}
bool
-gss_eap_radius_attr_provider::initFromExistingContext(const gss_eap_attr_ctx *manager,
+gss_eap_radius_attr_provider::initWithExistingContext(const gss_eap_attr_ctx *manager,
const gss_eap_attr_provider *ctx)
{
const gss_eap_radius_attr_provider *radius;
- if (!gss_eap_attr_provider::initFromExistingContext(manager, ctx))
+ if (!gss_eap_attr_provider::initWithExistingContext(manager, ctx))
return false;
radius = static_cast<const gss_eap_radius_attr_provider *>(ctx);
}
bool
-gss_eap_radius_attr_provider::initFromGssContext(const gss_eap_attr_ctx *manager,
+gss_eap_radius_attr_provider::initWithGssContext(const gss_eap_attr_ctx *manager,
const gss_cred_id_t gssCred,
const gss_ctx_id_t gssCtx)
{
- if (!gss_eap_attr_provider::initFromGssContext(manager, gssCred, gssCtx))
+ if (!gss_eap_attr_provider::initWithGssContext(manager, gssCred, gssCtx))
return false;
if (gssCtx != GSS_C_NO_CONTEXT) {
vpcopy = paircopyvp(vp);
if (vpcopy == NULL) {
pairfree(&dst);
- throw new std::bad_alloc;
- return NULL;
+ throw std::bad_alloc();
}
*pDst = vpcopy;
pDst = &vpcopy->next;
attribute.value = attrid;
attribute.length = strlen(attrid);
- if (!addAttribute(this, &attribute, data))
+ if (!addAttribute(m_manager, this, &attribute, data))
return false;
seen.push_back(std::string(vp->name));
gss_eap_radius_attr_provider::releaseAnyNameMapping(gss_buffer_t type_id GSSEAP_UNUSED,
gss_any_t input) const
{
- pairfree((VALUE_PAIR **)&input);
+ VALUE_PAIR *vp = (VALUE_PAIR *)input;
+ pairfree(&vp);
}
bool
{
struct rs_context *radContext;
- gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS,
- "urn:ietf:params:gss-eap:radius-avp",
- createAttrContext);
+ gss_eap_attr_ctx::registerProvider(ATTR_TYPE_RADIUS, createAttrContext);
#if 1
/*
* dictionary, otherwise accepting reauthentication tokens fails unless
* the acceptor has already accepted a normal authentication token.
*/
- if (rs_context_create(&radContext, RS_DICT_FILE) != 0) {
+ if (rs_context_create(&radContext) != 0)
+ return false;
+
+ if (rs_context_read_config(radContext, RS_CONFIG_FILE) != 0) {
+ rs_context_destroy(radContext);
+ return false;
+ }
+
+ if (rs_context_init_freeradius_dict(radContext, NULL)) {
+ rs_context_destroy(radContext);
return false;
}
VALUE_PAIR *vp;
size_t n = remain;
- /*
+ /*
* There's an extra byte of padding; RADIUS AVPs can only
* be 253 octets.
*/
return GSS_S_COMPLETE;
}
-/*
- * Encoding is:
- * 4 octet NBO attribute ID | 4 octet attribute length | attribute data
- */
-static size_t
-avpSize(const VALUE_PAIR *vp)
+static JSONObject
+avpToJson(const VALUE_PAIR *vp)
{
- size_t size = 4 + 1;
+ JSONObject obj;
- if (vp != NULL)
- size += vp->length;
-
- return size;
-}
-
-static bool
-avpExport(const VALUE_PAIR *vp,
- unsigned char **pBuffer,
- size_t *pRemain)
-{
- unsigned char *p = *pBuffer;
- size_t remain = *pRemain;
-
- assert(remain >= avpSize(vp));
-
- store_uint32_be(vp->attribute, p);
+ assert(vp->length <= MAX_STRING_LEN);
switch (vp->type) {
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
case PW_TYPE_DATE:
- p[4] = 4;
- store_uint32_be(vp->lvalue, p + 5);
+ obj.set("value", vp->lvalue);
break;
- default:
- assert(vp->length <= MAX_STRING_LEN);
- p[4] = (uint8_t)vp->length;
- memcpy(p + 5, vp->vp_octets, vp->length);
+ case PW_TYPE_STRING:
+ obj.set("value", vp->vp_strvalue);
break;
- }
+ default: {
+ char *b64;
- *pBuffer += 5 + p[4];
- *pRemain -= 5 + p[4];
+ if (base64Encode(vp->vp_octets, vp->length, &b64) < 0)
+ throw std::bad_alloc();
- return true;
+ obj.set("value", b64);
+ GSSEAP_FREE(b64);
+ break;
+ }
+ }
+
+ obj.set("type", vp->attribute);
+ return obj;
}
static bool
-avpImport(VALUE_PAIR **pVp,
- unsigned char **pBuffer,
- size_t *pRemain)
+jsonToAvp(VALUE_PAIR **pVp, JSONObject &obj)
{
- unsigned char *p = *pBuffer;
- size_t remain = *pRemain;
VALUE_PAIR *vp = NULL;
DICT_ATTR *da;
uint32_t attrid;
- if (remain < avpSize(NULL))
- goto fail;
+ JSONObject type = obj["type"];
+ JSONObject value = obj["value"];
- attrid = load_uint32_be(p);
- p += 4;
- remain -= 4;
+ if (!type.isInteger())
+ goto fail;
+ attrid = type.integer();
da = dict_attrbyvalue(attrid);
if (da != NULL) {
vp = pairalloc(da);
} else {
- vp = paircreate(attrid, PW_TYPE_STRING);
+ int type = base64Valid(value.string()) ?
+ PW_TYPE_OCTETS : PW_TYPE_STRING;
+ vp = paircreate(attrid, type);
}
- if (vp == NULL) {
- throw new std::bad_alloc;
- goto fail;
- }
-
- if (remain < p[0])
- goto fail;
+ if (vp == NULL)
+ throw std::bad_alloc();
switch (vp->type) {
case PW_TYPE_INTEGER:
case PW_TYPE_IPADDR:
case PW_TYPE_DATE:
- if (p[0] != 4)
+ if (!value.isInteger())
goto fail;
vp->length = 4;
- vp->lvalue = load_uint32_be(p + 1);
- p += 5;
- remain -= 5;
+ vp->lvalue = value.integer();
break;
- case PW_TYPE_STRING:
- default:
- if (p[0] >= MAX_STRING_LEN)
+ case PW_TYPE_STRING: {
+ if (!value.isString())
goto fail;
- vp->length = (uint32_t)p[0];
- memcpy(vp->vp_octets, p + 1, vp->length);
+ const char *str = value.string();
+ size_t len = strlen(str);
- if (vp->type == PW_TYPE_STRING)
- vp->vp_strvalue[vp->length] = '\0';
+ if (len >= MAX_STRING_LEN)
+ goto fail;
- p += 1 + vp->length;
- remain -= 1 + vp->length;
+ vp->length = len;
+ memcpy(vp->vp_strvalue, str, len + 1);
break;
}
+ case PW_TYPE_OCTETS:
+ default: {
+ if (!value.isString())
+ goto fail;
+
+ const char *str = value.string();
+ ssize_t len = strlen(str);
+
+ /* this optimization requires base64Decode only understand packed encoding */
+ if (len >= BASE64_EXPAND(MAX_STRING_LEN))
+ goto fail;
+
+ len = base64Decode(str, vp->vp_octets);
+ if (len < 0)
+ goto fail;
+
+ vp->length = len;
+ break;
+ }
+ }
*pVp = vp;
- *pBuffer = p;
- *pRemain = remain;
return true;
return false;
}
+const char *
+gss_eap_radius_attr_provider::name(void) const
+{
+ return "radius";
+}
+
bool
-gss_eap_radius_attr_provider::initFromBuffer(const gss_eap_attr_ctx *ctx,
- const gss_buffer_t buffer)
+gss_eap_radius_attr_provider::initWithJsonObject(const gss_eap_attr_ctx *ctx,
+ JSONObject &obj)
{
- unsigned char *p = (unsigned char *)buffer->value;
- size_t remain = buffer->length;
VALUE_PAIR **pNext = &m_vps;
- if (!gss_eap_attr_provider::initFromBuffer(ctx, buffer))
+ if (!gss_eap_attr_provider::initWithJsonObject(ctx, obj))
return false;
- do {
- VALUE_PAIR *attr;
+ JSONObject attrs = obj["attributes"];
+ size_t nelems = attrs.size();
- if (!avpImport(&attr, &p, &remain))
+ for (size_t i = 0; i < nelems; i++) {
+ JSONObject attr = attrs[i];
+ VALUE_PAIR *vp;
+
+ if (!jsonToAvp(&vp, attr))
return false;
- *pNext = attr;
- pNext = &attr->next;
- } while (remain != 0);
+ *pNext = vp;
+ pNext = &vp->next;
+ }
+
+ m_authenticated = obj["authenticated"].integer();
return true;
}
-void
-gss_eap_radius_attr_provider::exportToBuffer(gss_buffer_t buffer) const
+const char *
+gss_eap_radius_attr_provider::prefix(void) const
{
- VALUE_PAIR *vp;
- unsigned char *p;
- size_t remain = 0;
+ return "urn:ietf:params:gss-eap:radius-avp";
+}
- for (vp = m_vps; vp != NULL; vp = vp->next) {
- remain += avpSize(vp);
- }
+JSONObject
+gss_eap_radius_attr_provider::jsonRepresentation(void) const
+{
+ JSONObject obj, attrs = JSONObject::array();
- buffer->value = GSSEAP_MALLOC(remain);
- if (buffer->value == NULL) {
- throw new std::bad_alloc;
- return;
+ for (VALUE_PAIR *vp = m_vps; vp != NULL; vp = vp->next) {
+ JSONObject attr = avpToJson(vp);
+ attrs.append(attr);
}
- buffer->length = remain;
- p = (unsigned char *)buffer->value;
+ obj.set("attributes", attrs);
- for (vp = m_vps; vp != NULL; vp = vp->next) {
- avpExport(vp, &p, &remain);
- }
+ obj.set("authenticated", m_authenticated);
- assert(remain == 0);
+ return obj;
}
time_t
projects / moonshot.git / blobdiff