-- hook up SAML library
-- hook up libradsec, AVP parsing logic
+- hook up libradius, AVP parsing logic
- better handling of mechanism-specific error namespace
- better interfaces for initiator EAP configuration/credential management
const gss_buffer_t attribute,
void *data);
-#define ATTR_TYPE_RADIUS 0U
-#define ATTR_TYPE_SAML_ASSERTION 1U
-#define ATTR_TYPE_SAML 2U
-#define ATTR_TYPE_LOCAL 3U
+#define ATTR_TYPE_RADIUS 0U /* RADIUS AVPs */
+#define ATTR_TYPE_SAML_ASSERTION 1U /* SAML assertion */
+#define ATTR_TYPE_SAML 2U /* SAML attributes */
+#define ATTR_TYPE_LOCAL 3U /* Local attributes */
#define ATTR_TYPE_MIN ATTR_TYPE_RADIUS
#define ATTR_TYPE_MAX ATTR_TYPE_LOCAL
return false;
}
+static bool
+isSecretAttributeP(int attrid, int vendor)
+{
+ bool ret = false;
+
+ switch (vendor) {
+ case RADIUS_VENDOR_ID_MICROSOFT:
+ switch (attrid) {
+ case RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY:
+ case RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY:
+ ret = true;
+ break;
+ default:
+ break;
+ }
+ default:
+ break;
+ }
+
+ return ret;
+}
+
bool
gss_eap_radius_attr_provider::getAttributeTypes(gss_eap_attr_enumeration_cb addAttribute, void *data) const
{
for (vp = m_avps; vp != NULL; vp = vp->next) {
gss_buffer_desc attribute;
+ if (isSecretAttributeP(ATTRID(vp->attribute), VENDOR(vp->attribute)))
+ continue;
+
if (alreadyAddedAttributeP(seen, vp))
continue;
*more = 0;
+ if (isSecretAttributeP(attrid, vendor))
+ return false;
+
vp = rc_avpair_get(m_avps, attrid, vendor);
if (vp == NULL)
return false;
gss_buffer_t display_value,
int *more) const
{
- return getAttribute(attrid, 0, authenticated, complete,
+
+ return getAttribute(ATTRID(attrid), VENDOR(attrid),
+ authenticated, complete,
value, display_value, more);
}