278 if (attr->length < radiusUrnPrefix.length ||
279 memcmp(s, radiusUrnPrefix.value, radiusUrnPrefix.length) != 0)
282 s += radiusUrnPrefix.length;
285 attrid = strtoul(s, NULL, 10);
287 da = dict_attrbyname(s);
289 gss_release_buffer(&tmpMinor, &strAttr);
295 gss_release_buffer(&tmpMinor, &strAttr);
297 return getAttribute(attrid, authenticated, complete,
298 value, display_value, more);
302 gss_eap_radius_attr_provider::getAttribute(uint16_t vattrid,
307 gss_buffer_t display_value,
310 uint32_t attrid = VENDORATTR(vendor, vattrid);
312 int i = *more, count = 0;
316 if (isHiddenAttributeP(attrid, vendor))
322 for (vp = pairfind(m_avps, attrid);
324 vp = pairfind(vp->next, attrid)) {
326 if (pairfind(vp->next, attrid) != NULL)
332 if (vp == NULL && *more == 0)
335 if (value != GSS_C_NO_BUFFER) {
336 gss_buffer_desc valueBuf;
338 valueBuf.value = (void *)vp->vp_octets;
339 valueBuf.length = vp->length;
341 duplicateBuffer(valueBuf, value);
344 if (display_value != GSS_C_NO_BUFFER) {
345 char displayString[MAX_STRING_LEN];
346 gss_buffer_desc displayBuf;
348 displayBuf.length = vp_prints_value(displayString,
349 sizeof(displayString), vp, 0);
350 displayBuf.value = (void *)displayString;
352 duplicateBuffer(displayBuf, display_value);
355 if (authenticated != NULL)
356 *authenticated = m_authenticated;
357 if (complete != NULL)
364 gss_eap_radius_attr_provider::getFragmentedAttribute(uint16_t attribute,
368 gss_buffer_t value) const
370 OM_uint32 major, minor;
372 major = gssEapRadiusGetAvp(&minor, m_avps, attribute, vendor, value, TRUE);
374 if (authenticated != NULL)
375 *authenticated = m_authenticated;
376 if (complete != NULL)
379 return !GSS_ERROR(major);
383 gss_eap_radius_attr_provider::getAttribute(uint32_t attrid,
387 gss_buffer_t display_value,
391 return getAttribute(ATTRID(attrid), VENDOR(attrid),
392 authenticated, complete,
393 value, display_value, more);
397 gss_eap_radius_attr_provider::mapToAny(int authenticated,
398 gss_buffer_t type_id) const
400 if (authenticated && !m_authenticated)
401 return (gss_any_t)NULL;
403 return (gss_any_t)paircopy(m_avps);
407 gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
408 gss_any_t input) const
410 pairfree((VALUE_PAIR **)&input);
414 gss_eap_radius_attr_provider::init(void)
416 gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
417 "urn:ietf:params:gss-eap:radius-avp",
418 gss_eap_radius_attr_provider::createAttrContext);
423 gss_eap_radius_attr_provider::finalize(void)
425 gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS);
428 gss_eap_attr_provider *
429 gss_eap_radius_attr_provider::createAttrContext(void)
431 return new gss_eap_radius_attr_provider;
435 gssEapRadiusAddAvp(OM_uint32 *minor,
442 uint16_t attrid = VENDORATTR(vendor, vattrid);
443 unsigned char *p = (unsigned char *)buffer->value;
444 size_t remain = buffer->length;
450 if (n > MAX_STRING_LEN)
453 vp = paircreate(attrid, PW_TYPE_OCTETS);
456 return GSS_S_FAILURE;
459 memcpy(vp->vp_octets, p, n);
464 } while (remain != 0);
466 return GSS_S_COMPLETE;
470 gssEapRadiusGetRawAvp(OM_uint32 *minor,
476 uint16_t attr = VENDORATTR(vendor, type);
478 *vp = pairfind(vps, attr);
480 return (*vp == NULL) ? GSS_S_UNAVAILABLE : GSS_S_COMPLETE;
484 gssEapRadiusGetAvp(OM_uint32 *minor,
493 uint32_t attr = VENDORATTR(vendor, type);
496 buffer->value = NULL;
498 vp = pairfind(vps, attr);
500 return GSS_S_UNAVAILABLE;
503 buffer->length += vp->length;
504 } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
506 buffer->value = GSSEAP_MALLOC(buffer->length);
507 if (buffer->value == NULL) {
509 return GSS_S_FAILURE;
512 p = (unsigned char *)buffer->value;
514 for (vp = pairfind(vps, attr);
515 concat && vp != NULL;
516 vp = pairfind(vp->next, attr)) {
517 memcpy(p, vp->vp_octets, vp->length);
522 return GSS_S_COMPLETE;
526 gssEapRadiusAttrProviderInit(OM_uint32 *minor)
528 return gss_eap_radius_attr_provider::init()
529 ? GSS_S_COMPLETE : GSS_S_FAILURE;
533 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
535 gss_eap_radius_attr_provider::finalize();
536 return GSS_S_COMPLETE;
540 gssEapRadiusMapError(OM_uint32 *minor,
541 struct rs_error *err)
546 return GSS_S_FAILURE;
550 gssEapRadiusAllocConn(OM_uint32 *minor,
551 const gss_cred_id_t cred,
554 struct gss_eap_acceptor_ctx *actx = &ctx->acceptorCtx;
555 const char *configFile = NULL;
556 struct rs_error *err;
558 assert(actx->radHandle == NULL);
559 assert(actx->radConn == NULL);
561 if (cred != GSS_C_NO_CREDENTIAL && cred->radiusConfigFile != NULL)
562 configFile = cred->radiusConfigFile;
564 err = radiusAllocHandle(configFile, &actx->radHandle);
565 if (err != NULL || actx->radHandle == NULL) {
566 return gssEapRadiusMapError(minor, err);
569 if (rs_conn_create(actx->radHandle, &actx->radConn, "gss-eap") != 0) {
570 return gssEapRadiusMapError(minor, rs_err_conn_pop(actx->radConn));
573 /* XXX TODO rs_conn_select_server does not exist yet */
575 if (actx->radServer != NULL) {
576 if (rs_conn_select_server(actx->radConn, actx->radServer) != 0)
577 return gssEapRadiusMapError(minor, rs_err_conn_pop(actx->radConn));
582 return GSS_S_COMPLETE;
587 * 4 octet NBO attribute ID | 4 octet attribute length | attribute data
590 avpSize(const VALUE_PAIR *vp)
601 avpExport(rs_handle *rh,
602 const VALUE_PAIR *vp,
603 unsigned char **pBuffer,
606 unsigned char *p = *pBuffer;
607 size_t remain = *pRemain;
609 assert(remain >= avpSize(vp));
611 store_uint32_be(vp->attribute, p);
614 case PW_TYPE_INTEGER:
618 store_uint32_be(vp->lvalue, p + 5);
621 assert(vp->length <= MAX_STRING_LEN);
622 p[4] = (uint8_t)vp->length;
623 memcpy(p + 5, vp->vp_octets, vp->length);
627 *pBuffer += 5 + p[4];
628 *pRemain -= 5 + p[4];
635 avpImport(rs_handle *rh,
637 unsigned char **pBuffer,
640 unsigned char *p = *pBuffer;
641 size_t remain = *pRemain;
642 VALUE_PAIR *vp = NULL;
646 if (remain < avpSize(NULL))
649 attrid = load_uint32_be(p);
653 da = dict_attrbyvalue(attrid);
659 throw new std::bad_alloc;
667 case PW_TYPE_INTEGER:
674 vp->lvalue = load_uint32_be(p + 1);
679 /* check enough room to NUL terminate */
680 if (p[0] >= MAX_STRING_LEN)
684 vp->length = (uint32_t)p[0];
685 memcpy(vp->vp_octets, p + 1, vp->length);
687 if (vp->type == PW_TYPE_STRING)
688 vp->vp_strvalue[vp->length] = '\0';
691 remain -= 1 + vp->length;
707 gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
708 const gss_buffer_t buffer)
710 unsigned char *p = (unsigned char *)buffer->value;
711 size_t remain = buffer->length;
712 OM_uint32 configFileLen, count;
713 VALUE_PAIR **pNext = &m_avps;
715 if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
721 configFileLen = load_uint32_be(p);
725 if (remain < configFileLen)
728 std::string configFile((char *)p, configFileLen);
730 remain -= configFileLen;
732 if (!allocRadHandle(configFile))
738 count = load_uint32_be(p);
745 if (!avpImport(m_rh, &attr, &p, &remain))
752 } while (remain != 0);
761 gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
766 size_t remain = 4 + m_configFile.length() + 4;
768 for (vp = m_avps; vp != NULL; vp = vp->next) {
769 remain += avpSize(vp);
773 buffer->value = GSSEAP_MALLOC(remain);
774 if (buffer->value == NULL) {
775 throw new std::bad_alloc;
778 buffer->length = remain;
780 p = (unsigned char *)buffer->value;
782 store_uint32_be(m_configFile.length(), p);
786 memcpy(p, m_configFile.c_str(), m_configFile.length());
787 p += m_configFile.length();
788 remain -= m_configFile.length();
790 store_uint32_be(count, p);
794 for (vp = m_avps; vp != NULL; vp = vp->next) {
795 avpExport(m_rh, vp, &p, &remain);
802 gss_eap_radius_attr_provider::getExpiryTime(void) const
806 vp = pairfind(m_avps, PW_SESSION_TIMEOUT);
807 if (vp == NULL || vp->lvalue == 0)
810 return time(NULL) + vp->lvalue;
projects / mech_eap.orig / blob