switch (vendor) {
case VENDORPEC_UKERNA:
- bInternalAttribute = true;
+ switch (attrid) {
+ case PW_GSS_ACCEPTOR_SERVICE_NAME:
+ case PW_GSS_ACCEPTOR_HOST_NAME:
+ case PW_GSS_ACCEPTOR_SERVICE_SPECIFIC:
+ case PW_GSS_ACCEPTOR_REALM_NAME:
+ case PW_SAML_AAA_ASSERTION:
+ bInternalAttribute = true;
+ break;
+ default:
+ break;
+ }
break;
default:
break;
return isInternalAttributeP(ATTRID(attribute), VENDOR(attribute));
}
+static bool
+isFragmentedAttributeP(uint16_t attrid, uint16_t vendor)
+{
+ /* A bit of a hack for the PAC for now. Should be configurable. */
+ return (vendor == VENDORPEC_UKERNA) &&
+ !isInternalAttributeP(attrid, vendor);
+}
+
+static bool
+isFragmentedAttributeP(uint32_t attribute)
+{
+ return isFragmentedAttributeP(ATTRID(attribute), VENDOR(attribute));
+}
+
/*
* Copy AVP list, same as paircopy except it filters out attributes
* containing keys.
if (i == -1)
i = 0;
+ if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid)) {
+ return false;
+ } else if (isFragmentedAttributeP(attrid)) {
+ return getFragmentedAttribute(ATTRID(attrid),
+ VENDOR(attrid),
+ authenticated,
+ complete,
+ value);
+ }
+
for (vp = pairfind(m_vps, attrid);
vp != NULL;
vp = pairfind(vp->next, attrid)) {
unsigned char *p;
uint32_t attr = VENDORATTR(vendor, attribute);
- buffer->length = 0;
- buffer->value = NULL;
+ if (buffer != GSS_C_NO_BUFFER) {
+ buffer->length = 0;
+ buffer->value = NULL;
+ }
vp = pairfind(vps, attr);
if (vp == NULL) {
return GSS_S_UNAVAILABLE;
}
- do {
- buffer->length += vp->length;
- } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
+ if (buffer != GSS_C_NO_BUFFER) {
+ do {
+ buffer->length += vp->length;
+ } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
- buffer->value = GSSEAP_MALLOC(buffer->length);
- if (buffer->value == NULL) {
- *minor = ENOMEM;
- return GSS_S_FAILURE;
- }
+ buffer->value = GSSEAP_MALLOC(buffer->length);
+ if (buffer->value == NULL) {
+ *minor = ENOMEM;
+ return GSS_S_FAILURE;
+ }
- p = (unsigned char *)buffer->value;
+ p = (unsigned char *)buffer->value;
- for (vp = pairfind(vps, attr);
- concat && vp != NULL;
- vp = pairfind(vp->next, attr)) {
- memcpy(p, vp->vp_octets, vp->length);
- p += vp->length;
+ for (vp = pairfind(vps, attr);
+ concat && vp != NULL;
+ vp = pairfind(vp->next, attr)) {
+ memcpy(p, vp->vp_octets, vp->length);
+ p += vp->length;
+ }
}
*minor = 0;
buf.value = (void *)shibAttr->getSerializedValues()[*more].c_str();
buf.length = strlen((char *)buf.value);
- if (buf.length != 0) {
+ if (base64Valid((char *)buf.value)) {
+ ssize_t octetLen;
+
+ value->value = GSSEAP_MALLOC(buf.length);
+ if (value->value == NULL)
+ throw std::bad_alloc();
+
+ octetLen = base64Decode((char *)buf.value, value->value);
+ if (octetLen < 0) {
+ GSSEAP_FREE(value->value);
+ value->value = NULL;
+ return false;
+ }
+
+ value->length = octetLen;
+ } else if (buf.length != 0) {
if (value != NULL)
duplicateBuffer(buf, value);
if (authenticated != NULL)
*authenticated = m_authenticated;
if (complete != NULL)
- *complete = false;
+ *complete = true;
if (nvalues > ++i)
*more = i;