projects / moonshot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 2: 6a18b6b)
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
authorLuke Howard <lukeh@padl.com>
Sun, 15 May 2011 23:17:20 +0000 (01:17 +0200)
committerLuke Howard <lukeh@padl.com>
Sun, 15 May 2011 23:17:20 +0000 (01:17 +0200)
moonshot/mech_eap/dictionary.ukerna patch | blob | history
moonshot/mech_eap/util_base64.c patch | blob | history
moonshot/mech_eap/util_radius.cpp patch | blob | history
moonshot/mech_eap/util_radius.h patch | blob | history
moonshot/mech_eap/util_shib.cpp patch | blob | history
shibboleth/sp patch | blob | history

diff --git a/moonshot/mech_eap/dictionary.ukerna b/moonshot/mech_eap/dictionary.ukerna
index d62d829..1694566 100644 (file)
--- a/moonshot/mech_eap/dictionary.ukerna
+++ b/moonshot/mech_eap/dictionary.ukerna
@@ -14,5 +14,6 @@ ATTRIBUTE     GSS-Acceptor-Host-Name          129     string
 ATTRIBUTE      GSS-Acceptor-Service-Specific   130     string
 ATTRIBUTE      GSS-Acceptor-Realm-Name         131     string
 ATTRIBUTE      SAML-AAA-Assertion              132     string
+ATTRIBUTE      MS-Windows-Auth-Data            133     octets
 
 END-VENDOR UKERNA
diff --git a/moonshot/mech_eap/util_base64.c b/moonshot/mech_eap/util_base64.c
index 5d5241d..134b2cc 100644 (file)
--- a/moonshot/mech_eap/util_base64.c
+++ b/moonshot/mech_eap/util_base64.c
@@ -122,7 +122,9 @@ base64Decode(const char *str, void *data)
     unsigned char *q;
 
     q = data;
-    for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) {
+    p = str;
+
+    while (*p && *p && (*p == '=' || strchr(base64_chars, *p))) {
        unsigned int val = token_decode(p);
        unsigned int marker = (val >> 24) & 0xff;
        if (val == DECODE_ERROR)
@@ -132,6 +134,9 @@ base64Decode(const char *str, void *data)
            *q++ = (val >> 8) & 0xff;
        if (marker < 1)
            *q++ = val & 0xff;
+       p += 4;
+       if (*p == '\n')
+           p++;
     }
     return q - (unsigned char *) data;
 }
diff --git a/moonshot/mech_eap/util_radius.cpp b/moonshot/mech_eap/util_radius.cpp
index 5462acc..1be1d53 100644 (file)
--- a/moonshot/mech_eap/util_radius.cpp
+++ b/moonshot/mech_eap/util_radius.cpp
@@ -155,7 +155,17 @@ isInternalAttributeP(uint16_t attrid, uint16_t vendor)
 
     switch (vendor) {
     case VENDORPEC_UKERNA:
-        bInternalAttribute = true;
+        switch (attrid) {
+        case PW_GSS_ACCEPTOR_SERVICE_NAME:
+        case PW_GSS_ACCEPTOR_HOST_NAME:
+        case PW_GSS_ACCEPTOR_SERVICE_SPECIFIC:
+        case PW_GSS_ACCEPTOR_REALM_NAME:
+        case PW_SAML_AAA_ASSERTION:
+            bInternalAttribute = true;
+            break;
+        default:
+            break;
+        }
         break;
     default:
         break;
@@ -170,6 +180,20 @@ isInternalAttributeP(uint32_t attribute)
     return isInternalAttributeP(ATTRID(attribute), VENDOR(attribute));
 }
 
+static bool
+isFragmentedAttributeP(uint16_t attrid, uint16_t vendor)
+{
+    /* A bit of a hack for the PAC for now. Should be configurable. */
+    return (vendor == VENDORPEC_UKERNA) &&
+        !isInternalAttributeP(attrid, vendor);
+}
+
+static bool
+isFragmentedAttributeP(uint32_t attribute)
+{
+    return isFragmentedAttributeP(ATTRID(attribute), VENDOR(attribute));
+}
+
 /*
  * Copy AVP list, same as paircopy except it filters out attributes
  * containing keys.
@@ -350,6 +374,16 @@ gss_eap_radius_attr_provider::getAttribute(uint32_t attrid,
     if (i == -1)
         i = 0;
 
+    if (isSecretAttributeP(attrid) || isInternalAttributeP(attrid)) {
+        return false;
+    } else if (isFragmentedAttributeP(attrid)) {
+        return getFragmentedAttribute(ATTRID(attrid),
+                                      VENDOR(attrid),
+                                      authenticated,
+                                      complete,
+                                      value);
+    }
+
     for (vp = pairfind(m_vps, attrid);
          vp != NULL;
          vp = pairfind(vp->next, attrid)) {
@@ -557,8 +591,10 @@ gssEapRadiusGetAvp(OM_uint32 *minor,
     unsigned char *p;
     uint32_t attr = VENDORATTR(vendor, attribute);
 
-    buffer->length = 0;
-    buffer->value = NULL;
+    if (buffer != GSS_C_NO_BUFFER) {
+        buffer->length = 0;
+        buffer->value = NULL;
+    }
 
     vp = pairfind(vps, attr);
     if (vp == NULL) {
@@ -566,23 +602,25 @@ gssEapRadiusGetAvp(OM_uint32 *minor,
         return GSS_S_UNAVAILABLE;
     }
 
-    do {
-        buffer->length += vp->length;
-    } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
+    if (buffer != GSS_C_NO_BUFFER) {
+        do {
+            buffer->length += vp->length;
+        } while (concat && (vp = pairfind(vp->next, attr)) != NULL);
 
-    buffer->value = GSSEAP_MALLOC(buffer->length);
-    if (buffer->value == NULL) {
-        *minor = ENOMEM;
-        return GSS_S_FAILURE;
-    }
+        buffer->value = GSSEAP_MALLOC(buffer->length);
+        if (buffer->value == NULL) {
+            *minor = ENOMEM;
+            return GSS_S_FAILURE;
+        }
 
-    p = (unsigned char *)buffer->value;
+        p = (unsigned char *)buffer->value;
 
-    for (vp = pairfind(vps, attr);
-         concat && vp != NULL;
-         vp = pairfind(vp->next, attr)) {
-        memcpy(p, vp->vp_octets, vp->length);
-        p += vp->length;
+        for (vp = pairfind(vps, attr);
+             concat && vp != NULL;
+             vp = pairfind(vp->next, attr)) {
+            memcpy(p, vp->vp_octets, vp->length);
+            p += vp->length;
+        }
     }
 
     *minor = 0;
diff --git a/moonshot/mech_eap/util_radius.h b/moonshot/mech_eap/util_radius.h
index ebd348b..696cac0 100644 (file)
--- a/moonshot/mech_eap/util_radius.h
+++ b/moonshot/mech_eap/util_radius.h
@@ -164,6 +164,7 @@ gssEapRadiusMapError(OM_uint32 *minor,
 #define PW_GSS_ACCEPTOR_SERVICE_SPECIFIC    130
 #define PW_GSS_ACCEPTOR_REALM_NAME          131
 #define PW_SAML_AAA_ASSERTION               132
+#define PW_MS_WINDOWS_AUTH_DATA             133
 
 #define IS_RADIUS_ERROR(code)               ((code) >= ERROR_TABLE_BASE_rse && \
                                              (code) <= ERROR_TABLE_BASE_rse + RSE_TIMEOUT_IO)
diff --git a/moonshot/mech_eap/util_shib.cpp b/moonshot/mech_eap/util_shib.cpp
index 3d2aa2c..a83a7ea 100644 (file)
--- a/moonshot/mech_eap/util_shib.cpp
+++ b/moonshot/mech_eap/util_shib.cpp
@@ -304,7 +304,22 @@ gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr,
     buf.value = (void *)shibAttr->getSerializedValues()[*more].c_str();
     buf.length = strlen((char *)buf.value);
 
-    if (buf.length != 0) {
+    if (base64Valid((char *)buf.value)) {
+        ssize_t octetLen;
+
+        value->value = GSSEAP_MALLOC(buf.length);
+        if (value->value == NULL)
+            throw std::bad_alloc();
+
+        octetLen = base64Decode((char *)buf.value, value->value);
+        if (octetLen < 0) {
+            GSSEAP_FREE(value->value);
+            value->value = NULL;
+            return false;
+        }
+
+        value->length = octetLen;
+    } else if (buf.length != 0) {
         if (value != NULL)
             duplicateBuffer(buf, value);
 
@@ -315,7 +330,7 @@ gss_eap_shib_attr_provider::getAttribute(const gss_buffer_t attr,
     if (authenticated != NULL)
         *authenticated = m_authenticated;
     if (complete != NULL)
-        *complete = false;
+        *complete = true;
 
     if (nvalues > ++i)
         *more = i;
diff --git a/shibboleth/sp b/shibboleth/sp
index 28fcbaa..bdbac80 160000 (submodule)
--- a/shibboleth/sp
+++ b/shibboleth/sp
@@ -1 +1 @@
-Subproject commit 28fcbaa4e8c5090550a3e0ceaf0ea6a1355b890b
+Subproject commit bdbac801c636a747fdb3c0a39a564f3f77452cf3
Core Moonshot code including mech_eap