include com_err.h for error_message()

[mech_eap.git] / mech_eap / gssapiP_eap.h
diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h

index 8a997d5..bc138bf 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -77,8 +77,13 @@ typedef struct gss_any *gss_any_t;
  typedef const gss_OID_desc *gss_const_OID;
  #endif
  
+#ifndef GSS_IOV_BUFFER_TYPE_MIC_TOKEN
+#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN      12  /* MIC token destination */
+#endif
+
  /* Kerberos headers */
  #include <krb5.h>
+#include <com_err.h>
  
  /* EAP headers */
  #include <includes.h>
@@ -157,6 +162,7 @@ struct gss_cred_id_struct
      gss_buffer_desc subjectAltNameConstraint;
      gss_buffer_desc clientCertificate;
      gss_buffer_desc privateKey;
+    gss_buffer_desc caCertificateBlob;
  #ifdef GSSEAP_ENABLE_REAUTH
      krb5_ccache krbCredCache;
      gss_cred_id_t reauthCred;
@@ -186,7 +192,8 @@ struct gss_cred_id_struct
  
  #define CONFIG_BLOB_CLIENT_CERT             0
  #define CONFIG_BLOB_PRIVATE_KEY             1
-#define CONFIG_BLOB_MAX                     2
+#define CONFIG_BLOB_CA_CERT                 2
+#define CONFIG_BLOB_MAX                     3
  
  struct gss_eap_initiator_ctx {
      unsigned int idleWhile;
@@ -313,7 +320,9 @@ gssEapWrapIovLength(OM_uint32 *minor,
                      gss_qop_t qop_req,
                      int *conf_state,
                      gss_iov_buffer_desc *iov,
-                    int iov_count);
+                    int iov_count,
+                    enum gss_eap_token_type tokType);
+
  OM_uint32
  gssEapWrap(OM_uint32 *minor,
             gss_ctx_id_t ctx,
@@ -335,7 +344,7 @@ gssEapDisplayStatus(OM_uint32 *minor,
                      OM_uint32 status_value,
                      gss_buffer_t status_string);
  
-#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+#define IS_WIRE_ERROR(err)              ((err) >= GSSEAP_RESERVED && \
                                           (err) <= GSSEAP_RADIUS_PROT_FAILURE)
  
  #ifdef GSSEAP_ENABLE_ACCEPTOR
@@ -405,6 +414,46 @@ gssEapInitiatorInit(OM_uint32 *minor);
  void
  gssEapFinalize(void);
  
+/* Debugging and tracing */
+
+static inline void
+gssEapTraceStatus(const char *function,
+                  OM_uint32 major,
+                  OM_uint32 minor)
+{
+    gss_buffer_desc gssErrorCodeBuf = GSS_C_EMPTY_BUFFER;
+    gss_buffer_desc gssMechBuf = GSS_C_EMPTY_BUFFER;
+    OM_uint32 tmpMajor, tmpMinor;
+    OM_uint32 messageCtx = 0;
+
+    tmpMajor = gss_display_status(&tmpMinor, major,
+                                  GSS_C_GSS_CODE, GSS_C_NO_OID,
+                                  &messageCtx, &gssErrorCodeBuf);
+    if (!GSS_ERROR(tmpMajor)) {
+        if (minor == 0)
+            tmpMajor = makeStringBuffer(&tmpMinor, "no minor", &gssMechBuf);
+        else
+            tmpMajor = gssEapDisplayStatus(&tmpMinor, minor, &gssMechBuf);
+    }
+
+    if (!GSS_ERROR(tmpMajor))
+       wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+                  function,
+                   (int)gssErrorCodeBuf.length, (char *)gssErrorCodeBuf.value,
+                  (int)gssMechBuf.length, (char *)gssMechBuf.value);
+    else
+        wpa_printf(MSG_INFO, "%s: %u/%u",
+                   function, major, minor);
+
+    gss_release_buffer(&tmpMinor, &gssErrorCodeBuf);
+    gss_release_buffer(&tmpMinor, &gssMechBuf);
+}
+
+/* If built as a library on Linux, don't respect environment when set*uid */
+#ifdef HAVE_SECURE_GETENV
+#define getenv secure_getenv
+#endif
+
  #ifdef __cplusplus
  }
  #endif