X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=2369f47826cb87392ebfddf5a29da3c3fba75e8e;hb=d4fe7ce93304facaf069792c347b01b25ab765ae;hp=128b0fed27bc8d11667249948cfa1fc995b4f9f4;hpb=6800e2157097202a9e1e8ff414fb484ef4607bde;p=mech_eap.orig

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 128b0fe..2369f47 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -36,40 +36,56 @@
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <time.h>
 
 /* GSS includes */
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_ext.h>
 #include "gssapi_eap.h"
+#include "util.h"
 
 /* EAP includes */
-#define IEEE8021X_EAPOL 1
-
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
+#include <crypto/tls.h>                     /* XXX testing implementation only */
 #include <wpabuf.h>
 
 /* Kerberos includes */
 #include <krb5.h>
 
+#define NAME_FLAG_NAI                       0x00000001
+#define NAME_FLAG_SERVICE                   0x00000002
+#define NAME_FLAG_SAML                      0x00000010
+#define NAME_FLAG_RADIUS                    0x00000020
+
+#define NAME_HAS_ATTRIBUTES(name)           ((name)->flags & \
+                                             (NAME_FLAG_SAML | NAME_FLAG_RADIUS))
+
+struct eap_gss_saml_assertion;
+struct eap_gss_avp_list;
+
 struct gss_name_struct {
+    GSSEAP_MUTEX mutex; /* mutex protecting attributes */
     OM_uint32 flags;
-    krb5_principal kerberosName;
-    void *aaa;
-    void *assertion;
+    krb5_principal krbPrincipal; /* this is immutable */
+    struct eap_gss_saml_assertion *assertion;
+    struct eap_gss_avp_list *avps;
 };
 
-#define CRED_FLAG_INITIATOR                 0x00000001
-#define CRED_FLAG_ACCEPTOR                  0x00000002
+#define CRED_FLAG_INITIATE                  0x00000001
+#define CRED_FLAG_ACCEPT                    0x00000002
 #define CRED_FLAG_DEFAULT_IDENTITY          0x00000004
 #define CRED_FLAG_PASSWORD                  0x00000008
 
 struct gss_cred_id_struct {
+    GSSEAP_MUTEX mutex;
     OM_uint32 flags;
     gss_name_t name;
     gss_buffer_desc password;
+    gss_OID_set mechanisms;
     time_t expiryTime;
 };
 
@@ -78,7 +94,7 @@ struct gss_cred_id_struct {
 #define CTX_IS_INITIATOR(ctx)               (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
 
 enum eap_gss_state {
-    EAP_STATE_AUTHENTICATE = 1,
+    EAP_STATE_AUTHENTICATE = 0,
     EAP_STATE_KEY_TRANSPORT,
     EAP_STATE_SECURE_ASSOCIATION,
     EAP_STATE_GSS_CHANNEL_BINDINGS,
@@ -99,25 +115,28 @@ enum eap_gss_state {
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
 
 struct eap_gss_initiator_ctx {
-    struct wpabuf *eapReqData;
     unsigned int idleWhile;
-    struct eap_peer_config eapConfig;
+    struct eap_peer_config eapPeerConfig;
+    struct eap_config eapConfig;
     struct eap_sm *eap;
+    struct wpabuf reqData;
 };
 
-/* Acceptor context flags */
 struct eap_gss_acceptor_ctx {
+    struct eap_eapol_interface *eapPolInterface;
+    void *tlsContext;
+    struct eap_sm *eap;
+    struct eap_config eapConfig; /* XXX */
 };
 
 struct gss_ctx_id_struct {
+    GSSEAP_MUTEX mutex;
     enum eap_gss_state state;
     OM_uint32 flags;
     OM_uint32 gssFlags;
-    krb5_context kerberosCtx;
     gss_OID mechanismUsed;
     krb5_enctype encryptionType;
-    krb5_cksumtype checksumType;
-    krb5_keyblock *encryptionKey;
+    krb5_keyblock rfc3961Key;
     gss_name_t initiatorName;
     gss_name_t acceptorName;
     time_t expiryTime;
@@ -135,87 +154,10 @@ struct gss_ctx_id_struct {
 #define TOK_FLAG_WRAP_CONFIDENTIAL          0x02
 #define TOK_FLAG_ACCEPTOR_SUBKEY            0x04
 
-enum gss_eap_token_type {
-    TOK_TYPE_MIC     = 0x0404,
-    TOK_TYPE_WRAP    = 0x0504,
-    TOK_TYPE_DELETE  = 0x0405
-};
-
-/* Helper APIs */
-OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-
-OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
-OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
-
-OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-
-/* Kerberos token services */
-#define KRB_USAGE_ACCEPTOR_SEAL             22
-#define KRB_USAGE_ACCEPTOR_SIGN             23
-#define KRB_USAGE_INITIATOR_SEAL            24
-#define KRB_USAGE_INITIATOR_SIGN            25
-
-#if 0
-#define KRB_KEYTYPE(key)                    ((key)->keytype)
-#else
-#define KRB_KEYTYPE(key)                    ((key)->enctype)
-#endif
-
-/* util_crypt.c */
-int
-gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
-              size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
-              gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
-              size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
-              gss_iov_buffer_desc *iov, int iov_count);
-
-krb5_cryptotype
-gssEapTranslateCryptoFlag(OM_uint32 type);
-
-gss_iov_buffer_t
-gssEapLocateIov(gss_iov_buffer_desc *iov,
-                int iov_count,
-                OM_uint32 type);
-
-void
-gssEapIovMessageLength(gss_iov_buffer_desc *iov,
-                       int iov_count,
-                       size_t *data_length,
-                       size_t *assoc_data_length);
-
-void
-gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
-
-/* util_cksum.c */
-int
-gssEapSign(krb5_context context,
-           krb5_cksumtype type,
-           size_t rrc,
-           krb5_keyblock *key,
-           krb5_keyusage sign_usage,
-           gss_iov_buffer_desc *iov,
-           int iov_count);
-
-int
-gssEapVerify(krb5_context context,
-             krb5_cksumtype type,
-             size_t rrc,  
-             krb5_keyblock *key,
-             krb5_keyusage sign_usage,
-             gss_iov_buffer_desc *iov,
-             int iov_count,
-             int *valid);
+#define KEY_USAGE_ACCEPTOR_SEAL             22
+#define KEY_USAGE_ACCEPTOR_SIGN             23
+#define KEY_USAGE_INITIATOR_SEAL            24
+#define KEY_USAGE_INITIATOR_SIGN            25
 
 /* wrap_iov.c */
 OM_uint32
@@ -236,17 +178,5 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
                         int iov_count,
                         enum gss_eap_token_type toktype);
 
-/* Helper macros */
-#define GSSEAP_CALLOC(count, size)      (calloc((count), (size)))
-#define GSSEAP_FREE(ptr)                (free((ptr)))
-#define GSSEAP_MALLOC(size)             (malloc((size)))
-#define GSSEAP_REALLOC(ptr, size)       (realloc((ptr), (size)))
-
-#define GSSEAP_NOT_IMPLEMENTED          do {            \
-        assert(0 && "not implemented");                 \
-        *minor = ENOSYS;                                \
-        return GSS_S_FAILURE;                           \
-    } while (0)
 
 #endif /* _GSSAPIP_EAP_H_ */
-