X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=b53e131c929bc684df081588f59c26b2db7836ea;hb=163856b1a70d7773c46d4ea5495b85c4dce0f089;hp=45be1966380decd0026c64992bdce9978438193a;hpb=0dbffe887f9d0c5c712689575df07e364f2cddee;p=mech_eap.git diff --git a/gssapiP_eap.h b/gssapiP_eap.h index 45be196..b53e131 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -33,43 +33,56 @@ #ifndef _GSSAPIP_EAP_H_ #define _GSSAPIP_EAP_H_ 1 +#include "config.h" + #include #include #include #include #include #include +#include -/* GSS includes */ +/* GSS headers */ #include +#include +#ifndef HAVE_HEIMDAL_VERSION #include +#endif #include "gssapi_eap.h" -/* Kerberos includes */ +/* Kerberos headers */ #include -/* EAP includes */ -#ifndef __cplusplus +/* EAP headers */ #include #include #include -#include +#include #include -#endif +/* FreeRADIUS headers */ #ifdef __cplusplus -struct rc_conf; -typedef struct rc_conf rc_handle; - -struct value_pair; -typedef struct value_pair VALUE_PAIR; -#else -#include +extern "C" { +#define operator fr_operator +#endif +#include #include +#include +#include +#ifdef __cplusplus +#undef operator +} #endif +#include "gsseap_err.h" +#include "radsec_err.h" #include "util.h" +#ifdef __cplusplus +extern "C" { +#endif + /* These name flags are informative and not actually used by anything yet */ #define NAME_FLAG_NAI 0x00000001 #define NAME_FLAG_SERVICE 0x00000002 @@ -78,19 +91,31 @@ typedef struct value_pair VALUE_PAIR; struct gss_eap_saml_attr_ctx; struct gss_eap_attr_ctx; -struct gss_name_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_name_t_desc_struct +#else +struct gss_name_struct +#endif +{ GSSEAP_MUTEX mutex; /* mutex protects attrCtx */ OM_uint32 flags; krb5_principal krbPrincipal; /* this is immutable */ struct gss_eap_attr_ctx *attrCtx; }; -#define CRED_FLAG_INITIATE 0x00000001 -#define CRED_FLAG_ACCEPT 0x00000002 -#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004 -#define CRED_FLAG_PASSWORD 0x00000008 +#define CRED_FLAG_INITIATE 0x00010000 +#define CRED_FLAG_ACCEPT 0x00020000 +#define CRED_FLAG_DEFAULT_IDENTITY 0x00040000 +#define CRED_FLAG_PASSWORD 0x00080000 +#define CRED_FLAG_DEFAULT_CCACHE 0x00100000 +#define CRED_FLAG_PUBLIC_MASK 0x0000FFFF -struct gss_cred_id_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_cred_id_t_desc_struct +#else +struct gss_cred_id_struct +#endif +{ GSSEAP_MUTEX mutex; OM_uint32 flags; gss_name_t name; @@ -98,20 +123,31 @@ struct gss_cred_id_struct { gss_OID_set mechanisms; time_t expiryTime; char *radiusConfigFile; + char *radiusConfigStanza; +#ifdef GSSEAP_ENABLE_REAUTH + krb5_ccache krbCredCache; + gss_cred_id_t krbCred; +#endif }; #define CTX_FLAG_INITIATOR 0x00000001 +#define CTX_FLAG_KRB_REAUTH 0x00000002 #define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) enum gss_eap_state { - EAP_STATE_IDENTITY = 0, - EAP_STATE_AUTHENTICATE, - EAP_STATE_GSS_CHANNEL_BINDINGS, - EAP_STATE_ESTABLISHED + GSSEAP_STATE_IDENTITY = 0, /* identify peer */ + GSSEAP_STATE_AUTHENTICATE, /* exchange EAP messages */ + GSSEAP_STATE_EXTENSIONS_REQ, /* initiator extensions */ + GSSEAP_STATE_EXTENSIONS_RESP, /* acceptor extensions */ + GSSEAP_STATE_ESTABLISHED, /* context established */ + GSSEAP_STATE_ERROR, /* context error */ +#ifdef GSSEAP_ENABLE_REAUTH + GSSEAP_STATE_KRB_REAUTH /* fast reauthentication */ +#endif }; -#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED) +#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == GSSEAP_STATE_ESTABLISHED) /* Initiator context flags */ #define CTX_FLAG_EAP_SUCCESS 0x00010000 @@ -126,6 +162,7 @@ enum gss_eap_state { #define CTX_FLAG_EAP_MASK 0xFFFF0000 struct gss_eap_initiator_ctx { + gss_cred_id_t defaultCred; unsigned int idleWhile; #ifndef __cplusplus struct eap_peer_config eapPeerConfig; @@ -135,13 +172,19 @@ struct gss_eap_initiator_ctx { }; struct gss_eap_acceptor_ctx { - rc_handle *radHandle; - int lastStatus; - VALUE_PAIR *avps; + struct rs_context *radContext; + struct rs_connection *radConn; + char *radServer; gss_buffer_desc state; + VALUE_PAIR *vps; }; -struct gss_ctx_id_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_ctx_id_t_desc_struct +#else +struct gss_ctx_id_struct +#endif +{ GSSEAP_MUTEX mutex; enum gss_eap_state state; OM_uint32 flags; @@ -160,6 +203,10 @@ struct gss_ctx_id_struct { #define initiatorCtx ctxU.initiator struct gss_eap_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor +#ifdef GSSEAP_ENABLE_REAUTH + gss_ctx_id_t kerberos; + #define kerberosCtx ctxU.kerberos +#endif } ctxU; }; @@ -171,7 +218,6 @@ struct gss_ctx_id_struct { #define KEY_USAGE_ACCEPTOR_SIGN 23 #define KEY_USAGE_INITIATOR_SEAL 24 #define KEY_USAGE_INITIATOR_SIGN 25 -#define KEY_USAGE_CHANNEL_BINDINGS 64 /* wrap_iov.c */ OM_uint32 @@ -192,4 +238,35 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status, int iov_count, enum gss_eap_token_type toktype); +OM_uint32 +gssEapWrapIovLength(OM_uint32 *minor, + gss_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + int *conf_state, + gss_iov_buffer_desc *iov, + int iov_count); +OM_uint32 +gssEapWrap(OM_uint32 *minor, + gss_ctx_id_t ctx, + int conf_req_flag, + gss_qop_t qop_req, + gss_buffer_t input_message_buffer, + int *conf_state, + gss_buffer_t output_message_buffer); + +unsigned char +rfc4121Flags(gss_ctx_id_t ctx, int receiving); + +/* display_status.c */ +void +gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...); + +#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \ + (err) <= GSSEAP_RADIUS_PROT_FAILURE) + +#ifdef __cplusplus +} +#endif + #endif /* _GSSAPIP_EAP_H_ */