*
*/
+/*
+ * Utility functions.
+ */
+
#ifndef _UTIL_H_
#define _UTIL_H_ 1
+#include <sys/param.h>
#include <string.h>
#include <errno.h>
extern "C" {
#endif
-#ifndef MIN /* Usually found in <sys/param.h>. */
+#ifndef MIN
#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
#endif
-#define KRB_KEY_TYPE(key) ((key)->enctype)
-#define KRB_KEY_DATA(key) ((key)->contents)
-#define KRB_KEY_LENGTH(key) ((key)->length)
-#define KRB_KEY_INIT(key) do { \
- KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
- KRB_KEY_DATA(key) = NULL; \
- KRB_KEY_LENGTH(key) = 0; \
- } while (0)
-
-enum gss_eap_token_type {
- TOK_TYPE_NONE = 0x0000, /* no token */
- TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
- TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
- TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
- TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* draft-ietf-kitten-gss-naming */
- TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
- TOK_TYPE_EAP_RESP = 0x0601, /* draft-howlett-eap-gss */
- TOK_TYPE_EAP_REQ = 0x0602, /* draft-howlett-eap-gss */
- TOK_TYPE_GSS_CB = 0x0603, /* draft-howlett-eap-gss */
-};
-
-#define EAP_EXPORT_CONTEXT_V1 1
-
/* util_buffer.c */
OM_uint32
makeStringBuffer(OM_uint32 *minor,
#endif
/* util_context.c */
+#define EAP_EXPORT_CONTEXT_V1 1
+
+enum gss_eap_token_type {
+ TOK_TYPE_NONE = 0x0000, /* no token */
+ TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
+ TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
+ TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
+ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
+ TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
+ TOK_TYPE_EAP_RESP = 0x0601, /* EAP response */
+ TOK_TYPE_EAP_REQ = 0x0602, /* EAP request */
+ TOK_TYPE_EXT_REQ = 0x0603, /* GSS EAP extensions request */
+ TOK_TYPE_EXT_RESP = 0x0604, /* GSS EAP extensions response */
+ TOK_TYPE_GSS_REAUTH = 0x0605, /* GSS EAP fast reauthentication token */
+ TOK_TYPE_CONTEXT_ERR = 0x0606, /* context error */
+};
+
OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
gssEapVerifyToken(OM_uint32 *minor,
gss_ctx_id_t ctx,
const gss_buffer_t inputToken,
- enum gss_eap_token_type tokenType,
+ enum gss_eap_token_type *tokenType,
gss_buffer_t innerInputToken);
OM_uint32
krb5_enctype enctype,
krb5_keyblock *pKey);
-/* util_krb.c */
+/* util_exts.c */
+#define EXT_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
+#define EXT_FLAG_VERIFIED 0x40000000 /* verified, API flag */
+
+#define EXT_TYPE_GSS_CHANNEL_BINDINGS 0x00000000
+#define EXT_TYPE_REAUTH_CREDS 0x00000001
+#define EXT_TYPE_MASK (~(EXT_FLAG_CRITICAL | EXT_FLAG_VERIFIED))
+
+struct gss_eap_extension_provider {
+ OM_uint32 type;
+ int critical; /* client */
+ int required; /* server */
+ OM_uint32 (*make)(OM_uint32 *,
+ gss_cred_id_t,
+ gss_ctx_id_t,
+ gss_channel_bindings_t,
+ gss_buffer_t);
+ OM_uint32 (*verify)(OM_uint32 *,
+ gss_cred_id_t,
+ gss_ctx_id_t,
+ gss_channel_bindings_t,
+ const gss_buffer_t);
+};
+
OM_uint32
-gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
+gssEapMakeExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ gss_buffer_t buffer);
OM_uint32
-rfc3961ChecksumTypeForKey(OM_uint32 *minor,
- krb5_keyblock *key,
- krb5_cksumtype *cksumtype);
+gssEapVerifyExtensions(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_channel_bindings_t chanBindings,
+ const gss_buffer_t buffer);
+
+/* util_krb.c */
+#define KRB_KEY_TYPE(key) ((key)->enctype)
+#define KRB_KEY_DATA(key) ((key)->contents)
+#define KRB_KEY_LENGTH(key) ((key)->length)
+#define KRB_KEY_INIT(key) do { \
+ KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
+ KRB_KEY_DATA(key) = NULL; \
+ KRB_KEY_LENGTH(key) = 0; \
+ } while (0)
#define GSSEAP_KRB_INIT(ctx) do { \
OM_uint32 tmpMajor; \
+ \
tmpMajor = gssEapKerberosInit(minor, ctx); \
if (GSS_ERROR(tmpMajor)) { \
return tmpMajor; \
} \
} while (0)
+OM_uint32
+gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
+
+OM_uint32
+rfc3961ChecksumTypeForKey(OM_uint32 *minor,
+ krb5_keyblock *key,
+ krb5_cksumtype *cksumtype);
+
+/* util_lucid.c */
+OM_uint32
+gssEapExportLucidSecContext(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ const gss_OID desiredObject,
+ gss_buffer_set_t *data_set);
+
/* util_mech.c */
+extern gss_OID GSS_EAP_MECHANISM;
+
int
gssEapInternalizeOid(const gss_OID oid,
gss_OID *const pInternalizedOid);
gssEapValidateMechs(OM_uint32 *minor,
const gss_OID_set mechs);
+gss_buffer_t
+gssEapOidToSaslName(const gss_OID oid);
+
+gss_OID
+gssEapSaslNameToOid(const gss_buffer_t name);
+
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
#define EXPORT_NAME_FLAG_COMPOSITE 0x2
size_t *body_size,
unsigned char **buf_in,
size_t toksize_in,
- enum gss_eap_token_type tok_type);
+ enum gss_eap_token_type *ret_tok_type);
/* Helper macros */
-#define GSSEAP_CALLOC(count, size) (calloc((count), (size)))
-#define GSSEAP_FREE(ptr) (free((ptr)))
-#define GSSEAP_MALLOC(size) (malloc((size)))
-#define GSSEAP_REALLOC(ptr, size) (realloc((ptr), (size)))
+
+#define GSSEAP_CALLOC calloc
+#define GSSEAP_MALLOC malloc
+#define GSSEAP_FREE free
+#define GSSEAP_REALLOC realloc
#define GSSEAP_NOT_IMPLEMENTED do { \
assert(0 && "not implemented"); \
buffer->length = data->length;
}
+static inline void
+gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
+{
+ data->data = (char *)buffer->value;
+ data->length = buffer->length;
+}
+
#ifdef __cplusplus
}
#endif
#include "util_attr.h"
+#ifdef GSSEAP_ENABLE_REAUTH
+#include "util_reauth.h"
+#endif
#endif /* _UTIL_H_ */
projects / mech_eap.orig / blobdiff