#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
#endif
+#if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+#define GSSEAP_UNUSED __attribute__ ((__unused__))
+#else
+#define GSSEAP_UNUSED
+#endif
+
/* util_buffer.c */
OM_uint32
makeStringBuffer(OM_uint32 *minor,
};
/* inner token types and flags */
-#define ITOK_TYPE_NONE 0x00000000
-#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
-#define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */
-#define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */
-#define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */
-#define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */
-#define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* critical, required, if not reauth */
-#define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */
-#define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */
-#define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
-#define ITOK_TYPE_INITIATOR_MIC 0x0000000A /* required */
-#define ITOK_TYPE_ACCEPTOR_MIC 0x0000000B /* required */
-#define ITOK_TYPE_ACCEPTOR_EXTS 0x0000000C /* optional, acceptor exts supported */
-#define ITOK_TYPE_INITIATOR_EXTS 0x0000000D /* optional, initiator exts supported */
-#define ITOK_TYPE_VERSION_INFO 0x0000000E /* optional */
-#define ITOK_TYPE_VENDOR_INFO 0x0000000F /* optional */
-
-#define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
-#define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
-
-#define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
+#define ITOK_TYPE_NONE 0x00000000
+#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
+#define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */
+#define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */
+#define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */
+#define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */
+#define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* optional */
+#define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */
+#define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */
+#define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
+#define ITOK_TYPE_GSS_FLAGS 0x0000000A /* optional */
+#define ITOK_TYPE_INITIATOR_MIC 0x0000000B /* required */
+#define ITOK_TYPE_ACCEPTOR_MIC 0x0000000C /* required */
+#define ITOK_TYPE_SUPPORTED_ACCEPTOR_EXTS 0x0000000D /* optional */
+#define ITOK_TYPE_SUPPORTED_INITIATOR_EXTS 0x0000000E /* optional */
+
+/* experimental */
+#define ITOK_TYPE_VERSION_INFO 0x00000080 /* optional */
+#define ITOK_TYPE_VENDOR_INFO 0x00000081 /* optional */
+
+#define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
+#define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
+
+#define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
+
+#define ITOK_HEADER_LENGTH 8 /* type || length */
+
+#define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG )
OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32
-gssEapRecordContextTokenHeader(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- enum gss_eap_token_type tokType);
-
-OM_uint32
-gssEapRecordInnerContextToken(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- gss_buffer_t innerToken,
- OM_uint32 type);
-
-OM_uint32
-gssEapVerifyContextToken(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- const gss_buffer_t inputToken,
- enum gss_eap_token_type tokenType,
- gss_buffer_t innerInputToken);
-
-OM_uint32
gssEapContextTime(OM_uint32 *minor,
gss_ctx_id_t context_handle,
OM_uint32 *time_rec);
const gss_buffer_t convMIC);
OM_uint32
-gssEapEncodeExtensions(OM_uint32 *minor,
- OM_uint32 *types,
- size_t typesCount,
- gss_buffer_t outputToken);
-
-OM_uint32
-gssEapProcessExtensions(OM_uint32 *minor,
- gss_buffer_t inputToken,
- struct gss_eap_itok_map *map,
- size_t mapCount,
- OM_uint32 *flags);
-
-OM_uint32
gssEapMakeTokenChannelBindings(OM_uint32 *minor,
gss_ctx_id_t ctx,
gss_channel_bindings_t userBindings,
krb5_keyblock *key,
krb5_cksumtype *cksumtype);
-krb5_const_principal
-krbAnonymousPrincipal(void);
-
krb5_error_code
krbCryptoLength(krb5_context krbContext,
#ifdef HAVE_HEIMDAL_VERSION
/* util_mech.c */
extern gss_OID GSS_EAP_MECHANISM;
-int
-gssEapInternalizeOid(const gss_OID oid,
- gss_OID *const pInternalizedOid);
+#define OID_FLAG_NULL_VALID 0x00000001
+#define OID_FLAG_FAMILY_MECH_VALID 0x00000002
+#define OID_FLAG_MAP_NULL_TO_DEFAULT_MECH 0x00000004
+#define OID_FLAG_MAP_FAMILY_MECH_TO_NULL 0x00000008
+
+OM_uint32
+gssEapCanonicalizeOid(OM_uint32 *minor,
+ const gss_OID oid,
+ OM_uint32 flags,
+ gss_OID *pOid);
OM_uint32
gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid);
gssEapSaslNameToOid(const gss_buffer_t name);
/* util_name.c */
-#define EXPORT_NAME_FLAG_OID 0x1
-#define EXPORT_NAME_FLAG_COMPOSITE 0x2
+#define EXPORT_NAME_FLAG_OID 0x1
+#define EXPORT_NAME_FLAG_COMPOSITE 0x2
+#define EXPORT_NAME_FLAG_ALLOW_COMPOSITE 0x4
OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
const gss_name_t name,
gss_buffer_t exportedName,
- unsigned int flags);
+ OM_uint32 flags);
OM_uint32 gssEapImportName(OM_uint32 *minor,
const gss_buffer_t input_name_buffer,
- gss_OID input_name_type,
+ const gss_OID input_name_type,
+ const gss_OID input_mech_type,
gss_name_t *output_name);
OM_uint32 gssEapImportNameInternal(OM_uint32 *minor,
const gss_buffer_t input_name_buffer,
gss_name_t *output_name,
- unsigned int flags);
+ OM_uint32 flags);
OM_uint32
gssEapDuplicateName(OM_uint32 *minor,
const gss_name_t input_name,
gss_name_t *dest_name);
OM_uint32
+gssEapCanonicalizeName(OM_uint32 *minor,
+ const gss_name_t input_name,
+ const gss_OID mech_type,
+ gss_name_t *dest_name);
+
+OM_uint32
gssEapDisplayName(OM_uint32 *minor,
gss_name_t name,
gss_buffer_t output_name_buffer,
gss_OID *output_name_type);
+OM_uint32
+gssEapCompareName(OM_uint32 *minor,
+ gss_name_t name1,
+ gss_name_t name2,
+ int *name_equal);
+
/* util_oid.c */
OM_uint32
composeOid(OM_uint32 *minor_status,
/* util_token.c */
OM_uint32
-gssEapEncodeInnerTokens(OM_uint32 *minor,
- gss_buffer_set_t extensions,
- OM_uint32 *types,
- gss_buffer_t buffer);
-OM_uint32
gssEapDecodeInnerTokens(OM_uint32 *minor,
const gss_buffer_t buffer,
gss_buffer_set_t *pExtensions,
OM_uint32 **pTypes);
+OM_uint32
+gssEapRecordContextTokenHeader(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ enum gss_eap_token_type tokType);
+
+OM_uint32
+gssEapRecordInnerContextToken(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_buffer_t innerToken,
+ OM_uint32 type);
+
+OM_uint32
+gssEapVerifyContextToken(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ const gss_buffer_t inputToken,
+ enum gss_eap_token_type tokenType,
+ gss_buffer_t innerInputToken);
+
+OM_uint32
+gssEapEncodeSupportedExts(OM_uint32 *minor,
+ OM_uint32 *types,
+ size_t typesCount,
+ gss_buffer_t outputToken);
+
+OM_uint32
+gssEapProcessSupportedExts(OM_uint32 *minor,
+ gss_buffer_t inputToken,
+ struct gss_eap_itok_map *map,
+ size_t mapCount,
+ OM_uint32 *flags);
+
size_t
tokenSize(size_t bodySize);
}
#endif
+#include "util_json.h"
#include "util_attr.h"
+#include "util_base64.h"
#ifdef GSSEAP_ENABLE_REAUTH
#include "util_reauth.h"
#endif
projects / mech_eap.orig / blobdiff