#define _GSSAPIP_EAP_H_ 1
#include "config.h"
+
+#ifdef HAVE_HEIMDAL_VERSION
+#define KRB5_DEPRECATED /* so we can use krb5_free_unparsed_name() */
+#endif
+
#include <assert.h>
#include <string.h>
#include <errno.h>
#include <time.h>
#include <sys/param.h>
-/* GSS includes */
+/* GSS headers */
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_krb5.h>
+#ifndef HAVE_HEIMDAL_VERSION
#include <gssapi/gssapi_ext.h>
+#endif
#include "gssapi_eap.h"
-/* Kerberos includes */
+/* Kerberos headers */
#include <krb5.h>
-/* EAP includes (not C++ clean) */
-#ifndef __cplusplus
+/* EAP headers */
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
-#include <crypto/tls.h>
+#include <eap_peer/eap_methods.h>
#include <wpabuf.h>
-#endif
-/* Workaround for FreeRADIUS not being C++ clean */
+/* FreeRADIUS headers */
#ifdef __cplusplus
extern "C" {
#define operator fr_operator
#endif
#include "gsseap_err.h"
+#include "radsec_err.h"
#include "util.h"
#ifdef __cplusplus
struct gss_eap_saml_attr_ctx;
struct gss_eap_attr_ctx;
-struct gss_name_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_name_t_desc_struct
+#else
+struct gss_name_struct
+#endif
+{
GSSEAP_MUTEX mutex; /* mutex protects attrCtx */
OM_uint32 flags;
krb5_principal krbPrincipal; /* this is immutable */
#define CRED_FLAG_DEFAULT_CCACHE 0x00100000
#define CRED_FLAG_PUBLIC_MASK 0x0000FFFF
-struct gss_cred_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_cred_id_t_desc_struct
+#else
+struct gss_cred_id_struct
+#endif
+{
GSSEAP_MUTEX mutex;
OM_uint32 flags;
gss_name_t name;
};
#define CTX_FLAG_INITIATOR 0x00000001
-#define CTX_FLAG_KRB_REAUTH_GSS 0x00000002
+#define CTX_FLAG_KRB_REAUTH 0x00000002
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
enum gss_eap_state {
- EAP_STATE_IDENTITY = 0,
- EAP_STATE_AUTHENTICATE,
- EAP_STATE_EXTENSIONS_REQ,
- EAP_STATE_EXTENSIONS_RESP,
- EAP_STATE_ESTABLISHED,
+ GSSEAP_STATE_IDENTITY = 0, /* identify peer */
+ GSSEAP_STATE_AUTHENTICATE, /* exchange EAP messages */
+ GSSEAP_STATE_EXTENSIONS_REQ, /* initiator extensions */
+ GSSEAP_STATE_EXTENSIONS_RESP, /* acceptor extensions */
+ GSSEAP_STATE_ESTABLISHED, /* context established */
+ GSSEAP_STATE_ERROR, /* context error */
#ifdef GSSEAP_ENABLE_REAUTH
- EAP_STATE_KRB_REAUTH_GSS
+ GSSEAP_STATE_KRB_REAUTH /* fast reauthentication */
#endif
};
-#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED)
+#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == GSSEAP_STATE_ESTABLISHED)
/* Initiator context flags */
#define CTX_FLAG_EAP_SUCCESS 0x00010000
};
struct gss_eap_acceptor_ctx {
- struct rs_handle *radHandle;
+ struct rs_context *radContext;
struct rs_connection *radConn;
char *radServer;
gss_buffer_desc state;
VALUE_PAIR *vps;
};
-struct gss_ctx_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_ctx_id_t_desc_struct
+#else
+struct gss_ctx_id_struct
+#endif
+{
GSSEAP_MUTEX mutex;
enum gss_eap_state state;
OM_uint32 flags;
void
gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...);
+#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \
+ (err) <= GSSEAP_RADIUS_PROT_FAILURE)
+
#ifdef __cplusplus
}
#endif