#ifndef _GSSAPIP_EAP_H_
#define _GSSAPIP_EAP_H_ 1
-#define BUILTIN_EAP 1
-
#include <assert.h>
#include <string.h>
#include <errno.h>
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include "gssapi_eap.h"
-#include "util.h"
/* Kerberos includes */
#include <krb5.h>
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
-#include <crypto/tls.h> /* XXX testing implementation only */
+#include <crypto/tls.h>
#include <wpabuf.h>
#endif
+#include <freeradius-client.h>
+#include <freeradius/radius.h>
+
+#include "util.h"
+
+/* These name flags are informative and not actually used by anything yet */
#define NAME_FLAG_NAI 0x00000001
#define NAME_FLAG_SERVICE 0x00000002
#define NAME_FLAG_COMPOSITE 0x00000004
struct gss_eap_attr_ctx;
struct gss_name_struct {
- GSSEAP_MUTEX mutex; /* mutex protecting attributes */
+ GSSEAP_MUTEX mutex; /* mutex protects attrCtx */
OM_uint32 flags;
krb5_principal krbPrincipal; /* this is immutable */
struct gss_eap_attr_ctx *attrCtx;
#define CRED_FLAG_ACCEPT 0x00000002
#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004
#define CRED_FLAG_PASSWORD 0x00000008
+#define CRED_FLAG_DISABLE_LOCAL_ATTRS 0x00010000
+#define CRED_FLAG_SET_CRED_OPTION_MASK 0x00FF0000
struct gss_cred_id_struct {
GSSEAP_MUTEX mutex;
gss_buffer_desc password;
gss_OID_set mechanisms;
time_t expiryTime;
+ char *radiusConfigFile;
};
#define CTX_FLAG_INITIATOR 0x00000001
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
enum gss_eap_state {
- EAP_STATE_AUTHENTICATE = 0,
-#if 0
- EAP_STATE_KEY_TRANSPORT,
- EAP_STATE_SECURE_ASSOCIATION,
-#endif
+ EAP_STATE_IDENTITY = 0,
+ EAP_STATE_AUTHENTICATE,
EAP_STATE_GSS_CHANNEL_BINDINGS,
EAP_STATE_ESTABLISHED
};
};
struct gss_eap_acceptor_ctx {
-#if defined(BUILTIN_EAP) && !defined(__cplusplus)
- struct eap_eapol_interface *eapPolInterface;
- void *tlsContext;
- struct eap_sm *eap;
-#endif
+ rc_handle *radHandle;
+ int lastStatus;
+ VALUE_PAIR *avps;
+ gss_buffer_desc state;
};
struct gss_ctx_id_struct {