2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Portions Copyright 2003-2010 Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
64 #include <sys/param.h>
75 #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
78 #if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
79 #define GSSEAP_UNUSED __attribute__ ((__unused__))
86 makeStringBuffer(OM_uint32 *minor,
91 bufferToString(OM_uint32 *minor,
92 const gss_buffer_t buffer,
96 duplicateBuffer(OM_uint32 *minor,
97 const gss_buffer_t src,
101 bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2)
103 return (b1->length == b2->length &&
104 memcmp(b1->value, b2->value, b2->length) == 0);
108 bufferEqualString(const gss_buffer_t b1, const char *s)
112 b2.length = strlen(s);
113 b2.value = (char *)s;
115 return bufferEqual(b1, &b2);
120 gssEapSign(krb5_context context,
123 #ifdef HAVE_HEIMDAL_VERSION
128 krb5_keyusage sign_usage,
129 gss_iov_buffer_desc *iov,
133 gssEapVerify(krb5_context context,
136 #ifdef HAVE_HEIMDAL_VERSION
141 krb5_keyusage sign_usage,
142 gss_iov_buffer_desc *iov,
148 gssEapEncodeGssChannelBindings(OM_uint32 *minor,
149 gss_channel_bindings_t chanBindings,
150 gss_buffer_t encodedBindings);
154 #define EAP_EXPORT_CONTEXT_V1 1
156 enum gss_eap_token_type {
157 TOK_TYPE_NONE = 0x0000, /* no token */
158 TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
159 TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
160 TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
161 TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
162 TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
163 TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
164 TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
167 /* inner token types and flags */
168 #define ITOK_TYPE_NONE 0x00000000
169 #define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
170 #define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */
171 #define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */
172 #define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */
173 #define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */
174 #define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* critical, required, if not reauth */
175 #define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */
176 #define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */
177 #define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
178 #define ITOK_TYPE_VERSION_INFO 0x0000000A /* optional */
179 #define ITOK_TYPE_VENDOR_INFO 0x0000000B /* optional */
181 #define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
182 #define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
184 #define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
186 OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
187 OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
190 gssEapMakeToken(OM_uint32 *minor,
192 const gss_buffer_t innerToken,
193 enum gss_eap_token_type tokenType,
194 gss_buffer_t outputToken);
197 gssEapVerifyToken(OM_uint32 *minor,
199 const gss_buffer_t inputToken,
200 enum gss_eap_token_type *tokenType,
201 gss_buffer_t innerInputToken);
204 gssEapContextTime(OM_uint32 *minor,
205 gss_ctx_id_t context_handle,
206 OM_uint32 *time_rec);
209 gssEapDisplayName(OM_uint32 *minor,
211 gss_buffer_t output_name_buffer,
212 gss_OID *output_name_type);
215 OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
216 OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
219 gssEapAcquireCred(OM_uint32 *minor,
220 const gss_name_t desiredName,
221 const gss_buffer_t password,
223 const gss_OID_set desiredMechs,
225 gss_cred_id_t *pCred,
226 gss_OID_set *pActualMechs,
229 int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
233 gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
235 #ifdef HAVE_HEIMDAL_VERSION
241 gss_iov_buffer_desc *iov, int iov_count);
244 gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
246 #ifdef HAVE_HEIMDAL_VERSION
252 gss_iov_buffer_desc *iov, int iov_count);
255 gssEapMapCryptoFlag(OM_uint32 type);
258 gssEapLocateIov(gss_iov_buffer_desc *iov,
263 gssEapIovMessageLength(gss_iov_buffer_desc *iov,
266 size_t *assoc_data_length);
269 gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
272 gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
275 gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
278 gssEapDeriveRfc3961Key(OM_uint32 *minor,
279 const unsigned char *key,
281 krb5_enctype enctype,
282 krb5_keyblock *pKey);
285 #ifdef HAVE_HEIMDAL_VERSION
287 #define KRB_TIME_FOREVER ((time_t)~0L)
289 #define KRB_KEY_TYPE(key) ((key)->keytype)
290 #define KRB_KEY_DATA(key) ((key)->keyvalue.data)
291 #define KRB_KEY_LENGTH(key) ((key)->keyvalue.length)
293 #define KRB_PRINC_LENGTH(princ) ((princ)->name.name_string.len)
294 #define KRB_PRINC_TYPE(princ) ((princ)->name.name_type)
295 #define KRB_PRINC_NAME(princ) ((princ)->name.name_string.val)
296 #define KRB_PRINC_REALM(princ) ((princ)->realm)
298 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->keyblock)
299 #define KRB_KT_ENT_FREE(c, e) krb5_kt_free_entry((c), (e))
301 #define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto)
305 #define KRB_TIME_FOREVER KRB5_INT32_MAX
307 #define KRB_KEY_TYPE(key) ((key)->enctype)
308 #define KRB_KEY_DATA(key) ((key)->contents)
309 #define KRB_KEY_LENGTH(key) ((key)->length)
311 #define KRB_PRINC_LENGTH(princ) (krb5_princ_size(NULL, (princ)))
312 #define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ)))
313 #define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ)))
314 #define KRB_PRINC_REALM(princ) (krb5_princ_realm(NULL, (princ)))
316 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->key)
317 #define KRB_KT_ENT_FREE(c, e) krb5_free_keytab_entry_contents((c), (e))
319 #define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key)
321 #endif /* HAVE_HEIMDAL_VERSION */
323 #define KRB_KEY_INIT(key) do { \
324 KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
325 KRB_KEY_DATA(key) = NULL; \
326 KRB_KEY_LENGTH(key) = 0; \
329 #define GSSEAP_KRB_INIT(ctx) do { \
330 OM_uint32 tmpMajor; \
332 tmpMajor = gssEapKerberosInit(minor, ctx); \
333 if (GSS_ERROR(tmpMajor)) { \
339 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
342 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
344 krb5_cksumtype *cksumtype);
347 krbAnonymousPrincipal(void);
350 krbCryptoLength(krb5_context krbContext,
351 #ifdef HAVE_HEIMDAL_VERSION
352 krb5_crypto krbCrypto,
360 krbPaddingLength(krb5_context krbContext,
361 #ifdef HAVE_HEIMDAL_VERSION
362 krb5_crypto krbCrypto,
370 krbBlockSize(krb5_context krbContext,
371 #ifdef HAVE_HEIMDAL_VERSION
372 krb5_crypto krbCrypto,
379 krbEnctypeToString(krb5_context krbContext,
380 krb5_enctype enctype,
382 gss_buffer_t string);
385 krbMakeAuthDataKdcIssued(krb5_context context,
386 const krb5_keyblock *key,
387 krb5_const_principal issuer,
388 #ifdef HAVE_HEIMDAL_VERSION
389 const AuthorizationData *authdata,
390 AuthorizationData *adKdcIssued
392 krb5_authdata *const *authdata,
393 krb5_authdata ***adKdcIssued
398 krbMakeCred(krb5_context context,
399 krb5_auth_context authcontext,
405 gssEapExportLucidSecContext(OM_uint32 *minor,
407 const gss_OID desiredObject,
408 gss_buffer_set_t *data_set);
411 extern gss_OID GSS_EAP_MECHANISM;
414 gssEapInternalizeOid(const gss_OID oid,
415 gss_OID *const pInternalizedOid);
418 gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid);
421 gssEapDefaultMech(OM_uint32 *minor,
425 gssEapIndicateMechs(OM_uint32 *minor,
429 gssEapEnctypeToOid(OM_uint32 *minor,
430 krb5_enctype enctype,
434 gssEapOidToEnctype(OM_uint32 *minor,
436 krb5_enctype *enctype);
439 gssEapIsMechanismOid(const gss_OID oid);
442 gssEapIsConcreteMechanismOid(const gss_OID oid);
445 gssEapValidateMechs(OM_uint32 *minor,
446 const gss_OID_set mechs);
449 gssEapOidToSaslName(const gss_OID oid);
452 gssEapSaslNameToOid(const gss_buffer_t name);
455 #define EXPORT_NAME_FLAG_OID 0x1
456 #define EXPORT_NAME_FLAG_COMPOSITE 0x2
458 OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
459 OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
460 OM_uint32 gssEapExportName(OM_uint32 *minor,
461 const gss_name_t name,
462 gss_buffer_t exportedName);
463 OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
464 const gss_name_t name,
465 gss_buffer_t exportedName,
467 OM_uint32 gssEapImportName(OM_uint32 *minor,
468 const gss_buffer_t input_name_buffer,
469 gss_OID input_name_type,
470 gss_name_t *output_name);
471 OM_uint32 gssEapImportNameInternal(OM_uint32 *minor,
472 const gss_buffer_t input_name_buffer,
473 gss_name_t *output_name,
476 gssEapDuplicateName(OM_uint32 *minor,
477 const gss_name_t input_name,
478 gss_name_t *dest_name);
482 composeOid(OM_uint32 *minor_status,
489 decomposeOid(OM_uint32 *minor_status,
496 duplicateOid(OM_uint32 *minor_status,
497 const gss_OID_desc * const oid,
501 duplicateOidSet(OM_uint32 *minor,
502 const gss_OID_set src,
506 oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
508 if (o1 == GSS_C_NO_OID)
509 return (o2 == GSS_C_NO_OID);
510 else if (o2 == GSS_C_NO_OID)
511 return (o1 == GSS_C_NO_OID);
513 return (o1->length == o2->length &&
514 memcmp(o1->elements, o2->elements, o1->length) == 0);
517 /* util_ordering.c */
519 sequenceInternalize(OM_uint32 *minor,
525 sequenceExternalize(OM_uint32 *minor,
531 sequenceSize(void *vqueue);
534 sequenceFree(OM_uint32 *minor, void **vqueue);
537 sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum);
540 sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum,
541 int do_replay, int do_sequence, int wide_nums);
545 GSSEAP_STATE_INITIAL = 0x01, /* initial state */
546 GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */
547 GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */
548 GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */
549 #ifdef GSSEAP_ENABLE_REAUTH
550 GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */
552 GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */
553 GSSEAP_STATE_ALL = 0x3F
556 #define GSSEAP_STATE_NEXT(s) ((s) << 1)
558 #define GSSEAP_SM_STATE(ctx) ((ctx)->state)
561 void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
562 #define GSSEAP_SM_TRANSITION(ctx, state) gssEapSmTransition((ctx), (state))
564 #define GSSEAP_SM_TRANSITION(ctx, newstate) do { (ctx)->state = (newstate); } while (0)
567 #define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT(GSSEAP_SM_STATE((ctx))))
569 /* state machine entry */
571 OM_uint32 inputTokenType;
572 OM_uint32 outputTokenType;
573 enum gss_eap_state validStates;
575 OM_uint32 (*processToken)(OM_uint32 *,
582 gss_channel_bindings_t,
588 /* state machine flags, set by handler */
589 #define SM_FLAG_FORCE_SEND_TOKEN 0x00000001 /* send token even if no inner tokens */
590 #define SM_FLAG_OUTPUT_TOKEN_CRITICAL 0x00000002 /* output token is critical */
592 /* state machine flags, set by state machine */
593 #define SM_FLAG_INPUT_TOKEN_CRITICAL 0x10000000 /* input token was critical */
595 #define SM_ITOK_FLAG_REQUIRED 0x00000001 /* received tokens must be present */
598 gssEapSmStep(OM_uint32 *minor,
605 gss_channel_bindings_t chanBindings,
606 gss_buffer_t inputToken,
607 gss_buffer_t outputToken,
608 struct gss_eap_sm *sm,
612 gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
616 gssEapEncodeInnerTokens(OM_uint32 *minor,
617 gss_buffer_set_t extensions,
619 gss_buffer_t buffer);
621 gssEapDecodeInnerTokens(OM_uint32 *minor,
622 const gss_buffer_t buffer,
623 gss_buffer_set_t *pExtensions,
627 tokenSize(const gss_OID_desc *mech, size_t body_size);
630 makeTokenHeader(const gss_OID_desc *mech,
633 enum gss_eap_token_type tok_type);
636 verifyTokenHeader(OM_uint32 *minor,
639 unsigned char **buf_in,
641 enum gss_eap_token_type *ret_tok_type);
645 #define GSSEAP_CALLOC calloc
646 #define GSSEAP_MALLOC malloc
647 #define GSSEAP_FREE free
648 #define GSSEAP_REALLOC realloc
650 #define GSSEAP_NOT_IMPLEMENTED do { \
651 assert(0 && "not implemented"); \
653 return GSS_S_FAILURE; \
658 #define GSSEAP_MUTEX pthread_mutex_t
659 #define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
661 #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
662 #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
663 #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
664 #define GSSEAP_MUTEX_UNLOCK(m) pthread_mutex_unlock((m))
666 #define GSSEAP_THREAD_KEY pthread_key_t
667 #define GSSEAP_KEY_CREATE(k, d) pthread_key_create((k), (d))
668 #define GSSEAP_GETSPECIFIC(k) pthread_getspecific((k))
669 #define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d))
671 #define GSSEAP_THREAD_ONCE pthread_once_t
672 #define GSSEAP_ONCE(o, i) pthread_once((o), (i))
673 #define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT
675 /* Helper functions */
677 store_uint16_be(uint16_t val, void *vp)
679 unsigned char *p = (unsigned char *)vp;
681 p[0] = (val >> 8) & 0xff;
682 p[1] = (val ) & 0xff;
685 static inline uint16_t
686 load_uint16_be(const void *cvp)
688 const unsigned char *p = (const unsigned char *)cvp;
690 return (p[1] | (p[0] << 8));
694 store_uint32_be(uint32_t val, void *vp)
696 unsigned char *p = (unsigned char *)vp;
698 p[0] = (val >> 24) & 0xff;
699 p[1] = (val >> 16) & 0xff;
700 p[2] = (val >> 8) & 0xff;
701 p[3] = (val ) & 0xff;
704 static inline uint32_t
705 load_uint32_be(const void *cvp)
707 const unsigned char *p = (const unsigned char *)cvp;
709 return (p[3] | (p[2] << 8)
710 | ((uint32_t) p[1] << 16)
711 | ((uint32_t) p[0] << 24));
715 store_uint64_be(uint64_t val, void *vp)
717 unsigned char *p = (unsigned char *)vp;
719 p[0] = (unsigned char)((val >> 56) & 0xff);
720 p[1] = (unsigned char)((val >> 48) & 0xff);
721 p[2] = (unsigned char)((val >> 40) & 0xff);
722 p[3] = (unsigned char)((val >> 32) & 0xff);
723 p[4] = (unsigned char)((val >> 24) & 0xff);
724 p[5] = (unsigned char)((val >> 16) & 0xff);
725 p[6] = (unsigned char)((val >> 8) & 0xff);
726 p[7] = (unsigned char)((val ) & 0xff);
729 static inline uint64_t
730 load_uint64_be(const void *cvp)
732 const unsigned char *p = (const unsigned char *)cvp;
734 return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4);
737 static inline unsigned char *
738 store_buffer(gss_buffer_t buffer, void *vp, int wide_nums)
740 unsigned char *p = (unsigned char *)vp;
743 store_uint64_be(buffer->length, p);
746 store_uint32_be(buffer->length, p);
750 if (buffer->value != NULL) {
751 memcpy(p, buffer->value, buffer->length);
758 static inline unsigned char *
759 load_buffer(const void *cvp, size_t length, gss_buffer_t buffer)
762 buffer->value = GSSEAP_MALLOC(length);
763 if (buffer->value == NULL)
765 buffer->length = length;
766 memcpy(buffer->value, cvp, length);
767 return (unsigned char *)cvp + length;
770 static inline unsigned char *
771 store_oid(gss_OID oid, void *vp)
775 if (oid != GSS_C_NO_OID) {
776 buf.length = oid->length;
777 buf.value = oid->elements;
783 return store_buffer(&buf, vp, FALSE);
787 krbDataToGssBuffer(krb5_data *data, gss_buffer_t buffer)
789 buffer->value = (void *)data->data;
790 buffer->length = data->length;
794 krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
795 int index, gss_buffer_t buffer)
797 #ifdef HAVE_HEIMDAL_VERSION
798 buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index];
799 buffer->length = strlen((char *)buffer->value);
801 buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
802 buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
803 #endif /* HAVE_HEIMDAL_VERSION */
807 krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer)
809 #ifdef HAVE_HEIMDAL_VERSION
810 buffer->value = (void *)KRB_PRINC_REALM(krbPrinc);
811 buffer->length = strlen((char *)buffer->value);
813 krbDataToGssBuffer(KRB_PRINC_REALM(krbPrinc), buffer);
818 gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
820 data->data = (char *)buffer->value;
821 data->length = buffer->length;
828 #include "util_attr.h"
829 #ifdef GSSEAP_ENABLE_REAUTH
830 #include "util_reauth.h"
833 #endif /* _UTIL_H_ */