#include <krb5.h>
#ifdef WIN32
-#define inline __inline
+# ifndef __cplusplus
+# define inline __inline
+# endif
#define snprintf _snprintf
#endif
}
/* util_cksum.c */
+enum gss_eap_token_type {
+ TOK_TYPE_NONE = 0x0000, /* no token */
+ TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
+ TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
+ TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
+ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
+ TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
+ TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
+ TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
+};
+
int
gssEapSign(krb5_context context,
krb5_cksumtype type,
#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
- int iov_count);
+ int iov_count,
+ enum gss_eap_token_type toktype);
int
gssEapVerify(krb5_context context,
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
+ enum gss_eap_token_type toktype,
int *valid);
#if 0
/* util_context.c */
#define EAP_EXPORT_CONTEXT_V1 1
-enum gss_eap_token_type {
- TOK_TYPE_NONE = 0x0000, /* no token */
- TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
- TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
- TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
- TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
- TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
- TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
- TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
-};
-
/* inner token types and flags */
#define ITOK_TYPE_NONE 0x00000000
#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
OM_uint32
gssEapContextTime(OM_uint32 *minor,
- gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 *time_rec);
OM_uint32
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
- const gss_name_t desiredName,
+ gss_const_name_t desiredName,
OM_uint32 timeReq,
const gss_OID_set desiredMechs,
int cred_usage,
const gss_buffer_t password);
OM_uint32
+gssEapSetCredClientCertificate(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ const gss_buffer_t clientCert,
+ const gss_buffer_t privateKey);
+
+OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t target);
+ gss_const_name_t target);
OM_uint32
gssEapResolveInitiatorCred(OM_uint32 *minor,
const gss_cred_id_t cred,
- const gss_name_t target,
+ gss_const_name_t target,
gss_cred_id_t *resolvedCred);
-int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
+int gssEapCredAvailable(gss_const_cred_id_t cred, gss_OID mech);
OM_uint32
gssEapInquireCred(OM_uint32 *minor,
int iov_count,
OM_uint32 type);
+gss_iov_buffer_t
+gssEapLocateHeaderIov(gss_iov_buffer_desc *iov,
+ int iov_count,
+ enum gss_eap_token_type toktype);
+
void
gssEapIovMessageLength(gss_iov_buffer_desc *iov,
int iov_count,
#ifdef HAVE_HEIMDAL_VERSION
+#include <der.h>
+
#define KRB_TIME_FOREVER ((time_t)~0L)
#define KRB_KEY_TYPE(key) ((key)->keytype)
#define KRB_DATA_INIT(d) krb5_data_zero((d))
+#define KRB_CHECKSUM_TYPE(c) ((c)->cksumtype)
+#define KRB_CHECKSUM_LENGTH(c) ((c)->checksum.length)
+#define KRB_CHECKSUM_DATA(c) ((c)->checksum.data)
+
+#define KRB_CHECKSUM_INIT(cksum, type, d) do { \
+ (cksum)->cksumtype = (type); \
+ (cksum)->checksum.length = (d)->length; \
+ (cksum)->checksum.data = (d)->value; \
+ } while (0)
+
+#define KRB_CHECKSUM_FREE(ctx, cksum) do { \
+ der_free_octet_string(&(cksum)->checksum); \
+ memset((cksum), 0, sizeof(*(cksum))); \
+ } while (0)
+
#else
#define KRB_TIME_FOREVER KRB5_INT32_MAX
#define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ)))
#define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ)))
#define KRB_PRINC_REALM(princ) (krb5_princ_realm(NULL, (princ)))
+#define KRB_PRINC_COMPONENT(princ, component) \
+ (krb5_princ_component(NULL, (princ), (component)))
#define KRB_KT_ENT_KEYBLOCK(e) (&(e)->key)
#define KRB_KT_ENT_FREE(c, e) krb5_free_keytab_entry_contents((c), (e))
(d)->data = NULL; \
} while (0)
+#define KRB_CHECKSUM_TYPE(c) ((c)->checksum_type)
+#define KRB_CHECKSUM_LENGTH(c) ((c)->length)
+#define KRB_CHECKSUM_DATA(c) ((c)->contents)
+
+#define KRB_CHECKSUM_INIT(cksum, type, d) do { \
+ (cksum)->checksum_type = (type); \
+ (cksum)->length = (d)->length; \
+ (cksum)->contents = (d)->value; \
+ } while (0)
+
+#define KRB_CHECKSUM_FREE(ctx, cksum) krb5_free_checksum_contents((ctx), (cksum))
+
#endif /* HAVE_HEIMDAL_VERSION */
#define KRB_KEY_INIT(key) do { \
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
int type,
size_t *length);
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t dataLength,
size_t *padLength);
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t *blockSize);
/* util_lucid.c */
OM_uint32
gssEapExportLucidSecContext(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
const gss_OID desiredObject,
gss_buffer_set_t *data_set);
OM_uint32
libMoonshotResolveInitiatorCred(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t targetName);
+ gss_const_name_t targetName);
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapExportName(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName);
OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName,
OM_uint32 flags);
OM_uint32 gssEapImportName(OM_uint32 *minor,
OM_uint32 flags);
OM_uint32
gssEapDuplicateName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_name_t *dest_name);
OM_uint32
gssEapCanonicalizeName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t *dest_name);
OM_uint32
gssEapDisplayName(OM_uint32 *minor,
- gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t output_name_buffer,
gss_OID *output_name_type);
+#define COMPARE_NAME_FLAG_IGNORE_EMPTY_REALMS 0x1
+
OM_uint32
gssEapCompareName(OM_uint32 *minor,
- gss_name_t name1,
- gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
+ OM_uint32 flags,
int *name_equal);
/* util_oid.c */
const gss_OID_set src,
gss_OID_set *dst);
-static inline int
-oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
-{
- if (o1 == GSS_C_NO_OID)
- return (o2 == GSS_C_NO_OID);
- else if (o2 == GSS_C_NO_OID)
- return (o1 == GSS_C_NO_OID);
- else
- return (o1->length == o2->length &&
- memcmp(o1->elements, o2->elements, o1->length) == 0);
-}
+extern int
+oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2);
/* util_ordering.c */
OM_uint32
OM_uint32 (*processToken)(OM_uint32 *,
gss_cred_id_t,
gss_ctx_id_t,
- gss_name_t,
+ gss_const_name_t,
gss_OID,
OM_uint32,
OM_uint32,
gssEapSmStep(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags,
OM_uint32 timeReq,
enum gss_eap_token_type *ret_tok_type);
/* Helper macros */
-
#ifndef GSSEAP_MALLOC
+#if _WIN32
+#include <gssapi/gssapi_alloc.h>
+#define GSSEAP_MALLOC gssalloc_malloc
+#define GSSEAP_CALLOC gssalloc_calloc
+#define GSSEAP_FREE gssalloc_free
+#define GSSEAP_REALLOC gssalloc_realloc
+#else
#define GSSEAP_CALLOC calloc
#define GSSEAP_MALLOC malloc
#define GSSEAP_FREE free
#define GSSEAP_REALLOC realloc
-#endif
+#endif /* _WIN32 */
+#endif /* !GSSEAP_MALLOC */
#ifndef GSSAPI_CALLCONV
#define GSSAPI_CALLCONV KRB5_CALLCONV
krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
int index, gss_buffer_t buffer)
{
+ if (KRB_PRINC_LENGTH(krbPrinc) <= index) {
+ buffer->value = NULL;
+ buffer->length = 0;
+ } else {
#ifdef HAVE_HEIMDAL_VERSION
- buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index];
- buffer->length = strlen((char *)buffer->value);
+ buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index];
+ buffer->length = strlen((char *)buffer->value);
#else
- buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
- buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
+ buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
+ buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
#endif /* HAVE_HEIMDAL_VERSION */
+ }
+}
+
+static inline krb5_error_code
+krbPrincUnparseServiceSpecifics(krb5_context krbContext, krb5_principal krbPrinc,
+ gss_buffer_t nameBuf)
+{
+ krb5_error_code result = 0;
+ if (KRB_PRINC_LENGTH(krbPrinc) > 2) {
+ /* Acceptor-Service-Specific */
+ krb5_principal_data ssiPrinc = *krbPrinc;
+ char *ssi;
+
+ KRB_PRINC_LENGTH(&ssiPrinc) -= 2;
+ KRB_PRINC_NAME(&ssiPrinc) += 2;
+
+ result = krb5_unparse_name_flags(krbContext, &ssiPrinc,
+ KRB5_PRINCIPAL_UNPARSE_NO_REALM, &ssi);
+ if (result != 0)
+ return result;
+
+ nameBuf->value = ssi;
+ nameBuf->length = strlen(ssi);
+ } else {
+ nameBuf->value = NULL;
+ nameBuf->length = 0;
+ }
+
+ return result;
+}
+
+static inline void
+krbFreeUnparsedName(krb5_context krbContext GSSEAP_UNUSED, gss_buffer_t nameBuf)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_xfree((char *) nameBuf->value);
+#else
+ krb5_free_unparsed_name(krbContext, (char *)(nameBuf->value));
+#endif
+ nameBuf->value = NULL;
+ nameBuf->length = 0;
}
static inline void