X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=846c3edef74c876b1b030a90f815f87d3d30ea22;hb=31355119edb3a282ab302c05e33e23430af67603;hp=267235a2c16d54fb271030025728dc401c887037;hpb=fccb62a45fe5beeb53a8660237e2919760e9e2c2;p=mech_eap.orig

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 267235a..846c3ed 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -36,48 +36,53 @@
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
 #include <time.h>
 
 /* GSS includes */
 #include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
 #include <gssapi/gssapi_ext.h>
 #include "gssapi_eap.h"
-#include "util.h"
 
-/* EAP includes */
-#define IEEE8021X_EAPOL 1
+/* Kerberos includes */
+#include <krb5.h>
 
+/* EAP includes */
+#ifndef __cplusplus
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
+#include <crypto/tls.h>
 #include <wpabuf.h>
+#endif
 
-/* Kerberos includes */
-#include <krb5.h>
+#include <freeradius-client.h>
+#include <freeradius/radius.h>
+
+#include "util.h"
 
+/* These name flags are informative and not actually used by anything yet */
 #define NAME_FLAG_NAI                       0x00000001
 #define NAME_FLAG_SERVICE                   0x00000002
-#define NAME_FLAG_SAML                      0x00000010
-#define NAME_FLAG_RADIUS                    0x00000020
+#define NAME_FLAG_COMPOSITE                 0x00000004
 
-#define NAME_HAS_ATTRIBUTES(name)           ((name)->flags & \
-                                             (NAME_FLAG_SAML | NAME_FLAG_RADIUS))
-
-struct eap_gss_saml_assertion;
-struct eap_gss_avp_list;
+struct gss_eap_saml_attr_ctx;
+struct gss_eap_attr_ctx;
 
 struct gss_name_struct {
-    GSSEAP_MUTEX mutex; /* mutex protecting attributes */
+    GSSEAP_MUTEX mutex; /* mutex protects attrCtx */
     OM_uint32 flags;
     krb5_principal krbPrincipal; /* this is immutable */
-    struct eap_gss_saml_assertion *assertion;
-    struct eap_gss_avp_list *avps;
+    struct gss_eap_attr_ctx *attrCtx;
 };
 
-#define CRED_FLAG_INITIATE                  0x00000001
-#define CRED_FLAG_ACCEPT                    0x00000002
-#define CRED_FLAG_DEFAULT_IDENTITY          0x00000004
-#define CRED_FLAG_PASSWORD                  0x00000008
+#define CRED_FLAG_INITIATE                  0x00010000
+#define CRED_FLAG_ACCEPT                    0x00020000
+#define CRED_FLAG_DEFAULT_IDENTITY          0x00040000
+#define CRED_FLAG_PASSWORD                  0x00080000
+#define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
 struct gss_cred_id_struct {
     GSSEAP_MUTEX mutex;
@@ -86,18 +91,23 @@ struct gss_cred_id_struct {
     gss_buffer_desc password;
     gss_OID_set mechanisms;
     time_t expiryTime;
+    char *radiusConfigFile;
+    krb5_ccache krbCredCache;
+    gss_cred_id_t krbCred;
 };
 
 #define CTX_FLAG_INITIATOR                  0x00000001
+#define CTX_FLAG_KRB_REAUTH_GSS             0x00000002
 
 #define CTX_IS_INITIATOR(ctx)               (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
 
-enum eap_gss_state {
-    EAP_STATE_AUTHENTICATE = 1,
-    EAP_STATE_KEY_TRANSPORT,
-    EAP_STATE_SECURE_ASSOCIATION,
-    EAP_STATE_GSS_CHANNEL_BINDINGS,
-    EAP_STATE_ESTABLISHED
+enum gss_eap_state {
+    EAP_STATE_IDENTITY = 0,
+    EAP_STATE_AUTHENTICATE,
+    EAP_STATE_EXTENSIONS_REQ,
+    EAP_STATE_EXTENSIONS_RESP,
+    EAP_STATE_ESTABLISHED,
+    EAP_STATE_KRB_REAUTH_GSS
 };
 
 #define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == EAP_STATE_ESTABLISHED)
@@ -112,38 +122,46 @@ enum eap_gss_state {
 #define CTX_FLAG_EAP_PORT_ENABLED           0x00400000
 #define CTX_FLAG_EAP_ALT_ACCEPT             0x00800000
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
+#define CTX_FLAG_EAP_MASK                   0xFFFF0000
 
-struct eap_gss_initiator_ctx {
-    struct wpabuf *eapReqData;
+struct gss_eap_initiator_ctx {
     unsigned int idleWhile;
-    struct eap_peer_config eapConfig;
+#ifndef __cplusplus
+    struct eap_peer_config eapPeerConfig;
     struct eap_sm *eap;
+    struct wpabuf reqData;
+#endif
 };
 
-/* Acceptor context flags */
-struct eap_gss_acceptor_ctx {
+struct gss_eap_acceptor_ctx {
+    rc_handle *radHandle;
+    int lastStatus;
+    VALUE_PAIR *avps;
+    gss_buffer_desc state;
 };
 
 struct gss_ctx_id_struct {
     GSSEAP_MUTEX mutex;
-    enum eap_gss_state state;
+    enum gss_eap_state state;
     OM_uint32 flags;
     OM_uint32 gssFlags;
     gss_OID mechanismUsed;
-    krb5_enctype encryptionType;
     krb5_cksumtype checksumType;
+    krb5_enctype encryptionType;
     krb5_keyblock rfc3961Key;
     gss_name_t initiatorName;
     gss_name_t acceptorName;
     time_t expiryTime;
+    uint64_t sendSeq, recvSeq;
+    void *seqState;
     union {
-        struct eap_gss_initiator_ctx initiator;
+        struct gss_eap_initiator_ctx initiator;
         #define initiatorCtx         ctxU.initiator
-        struct eap_gss_acceptor_ctx  acceptor;
+        struct gss_eap_acceptor_ctx  acceptor;
         #define acceptorCtx          ctxU.acceptor
+        gss_ctx_id_t                 kerberos;
+        #define kerberosCtx          ctxU.kerberos
     } ctxU;
-    uint64_t sendSeq, recvSeq;
-    void *seqState;
 };
 
 #define TOK_FLAG_SENDER_IS_ACCEPTOR         0x01
@@ -154,6 +172,7 @@ struct gss_ctx_id_struct {
 #define KEY_USAGE_ACCEPTOR_SIGN             23
 #define KEY_USAGE_INITIATOR_SEAL            24
 #define KEY_USAGE_INITIATOR_SIGN            25
+#define KEY_USAGE_CHANNEL_BINDINGS          64
 
 /* wrap_iov.c */
 OM_uint32
@@ -174,5 +193,24 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
                         int iov_count,
                         enum gss_eap_token_type toktype);
 
+OM_uint32
+gssEapWrapIovLength(OM_uint32 *minor,
+                    gss_ctx_id_t ctx,
+                    int conf_req_flag,
+                    gss_qop_t qop_req,
+                    int *conf_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count);
+OM_uint32
+gssEapWrap(OM_uint32 *minor,
+           gss_ctx_id_t ctx,
+           int conf_req_flag,
+           gss_qop_t qop_req,
+           gss_buffer_t input_message_buffer,
+           int *conf_state,
+           gss_buffer_t output_message_buffer);
+
+unsigned char
+rfc4121Flags(gss_ctx_id_t ctx, int receiving);
 
 #endif /* _GSSAPIP_EAP_H_ */