X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=b46c2bc0cfddaf36ad7ed780f52b7ab06170b070;hb=aa3e3279477f71dbe2efb212cedea1c0929f25e8;hp=1d97e738a45d5cf2111bf4cb5102fc9b51eab9b4;hpb=81378d116795fa8a7a56dc8e00c3b2666126682d;p=mech_eap.orig diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 1d97e73..b46c2bc 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -33,8 +33,6 @@ #ifndef _GSSAPIP_EAP_H_ #define _GSSAPIP_EAP_H_ 1 -#define BUILTIN_EAP 1 - #include #include #include @@ -44,9 +42,9 @@ /* GSS includes */ #include +#include #include #include "gssapi_eap.h" -#include "util.h" /* Kerberos includes */ #include @@ -56,31 +54,35 @@ #include #include #include -#include /* XXX testing implementation only */ +#include #include #endif +#include +#include + +#include "util.h" + +/* These name flags are informative and not actually used by anything yet */ #define NAME_FLAG_NAI 0x00000001 #define NAME_FLAG_SERVICE 0x00000002 -#define NAME_FLAG_RADIUS_ATTRIBUTES 0x00000004 -#define NAME_FLAG_SAML_ATTRIBUTES 0x00000008 - -#define NAME_HAS_ATTRIBUTES(name) ((name)->attrCtx != NULL) +#define NAME_FLAG_COMPOSITE 0x00000004 struct gss_eap_saml_attr_ctx; struct gss_eap_attr_ctx; struct gss_name_struct { - GSSEAP_MUTEX mutex; /* mutex protecting attributes */ + GSSEAP_MUTEX mutex; /* mutex protects attrCtx */ OM_uint32 flags; krb5_principal krbPrincipal; /* this is immutable */ struct gss_eap_attr_ctx *attrCtx; }; -#define CRED_FLAG_INITIATE 0x00000001 -#define CRED_FLAG_ACCEPT 0x00000002 -#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004 -#define CRED_FLAG_PASSWORD 0x00000008 +#define CRED_FLAG_INITIATE 0x00010000 +#define CRED_FLAG_ACCEPT 0x00020000 +#define CRED_FLAG_DEFAULT_IDENTITY 0x00040000 +#define CRED_FLAG_PASSWORD 0x00080000 +#define CRED_FLAG_PUBLIC_MASK 0x0000FFFF struct gss_cred_id_struct { GSSEAP_MUTEX mutex; @@ -89,20 +91,27 @@ struct gss_cred_id_struct { gss_buffer_desc password; gss_OID_set mechanisms; time_t expiryTime; + char *radiusConfigFile; +#ifdef GSSEAP_ENABLE_REAUTH + krb5_ccache krbCredCache; + gss_cred_id_t krbCred; +#endif }; #define CTX_FLAG_INITIATOR 0x00000001 +#define CTX_FLAG_KRB_REAUTH_GSS 0x00000002 #define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) enum gss_eap_state { - EAP_STATE_AUTHENTICATE = 0, -#if 0 - EAP_STATE_KEY_TRANSPORT, - EAP_STATE_SECURE_ASSOCIATION, + EAP_STATE_IDENTITY = 0, + EAP_STATE_AUTHENTICATE, + EAP_STATE_EXTENSIONS_REQ, + EAP_STATE_EXTENSIONS_RESP, + EAP_STATE_ESTABLISHED, +#ifdef GSSEAP_ENABLE_REAUTH + EAP_STATE_KRB_REAUTH_GSS #endif - EAP_STATE_GSS_CHANNEL_BINDINGS, - EAP_STATE_ESTABLISHED }; #define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED) @@ -129,11 +138,10 @@ struct gss_eap_initiator_ctx { }; struct gss_eap_acceptor_ctx { -#if defined(BUILTIN_EAP) && !defined(__cplusplus) - struct eap_eapol_interface *eapPolInterface; - void *tlsContext; - struct eap_sm *eap; -#endif + rc_handle *radHandle; + int lastStatus; + VALUE_PAIR *avps; + gss_buffer_desc state; }; struct gss_ctx_id_struct { @@ -155,6 +163,10 @@ struct gss_ctx_id_struct { #define initiatorCtx ctxU.initiator struct gss_eap_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor +#ifdef GSSEAP_ENABLE_REAUTH + gss_ctx_id_t kerberos; + #define kerberosCtx ctxU.kerberos +#endif } ctxU; }; @@ -187,4 +199,24 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status, int iov_count, enum gss_eap_token_type toktype); +OM_uint32 +gssEapWrapIovLength(OM_uint32 *minor, + gss_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); +OM_uint32 +gssEapWrap(OM_uint32 *minor, + gss_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer); + +unsigned char +rfc4121Flags(gss_ctx_id_t ctx, int receiving); + #endif /* _GSSAPIP_EAP_H_ */