X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=bcfdf034a7ece07f0fbea76360bf11f1ce893b00;hb=938e32459851eae0b4580b067348c39ed5921fd8;hp=9b8247d1538bf7f9efa6092f25f5c0cf1d400629;hpb=73bc2afaf4623ef37e05df9ada78b469c4a25353;p=mech_eap.orig

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 9b8247d..bcfdf03 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -33,35 +33,61 @@
 #ifndef _GSSAPIP_EAP_H_
 #define _GSSAPIP_EAP_H_ 1
 
+#include "config.h"
+
+#ifdef HAVE_HEIMDAL_VERSION
+#define KRB5_DEPRECATED         /* so we can use krb5_free_unparsed_name() */
+#endif
+
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <time.h>
+#include <sys/param.h>
 
-/* GSS includes */
+/* GSS headers */
 #include <gssapi/gssapi.h>
+#include <gssapi/gssapi_krb5.h>
+#ifndef HAVE_HEIMDAL_VERSION
 #include <gssapi/gssapi_ext.h>
+#endif
 #include "gssapi_eap.h"
 
-/* Kerberos includes */
+/* Kerberos headers */
 #include <krb5.h>
 
-/* EAP includes */
-#ifndef __cplusplus
+/* EAP headers */
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
-#include <crypto/tls.h>
+#include <eap_peer/eap_methods.h>
+#include <eap_common/eap_common.h>
 #include <wpabuf.h>
-#endif
 
-#include <freeradius-client.h>
+/* FreeRADIUS headers */
+#ifdef __cplusplus
+extern "C" {
+#define operator fr_operator
+#endif
+#include <freeradius/libradius.h>
 #include <freeradius/radius.h>
+#include <radsec/radsec.h>
+#include <radsec/request.h>
+#ifdef __cplusplus
+#undef operator
+}
+#endif
 
+#include "gsseap_err.h"
+#include "radsec_err.h"
 #include "util.h"
 
+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* These name flags are informative and not actually used by anything yet */
 #define NAME_FLAG_NAI                       0x00000001
 #define NAME_FLAG_SERVICE                   0x00000002
@@ -70,7 +96,12 @@
 struct gss_eap_saml_attr_ctx;
 struct gss_eap_attr_ctx;
 
-struct gss_name_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_name_t_desc_struct
+#else
+struct gss_name_struct
+#endif
+{
     GSSEAP_MUTEX mutex; /* mutex protects attrCtx */
     OM_uint32 flags;
     krb5_principal krbPrincipal; /* this is immutable */
@@ -81,9 +112,15 @@ struct gss_name_struct {
 #define CRED_FLAG_ACCEPT                    0x00020000
 #define CRED_FLAG_DEFAULT_IDENTITY          0x00040000
 #define CRED_FLAG_PASSWORD                  0x00080000
+#define CRED_FLAG_DEFAULT_CCACHE            0x00100000
 #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
-struct gss_cred_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_cred_id_t_desc_struct
+#else
+struct gss_cred_id_struct
+#endif
+{
     GSSEAP_MUTEX mutex;
     OM_uint32 flags;
     gss_name_t name;
@@ -91,20 +128,48 @@ struct gss_cred_id_struct {
     gss_OID_set mechanisms;
     time_t expiryTime;
     char *radiusConfigFile;
+    char *radiusConfigStanza;
+#ifdef GSSEAP_ENABLE_REAUTH
+    krb5_ccache krbCredCache;
+    gss_cred_id_t krbCred;
+#endif
 };
 
 #define CTX_FLAG_INITIATOR                  0x00000001
+#define CTX_FLAG_KRB_REAUTH                 0x00000002
 
 #define CTX_IS_INITIATOR(ctx)               (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
 
 enum gss_eap_state {
-    EAP_STATE_IDENTITY = 0,
-    EAP_STATE_AUTHENTICATE,
-    EAP_STATE_GSS_CHANNEL_BINDINGS,
-    EAP_STATE_ESTABLISHED
+    GSSEAP_STATE_INITIAL        = 0x01,     /* initial state */
+    GSSEAP_STATE_AUTHENTICATE   = 0x02,     /* exchange EAP messages */
+    GSSEAP_STATE_NEGO_EXT       = 0x04,     /* negotiate extensions */
+    GSSEAP_STATE_ESTABLISHED    = 0x08,     /* context established */
+    GSSEAP_STATE_ALL            = 0x0F
 };
 
-#define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == EAP_STATE_ESTABLISHED)
+#define GSSEAP_STATE_NEXT(s)    ((s) << 1)
+
+/* state machine entry */
+struct gss_eap_sm {
+    OM_uint32 inputTokenType;
+    OM_uint32 outputTokenType;
+    enum gss_eap_state validStates;
+    int critical;
+    int required;
+    OM_uint32 (*processToken)(OM_uint32 *,
+                              gss_cred_id_t,
+                              gss_ctx_id_t,
+                              gss_name_t,
+                              gss_OID,
+                              OM_uint32,
+                              OM_uint32,
+                              gss_channel_bindings_t,
+                              gss_buffer_t,
+                              gss_buffer_t);
+};
+
+#define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == GSSEAP_STATE_ESTABLISHED)
 
 /* Initiator context flags */
 #define CTX_FLAG_EAP_SUCCESS                0x00010000
@@ -128,13 +193,19 @@ struct gss_eap_initiator_ctx {
 };
 
 struct gss_eap_acceptor_ctx {
-    rc_handle *radHandle;
-    int lastStatus;
-    VALUE_PAIR *avps;
+    struct rs_context *radContext;
+    struct rs_connection *radConn;
+    char *radServer;
     gss_buffer_desc state;
+    VALUE_PAIR *vps;
 };
 
-struct gss_ctx_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_ctx_id_t_desc_struct
+#else
+struct gss_ctx_id_struct
+#endif
+{
     GSSEAP_MUTEX mutex;
     enum gss_eap_state state;
     OM_uint32 flags;
@@ -148,11 +219,16 @@ struct gss_ctx_id_struct {
     time_t expiryTime;
     uint64_t sendSeq, recvSeq;
     void *seqState;
+    gss_cred_id_t defaultCred;
     union {
         struct gss_eap_initiator_ctx initiator;
         #define initiatorCtx         ctxU.initiator
         struct gss_eap_acceptor_ctx  acceptor;
         #define acceptorCtx          ctxU.acceptor
+#ifdef GSSEAP_ENABLE_REAUTH
+        gss_ctx_id_t                 kerberos;
+        #define kerberosCtx          ctxU.kerberos
+#endif
     } ctxU;
 };
 
@@ -164,7 +240,6 @@ struct gss_ctx_id_struct {
 #define KEY_USAGE_ACCEPTOR_SIGN             23
 #define KEY_USAGE_INITIATOR_SEAL            24
 #define KEY_USAGE_INITIATOR_SIGN            25
-#define KEY_USAGE_CHANNEL_BINDINGS          64
 
 /* wrap_iov.c */
 OM_uint32
@@ -185,4 +260,35 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
                         int iov_count,
                         enum gss_eap_token_type toktype);
 
+OM_uint32
+gssEapWrapIovLength(OM_uint32 *minor,
+                    gss_ctx_id_t ctx,
+                    int conf_req_flag,
+                    gss_qop_t qop_req,
+                    int *conf_state,
+                    gss_iov_buffer_desc *iov,
+                    int iov_count);
+OM_uint32
+gssEapWrap(OM_uint32 *minor,
+           gss_ctx_id_t ctx,
+           int conf_req_flag,
+           gss_qop_t qop_req,
+           gss_buffer_t input_message_buffer,
+           int *conf_state,
+           gss_buffer_t output_message_buffer);
+
+unsigned char
+rfc4121Flags(gss_ctx_id_t ctx, int receiving);
+
+/* display_status.c */
+void
+gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...);
+
+#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+                                         (err) <= GSSEAP_RADIUS_PROT_FAILURE)
+
+#ifdef __cplusplus
+}
+#endif
+
 #endif /* _GSSAPIP_EAP_H_ */