typedef const gss_OID_desc *gss_const_OID;
#endif
+#ifndef GSS_IOV_BUFFER_TYPE_MIC_TOKEN
+#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */
+#endif
+
/* Kerberos headers */
#include <krb5.h>
+#include <com_err.h>
/* EAP headers */
#include <includes.h>
gss_buffer_desc subjectAltNameConstraint;
gss_buffer_desc clientCertificate;
gss_buffer_desc privateKey;
+ gss_buffer_desc caCertificateBlob;
#ifdef GSSEAP_ENABLE_REAUTH
krb5_ccache krbCredCache;
gss_cred_id_t reauthCred;
#define CONFIG_BLOB_CLIENT_CERT 0
#define CONFIG_BLOB_PRIVATE_KEY 1
-#define CONFIG_BLOB_MAX 2
+#define CONFIG_BLOB_CA_CERT 2
+#define CONFIG_BLOB_MAX 3
struct gss_eap_initiator_ctx {
unsigned int idleWhile;
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
- int iov_count);
+ int iov_count,
+ enum gss_eap_token_type tokType);
+
OM_uint32
gssEapWrap(OM_uint32 *minor,
gss_ctx_id_t ctx,
OM_uint32 status_value,
gss_buffer_t status_string);
-#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \
+#define IS_WIRE_ERROR(err) ((err) >= GSSEAP_RESERVED && \
(err) <= GSSEAP_RADIUS_PROT_FAILURE)
#ifdef GSSEAP_ENABLE_ACCEPTOR
void
gssEapFinalize(void);
+/* Debugging and tracing */
+
+static inline void
+gssEapTraceStatus(const char *function,
+ OM_uint32 major,
+ OM_uint32 minor)
+{
+ gss_buffer_desc gssErrorCodeBuf = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc gssMechBuf = GSS_C_EMPTY_BUFFER;
+ OM_uint32 tmpMajor, tmpMinor;
+ OM_uint32 messageCtx = 0;
+
+ tmpMajor = gss_display_status(&tmpMinor, major,
+ GSS_C_GSS_CODE, GSS_C_NO_OID,
+ &messageCtx, &gssErrorCodeBuf);
+ if (!GSS_ERROR(tmpMajor)) {
+ if (minor == 0)
+ tmpMajor = makeStringBuffer(&tmpMinor, "no minor", &gssMechBuf);
+ else
+ tmpMajor = gssEapDisplayStatus(&tmpMinor, minor, &gssMechBuf);
+ }
+
+ if (!GSS_ERROR(tmpMajor))
+ wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+ function,
+ (int)gssErrorCodeBuf.length, (char *)gssErrorCodeBuf.value,
+ (int)gssMechBuf.length, (char *)gssMechBuf.value);
+ else
+ wpa_printf(MSG_INFO, "%s: %u/%u",
+ function, major, minor);
+
+ gss_release_buffer(&tmpMinor, &gssErrorCodeBuf);
+ gss_release_buffer(&tmpMinor, &gssMechBuf);
+}
+
+/* If built as a library on Linux, don't respect environment when set*uid */
+#ifdef HAVE_SECURE_GETENV
+#define getenv secure_getenv
+#endif
+
#ifdef __cplusplus
}
#endif