2 * Copyright (c) 2010, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 #include "gssapiP_eap.h"
35 /* stuff that should be provided by libradsec/libfreeradius-radius */
36 #define VENDORATTR(vendor, attr) (((vendor) << 16) | (attr))
39 #define ATTRID(attr) ((attr) & 0xFFFF)
42 static gss_buffer_desc radiusUrnPrefix = {
43 sizeof("urn:x-radius:") - 1,
44 (void *)"urn:x-radius:"
47 static struct rs_error *
48 radiusAllocHandle(const char *configFile,
52 struct rs_alloc_scheme ralloc;
56 if (configFile == NULL || configFile[0] == '\0')
57 configFile = RS_CONFIG_FILE;
59 if (rs_context_create(&rh, RS_DICT_FILE) != 0)
62 ralloc.calloc = GSSEAP_CALLOC;
63 ralloc.malloc = GSSEAP_MALLOC;
64 ralloc.free = GSSEAP_FREE;
65 ralloc.realloc = GSSEAP_REALLOC;
67 rs_context_set_alloc_scheme(rh, &ralloc);
69 if (rs_context_read_config(rh, configFile) != 0) {
70 rs_context_destroy(rh);
71 return rs_err_ctx_pop(rh);
78 gss_eap_radius_attr_provider::gss_eap_radius_attr_provider(void)
82 m_authenticated = false;
85 gss_eap_radius_attr_provider::~gss_eap_radius_attr_provider(void)
88 rs_context_destroy(m_rh);
94 gss_eap_radius_attr_provider::allocRadHandle(const std::string &configFile)
96 m_configFile.assign(configFile);
99 * Currently none of the FreeRADIUS functions we use here actually take
100 * a handle, so we may as well leave it as NULL.
103 radiusAllocHandle(m_configFile.c_str(), &m_rh);
105 return (m_rh != NULL);
112 gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
113 const gss_eap_attr_provider *ctx)
115 const gss_eap_radius_attr_provider *radius;
117 if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
120 radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
122 if (!allocRadHandle(radius->m_configFile))
125 if (radius->m_vps != NULL)
126 m_vps = paircopy(const_cast<VALUE_PAIR *>(radius->getAvps()));
132 gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
133 const gss_cred_id_t gssCred,
134 const gss_ctx_id_t gssCtx)
136 std::string configFile(RS_CONFIG_FILE);
138 if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
141 if (gssCred != GSS_C_NO_CREDENTIAL && gssCred->radiusConfigFile != NULL)
142 configFile.assign(gssCred->radiusConfigFile);
144 if (!allocRadHandle(configFile))
147 if (gssCtx != GSS_C_NO_CONTEXT) {
148 if (gssCtx->acceptorCtx.vps != NULL) {
149 m_vps = paircopy(gssCtx->acceptorCtx.vps);
159 alreadyAddedAttributeP(std::vector <std::string> &attrs, VALUE_PAIR *vp)
161 for (std::vector<std::string>::const_iterator a = attrs.begin();
164 if (strcmp(vp->name, (*a).c_str()) == 0)
172 isHiddenAttributeP(uint16_t attrid, uint16_t vendor)
179 case PW_MS_MPPE_SEND_KEY:
180 case PW_MS_MPPE_RECV_KEY:
186 case VENDORPEC_UKERNA:
197 gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
200 std::vector <std::string> seen;
202 for (vp = m_vps; vp != NULL; vp = vp->next) {
203 gss_buffer_desc attribute;
205 if (isHiddenAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
208 if (alreadyAddedAttributeP(seen, vp))
211 snprintf(attrid, sizeof(attrid), "%s%d",
212 (char *)radiusUrnPrefix.value, vp->attribute);
214 attribute.value = attrid;
215 attribute.length = strlen(attrid);
217 if (!addAttribute(this, &attribute, data))
220 seen.push_back(std::string(vp->name));
227 gss_eap_radius_attr_provider::setAttribute(int complete,
228 const gss_buffer_t attr,
229 const gss_buffer_t value)
234 gss_eap_radius_attr_provider::deleteAttribute(const gss_buffer_t value)
239 gss_eap_radius_attr_provider::getAttribute(const gss_buffer_t attr,
243 gss_buffer_t display_value,
247 gss_buffer_desc strAttr = GSS_C_EMPTY_BUFFER;
252 duplicateBuffer(*attr, &strAttr);
253 s = (char *)strAttr.value;
255 if (attr->length < radiusUrnPrefix.length ||
256 memcmp(s, radiusUrnPrefix.value, radiusUrnPrefix.length) != 0)
259 s += radiusUrnPrefix.length;
262 attrid = strtoul(s, NULL, 10);
264 da = dict_attrbyname(s);
266 gss_release_buffer(&tmpMinor, &strAttr);
272 gss_release_buffer(&tmpMinor, &strAttr);
274 return getAttribute(attrid, authenticated, complete,
275 value, display_value, more);
279 gss_eap_radius_attr_provider::getAttribute(uint16_t vattrid,
284 gss_buffer_t display_value,
287 uint32_t attrid = VENDORATTR(vendor, vattrid);
289 int i = *more, count = 0;
293 if (isHiddenAttributeP(attrid, vendor))
299 for (vp = pairfind(m_vps, attrid);
301 vp = pairfind(vp->next, attrid)) {
303 if (pairfind(vp->next, attrid) != NULL)
309 if (vp == NULL && *more == 0)
312 if (value != GSS_C_NO_BUFFER) {
313 gss_buffer_desc valueBuf;
315 valueBuf.value = (void *)vp->vp_octets;
316 valueBuf.length = vp->length;
318 duplicateBuffer(valueBuf, value);
321 if (display_value != GSS_C_NO_BUFFER) {
322 char displayString[MAX_STRING_LEN];
323 gss_buffer_desc displayBuf;
325 displayBuf.length = vp_prints_value(displayString,
326 sizeof(displayString), vp, 0);
327 displayBuf.value = (void *)displayString;
329 duplicateBuffer(displayBuf, display_value);
332 if (authenticated != NULL)
333 *authenticated = m_authenticated;
334 if (complete != NULL)
341 gss_eap_radius_attr_provider::getFragmentedAttribute(uint16_t attribute,
345 gss_buffer_t value) const
347 OM_uint32 major, minor;
349 major = gssEapRadiusGetAvp(&minor, m_vps, attribute, vendor, value, TRUE);
351 if (authenticated != NULL)
352 *authenticated = m_authenticated;
353 if (complete != NULL)
356 return !GSS_ERROR(major);
360 gss_eap_radius_attr_provider::getAttribute(uint32_t attrid,
364 gss_buffer_t display_value,
368 return getAttribute(ATTRID(attrid), VENDOR(attrid),
369 authenticated, complete,
370 value, display_value, more);
374 gss_eap_radius_attr_provider::mapToAny(int authenticated,
375 gss_buffer_t type_id) const
377 if (authenticated && !m_authenticated)
378 return (gss_any_t)NULL;
380 return (gss_any_t)paircopy(m_vps);
384 gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id,
385 gss_any_t input) const
387 pairfree((VALUE_PAIR **)&input);
391 gss_eap_radius_attr_provider::init(void)
393 gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
394 "urn:ietf:params:gss-eap:radius-avp",
395 gss_eap_radius_attr_provider::createAttrContext);
400 gss_eap_radius_attr_provider::finalize(void)
402 gss_eap_attr_ctx::unregisterProvider(ATTR_TYPE_RADIUS);
405 gss_eap_attr_provider *
406 gss_eap_radius_attr_provider::createAttrContext(void)
408 return new gss_eap_radius_attr_provider;
412 gssEapRadiusAddAvp(OM_uint32 *minor,
419 uint32_t attrid = VENDORATTR(vendor, vattrid);
420 unsigned char *p = (unsigned char *)buffer->value;
421 size_t remain = buffer->length;
427 if (n > MAX_STRING_LEN)
430 vp = paircreate(attrid, PW_TYPE_OCTETS);
433 return GSS_S_FAILURE;
436 memcpy(vp->vp_octets, p, n);
443 } while (remain != 0);
445 return GSS_S_COMPLETE;
449 gssEapRadiusGetRawAvp(OM_uint32 *minor,
455 uint32_t attr = VENDORATTR(vendor, type);
457 *vp = pairfind(vps, attr);
459 return (*vp == NULL) ? GSS_S_UNAVAILABLE : GSS_S_COMPLETE;
463 gssEapRadiusGetAvp(OM_uint32 *minor,
472 uint32_t attr = VENDORATTR(vendor, type);
475 buffer->value = NULL;
477 vp = pairfind(vps, attr);
479 return GSS_S_UNAVAILABLE;
482 buffer->length += vp->length;
483 } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
485 buffer->value = GSSEAP_MALLOC(buffer->length);
486 if (buffer->value == NULL) {
488 return GSS_S_FAILURE;
491 p = (unsigned char *)buffer->value;
493 for (vp = pairfind(vps, attr);
494 concat && vp != NULL;
495 vp = pairfind(vp->next, attr)) {
496 memcpy(p, vp->vp_octets, vp->length);
501 return GSS_S_COMPLETE;
505 gssEapRadiusFreeAvps(OM_uint32 *minor,
510 return GSS_S_COMPLETE;
514 gssEapRadiusAttrProviderInit(OM_uint32 *minor)
516 return gss_eap_radius_attr_provider::init()
517 ? GSS_S_COMPLETE : GSS_S_FAILURE;
521 gssEapRadiusAttrProviderFinalize(OM_uint32 *minor)
523 gss_eap_radius_attr_provider::finalize();
524 return GSS_S_COMPLETE;
527 /* partition error namespace so it does not conflict with krb5 */
528 #define ERROR_TABLE_BASE_rse (46882560L)
530 #define RS_TO_COM_ERR(rse) ((rse) == RSE_OK ? 0 : (rse) + ERROR_TABLE_BASE_rse)
531 #define COM_TO_RS_ERR(err) ((err) > ERROR_TABLE_BASE_rse && \
532 (err) <= (ERROR_TABLE_BASE_rse + RSE_SOME_ERROR) ? \
533 (err) - ERROR_TABLE_BASE_rse : RSE_SOME_ERROR)
536 gssEapRadiusMapError(OM_uint32 *minor,
537 struct rs_error *err)
542 code = rs_err_code(err, 0);
544 code = RSE_SOME_ERROR;
546 *minor = RS_TO_COM_ERR(code);
548 gssEapSaveStatusInfo(*minor, "radsec: %s", rs_err_msg(err, 0));
551 return GSS_S_FAILURE;
555 gssEapRadiusAllocConn(OM_uint32 *minor,
556 const gss_cred_id_t cred,
559 struct gss_eap_acceptor_ctx *actx = &ctx->acceptorCtx;
560 const char *configFile = NULL;
561 const char *configStanza = "gss-eap";
562 struct rs_error *err;
564 assert(actx->radHandle == NULL);
565 assert(actx->radConn == NULL);
567 if (cred != GSS_C_NO_CREDENTIAL) {
568 if (cred->radiusConfigFile != NULL)
569 configFile = cred->radiusConfigFile;
570 if (cred->radiusConfigStanza != NULL)
571 configStanza = cred->radiusConfigStanza;
574 err = radiusAllocHandle(configFile, &actx->radHandle);
575 if (err != NULL || actx->radHandle == NULL) {
576 return gssEapRadiusMapError(minor, err);
579 if (rs_conn_create(actx->radHandle, &actx->radConn, configStanza) != 0) {
580 return gssEapRadiusMapError(minor, rs_err_conn_pop(actx->radConn));
583 /* XXX TODO rs_conn_select_server does not exist yet */
585 if (actx->radServer != NULL) {
586 if (rs_conn_select_server(actx->radConn, actx->radServer) != 0)
587 return gssEapRadiusMapError(minor, rs_err_conn_pop(actx->radConn));
592 return GSS_S_COMPLETE;
597 * 4 octet NBO attribute ID | 4 octet attribute length | attribute data
600 avpSize(const VALUE_PAIR *vp)
611 avpExport(rs_handle *rh,
612 const VALUE_PAIR *vp,
613 unsigned char **pBuffer,
616 unsigned char *p = *pBuffer;
617 size_t remain = *pRemain;
619 assert(remain >= avpSize(vp));
621 store_uint32_be(vp->attribute, p);
624 case PW_TYPE_INTEGER:
628 store_uint32_be(vp->lvalue, p + 5);
631 assert(vp->length <= MAX_STRING_LEN);
632 p[4] = (uint8_t)vp->length;
633 memcpy(p + 5, vp->vp_octets, vp->length);
637 *pBuffer += 5 + p[4];
638 *pRemain -= 5 + p[4];
645 avpImport(rs_handle *rh,
647 unsigned char **pBuffer,
650 unsigned char *p = *pBuffer;
651 size_t remain = *pRemain;
652 VALUE_PAIR *vp = NULL;
656 if (remain < avpSize(NULL))
659 attrid = load_uint32_be(p);
663 da = dict_attrbyvalue(attrid);
669 throw new std::bad_alloc;
677 case PW_TYPE_INTEGER:
684 vp->lvalue = load_uint32_be(p + 1);
689 /* check enough room to NUL terminate */
690 if (p[0] == MAX_STRING_LEN)
695 if (p[0] > MAX_STRING_LEN)
698 vp->length = (uint32_t)p[0];
699 memcpy(vp->vp_octets, p + 1, vp->length);
701 if (vp->type == PW_TYPE_STRING)
702 vp->vp_strvalue[vp->length] = '\0';
705 remain -= 1 + vp->length;
721 gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
722 const gss_buffer_t buffer)
724 unsigned char *p = (unsigned char *)buffer->value;
725 size_t remain = buffer->length;
726 OM_uint32 configFileLen, count;
727 VALUE_PAIR **pNext = &m_vps;
729 if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
735 configFileLen = load_uint32_be(p);
739 if (remain < configFileLen)
742 std::string configFile((char *)p, configFileLen);
744 remain -= configFileLen;
746 if (!allocRadHandle(configFile))
752 count = load_uint32_be(p);
759 if (!avpImport(m_rh, &attr, &p, &remain))
766 } while (remain != 0);
775 gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
780 size_t remain = 4 + m_configFile.length() + 4;
782 for (vp = m_vps; vp != NULL; vp = vp->next) {
783 remain += avpSize(vp);
787 buffer->value = GSSEAP_MALLOC(remain);
788 if (buffer->value == NULL) {
789 throw new std::bad_alloc;
792 buffer->length = remain;
794 p = (unsigned char *)buffer->value;
796 store_uint32_be(m_configFile.length(), p);
800 memcpy(p, m_configFile.c_str(), m_configFile.length());
801 p += m_configFile.length();
802 remain -= m_configFile.length();
804 store_uint32_be(count, p);
808 for (vp = m_vps; vp != NULL; vp = vp->next) {
809 avpExport(m_rh, vp, &p, &remain);
816 gss_eap_radius_attr_provider::getExpiryTime(void) const
820 vp = pairfind(m_vps, PW_SESSION_TIMEOUT);
821 if (vp == NULL || vp->lvalue == 0)
824 return time(NULL) + vp->lvalue;
projects / mech_eap.orig / blob