TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
TOK_TYPE_EAP_RESP = 0x0601, /* draft-howlett-eap-gss */
TOK_TYPE_EAP_REQ = 0x0602, /* draft-howlett-eap-gss */
- TOK_TYPE_GSS_CB = 0x0603, /* draft-howlett-eap-gss */
- TOK_TYPE_KRB_CRED = 0x0604, /* to be specified */
+ TOK_TYPE_EXT_REQ = 0x0603, /* draft-howlett-eap-gss */
+ TOK_TYPE_EXT_RESP = 0x0604, /* to be specified */
TOK_TYPE_GSS_REAUTH = 0x0605, /* to be specified */
};
gssEapVerifyToken(OM_uint32 *minor,
gss_ctx_id_t ctx,
const gss_buffer_t inputToken,
- enum gss_eap_token_type tokenType,
- enum gss_eap_token_type *actualToken,
+ enum gss_eap_token_type *tokenType,
gss_buffer_t innerInputToken);
OM_uint32
krb5_enctype enctype,
krb5_keyblock *pKey);
+/* util_exts.c */
+#define EXT_FLAG_CRITICAL 0x80000000
+#define EXT_FLAG_VERIFIED 0x40000000
+
+#define EXT_TYPE_GSS_CHANNEL_BINDINGS 0x00000000
+#define EXT_TYPE_REAUTH_CREDS 0x00000001
+#define EXT_TYPE_MASK (~(EXT_FLAG_CRITICAL | EXT_FLAG_VERIFIED))
+
+struct gss_eap_extension_provider {
+ OM_uint32 type;
+ int critical; /* client */
+ int required; /* server */
+ OM_uint32 (*make)(OM_uint32 *,
+ gss_cred_id_t,
+ gss_ctx_id_t,
+ gss_channel_bindings_t,
+ gss_buffer_t);
+ OM_uint32 (*verify)(OM_uint32 *,
+ gss_cred_id_t,
+ gss_ctx_id_t,
+ gss_channel_bindings_t,
+ const gss_buffer_t);
+};
+
+OM_uint32
+gssEapMakeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer);
+
+OM_uint32
+gssEapVerifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer);
+
/* util_krb.c */
OM_uint32
gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
} \
} while (0)
+/* util_lucid.c */
+OM_uint32
+gssEapExportLucidSecContext(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ const gss_OID desiredObject,
+ gss_buffer_set_t *data_set);
+
/* util_mech.c */
+extern gss_OID GSS_EAP_MECHANISM;
+
int
gssEapInternalizeOid(const gss_OID oid,
gss_OID *const pInternalizedOid);
gssEapValidateMechs(OM_uint32 *minor,
const gss_OID_set mechs);
+gss_buffer_t
+gssEapOidToSaslName(const gss_OID oid);
+
+gss_OID
+gssEapSaslNameToOid(const gss_buffer_t name);
+
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
#define EXPORT_NAME_FLAG_COMPOSITE 0x2
size_t *body_size,
unsigned char **buf_in,
size_t toksize_in,
- enum gss_eap_token_type tok_type,
enum gss_eap_token_type *ret_tok_type);
/* Helper macros */
-#define GSSEAP_CALLOC(count, size) (calloc((count), (size)))
-#define GSSEAP_FREE(ptr) (free((ptr)))
-#define GSSEAP_MALLOC(size) (malloc((size)))
-#define GSSEAP_REALLOC(ptr, size) (realloc((ptr), (size)))
+
+#define GSSEAP_CALLOC calloc
+#define GSSEAP_MALLOC malloc
+#define GSSEAP_FREE free
+#define GSSEAP_REALLOC realloc
#define GSSEAP_NOT_IMPLEMENTED do { \
assert(0 && "not implemented"); \
#endif
#include "util_attr.h"
+#ifdef GSSEAP_ENABLE_REAUTH
#include "util_reauth.h"
+#endif
#endif /* _UTIL_H_ */
projects / mech_eap.git / blobdiff