X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=gssapiP_eap.h;h=e02927c6cf6118e260e21af320ef7125ceed63f0;hb=c581903743f5bf281548368f49bc5d37d338a4ea;hp=bc87bc5e1e0dd8f8af198e8ca3b519272c482d20;hpb=042d1d1dd0638c46343eff7078de4b4b5a9e737d;p=mech_eap.git diff --git a/gssapiP_eap.h b/gssapiP_eap.h index bc87bc5..e02927c 100644 --- a/gssapiP_eap.h +++ b/gssapiP_eap.h @@ -36,6 +36,8 @@ #include #include #include +#include +#include #include /* GSS includes */ @@ -44,27 +46,32 @@ #include "gssapi_eap.h" #include "util.h" -/* EAP includes */ -#define IEEE8021X_EAPOL 1 +/* Kerberos includes */ +#include +/* EAP includes */ #include #include #include +#include /* XXX testing implementation only */ #include -/* Kerberos includes */ -#include +#define NAME_FLAG_NAI 0x00000001 +#define NAME_FLAG_SERVICE 0x00000002 + +#define NAME_HAS_ATTRIBUTES(name) ((name)->samlCtx != NULL) + +struct eap_gss_saml_attr_ctx; struct gss_name_struct { - GSSEAP_MUTEX mutex; + GSSEAP_MUTEX mutex; /* mutex protecting attributes */ OM_uint32 flags; - krb5_principal kerberosName; - void *aaa; - void *assertion; + krb5_principal krbPrincipal; /* this is immutable */ + struct eap_gss_saml_attr_ctx *samlCtx; }; -#define CRED_FLAG_INITIATOR 0x00000001 -#define CRED_FLAG_ACCEPTOR 0x00000002 +#define CRED_FLAG_INITIATE 0x00000001 +#define CRED_FLAG_ACCEPT 0x00000002 #define CRED_FLAG_DEFAULT_IDENTITY 0x00000004 #define CRED_FLAG_PASSWORD 0x00000008 @@ -73,6 +80,7 @@ struct gss_cred_id_struct { OM_uint32 flags; gss_name_t name; gss_buffer_desc password; + gss_OID_set mechanisms; time_t expiryTime; }; @@ -81,9 +89,11 @@ struct gss_cred_id_struct { #define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) enum eap_gss_state { - EAP_STATE_AUTHENTICATE = 1, + EAP_STATE_AUTHENTICATE = 0, +#if 0 EAP_STATE_KEY_TRANSPORT, EAP_STATE_SECURE_ASSOCIATION, +#endif EAP_STATE_GSS_CHANNEL_BINDINGS, EAP_STATE_ESTABLISHED }; @@ -102,14 +112,16 @@ enum eap_gss_state { #define CTX_FLAG_EAP_ALT_REJECT 0x01000000 struct eap_gss_initiator_ctx { - struct wpabuf *eapReqData; unsigned int idleWhile; - struct eap_peer_config eapConfig; + struct eap_peer_config eapPeerConfig; struct eap_sm *eap; + struct wpabuf reqData; }; -/* Acceptor context flags */ struct eap_gss_acceptor_ctx { + struct eap_eapol_interface *eapPolInterface; + void *tlsContext; + struct eap_sm *eap; }; struct gss_ctx_id_struct { @@ -117,32 +129,32 @@ struct gss_ctx_id_struct { enum eap_gss_state state; OM_uint32 flags; OM_uint32 gssFlags; - krb5_context kerberosCtx; gss_OID mechanismUsed; - krb5_enctype encryptionType; krb5_cksumtype checksumType; - krb5_keyblock *rfc3961Key; + krb5_enctype encryptionType; + krb5_keyblock rfc3961Key; gss_name_t initiatorName; gss_name_t acceptorName; time_t expiryTime; + uint64_t sendSeq, recvSeq; + void *seqState; union { struct eap_gss_initiator_ctx initiator; #define initiatorCtx ctxU.initiator struct eap_gss_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor } ctxU; - uint64_t sendSeq, recvSeq; - void *seqState; }; #define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01 #define TOK_FLAG_WRAP_CONFIDENTIAL 0x02 #define TOK_FLAG_ACCEPTOR_SUBKEY 0x04 -#define KEY_USAGE_ACCEPTOR_SEAL 512 -#define KEY_USAGE_ACCEPTOR_SIGN 513 -#define KEY_USAGE_INITIATOR_SEAL 514 -#define KEY_USAGE_INITIATOR_SIGN 515 +#define KEY_USAGE_ACCEPTOR_SEAL 22 +#define KEY_USAGE_ACCEPTOR_SIGN 23 +#define KEY_USAGE_INITIATOR_SEAL 24 +#define KEY_USAGE_INITIATOR_SIGN 25 +#define KEY_USAGE_CHANNEL_BINDINGS 64 /* wrap_iov.c */ OM_uint32 @@ -163,5 +175,4 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status, int iov_count, enum gss_eap_token_type toktype); - #endif /* _GSSAPIP_EAP_H_ */