X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2FgssapiP_eap.h;h=d1d6bce181d8fec7d1cde2e3da443a208b4e7e3d;hb=70aabaea618f8dc42336a8f27e6443b3f2655830;hp=c617656dd43b308b78a66a0adae544117bde3de0;hpb=080cf28899f6bd5e468d09f86b3e23593b15ebf7;p=moonshot.git

diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index c617656..d1d6bce 100644
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010, JANET(UK)
+ * Copyright (c) 2011, JANET(UK)
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -34,33 +34,42 @@
 #define _GSSAPIP_EAP_H_ 1
 
 #include "config.h"
+
+#ifdef HAVE_HEIMDAL_VERSION
+#define KRB5_DEPRECATED         /* so we can use krb5_free_unparsed_name() */
+#endif
+
 #include <assert.h>
 #include <string.h>
 #include <errno.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <stdarg.h>
 #include <time.h>
 #include <sys/param.h>
 
-/* GSS includes */
+/* GSS headers */
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_krb5.h>
+#ifdef HAVE_HEIMDAL_VERSION
+typedef struct gss_any *gss_any_t;
+#else
 #include <gssapi/gssapi_ext.h>
+#endif
 #include "gssapi_eap.h"
 
-/* Kerberos includes */
+/* Kerberos headers */
 #include <krb5.h>
 
-/* EAP includes (not C++ clean) */
-#ifndef __cplusplus
+/* EAP headers */
 #include <common.h>
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
-#include <crypto/tls.h>
+#include <eap_peer/eap_methods.h>
+#include <eap_common/eap_common.h>
 #include <wpabuf.h>
-#endif
 
-/* Workaround for FreeRADIUS not being C++ clean */
+/* FreeRADIUS headers */
 #ifdef __cplusplus
 extern "C" {
 #define operator fr_operator
@@ -90,9 +99,15 @@ extern "C" {
 struct gss_eap_saml_attr_ctx;
 struct gss_eap_attr_ctx;
 
-struct gss_name_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_name_t_desc_struct
+#else
+struct gss_name_struct
+#endif
+{
     GSSEAP_MUTEX mutex; /* mutex protects attrCtx */
     OM_uint32 flags;
+    gss_OID mechanismUsed; /* this is immutable */
     krb5_principal krbPrincipal; /* this is immutable */
     struct gss_eap_attr_ctx *attrCtx;
 };
@@ -104,7 +119,12 @@ struct gss_name_struct {
 #define CRED_FLAG_DEFAULT_CCACHE            0x00100000
 #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
-struct gss_cred_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_cred_id_t_desc_struct
+#else
+struct gss_cred_id_struct
+#endif
+{
     GSSEAP_MUTEX mutex;
     OM_uint32 flags;
     gss_name_t name;
@@ -115,28 +135,16 @@ struct gss_cred_id_struct {
     char *radiusConfigStanza;
 #ifdef GSSEAP_ENABLE_REAUTH
     krb5_ccache krbCredCache;
-    gss_cred_id_t krbCred;
+    gss_cred_id_t reauthCred;
 #endif
 };
 
 #define CTX_FLAG_INITIATOR                  0x00000001
-#define CTX_FLAG_KRB_REAUTH_GSS             0x00000002
+#define CTX_FLAG_KRB_REAUTH                 0x00000002
 
 #define CTX_IS_INITIATOR(ctx)               (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
 
-enum gss_eap_state {
-    EAP_STATE_IDENTITY = 0,
-    EAP_STATE_AUTHENTICATE,
-    EAP_STATE_EXTENSIONS_REQ,
-    EAP_STATE_EXTENSIONS_RESP,
-    EAP_STATE_ESTABLISHED,
-    EAP_STATE_ERROR,
-#ifdef GSSEAP_ENABLE_REAUTH
-    EAP_STATE_KRB_REAUTH_GSS
-#endif
-};
-
-#define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == EAP_STATE_ESTABLISHED)
+#define CTX_IS_ESTABLISHED(ctx)             ((ctx)->state == GSSEAP_STATE_ESTABLISHED)
 
 /* Initiator context flags */
 #define CTX_FLAG_EAP_SUCCESS                0x00010000
@@ -151,13 +159,10 @@ enum gss_eap_state {
 #define CTX_FLAG_EAP_MASK                   0xFFFF0000
 
 struct gss_eap_initiator_ctx {
-    gss_cred_id_t defaultCred;
     unsigned int idleWhile;
-#ifndef __cplusplus
     struct eap_peer_config eapPeerConfig;
     struct eap_sm *eap;
     struct wpabuf reqData;
-#endif
 };
 
 struct gss_eap_acceptor_ctx {
@@ -168,7 +173,12 @@ struct gss_eap_acceptor_ctx {
     VALUE_PAIR *vps;
 };
 
-struct gss_ctx_id_struct {
+#ifdef HAVE_HEIMDAL_VERSION
+struct gss_ctx_id_t_desc_struct
+#else
+struct gss_ctx_id_struct
+#endif
+{
     GSSEAP_MUTEX mutex;
     enum gss_eap_state state;
     OM_uint32 flags;
@@ -182,14 +192,15 @@ struct gss_ctx_id_struct {
     time_t expiryTime;
     uint64_t sendSeq, recvSeq;
     void *seqState;
+    gss_cred_id_t defaultCred;
     union {
         struct gss_eap_initiator_ctx initiator;
         #define initiatorCtx         ctxU.initiator
         struct gss_eap_acceptor_ctx  acceptor;
         #define acceptorCtx          ctxU.acceptor
 #ifdef GSSEAP_ENABLE_REAUTH
-        gss_ctx_id_t                 kerberos;
-        #define kerberosCtx          ctxU.kerberos
+        gss_ctx_id_t                 reauth;
+        #define reauthCtx            ctxU.reauth
 #endif
     } ctxU;
 };
@@ -246,6 +257,16 @@ rfc4121Flags(gss_ctx_id_t ctx, int receiving);
 void
 gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...);
 
+#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+                                         (err) <= GSSEAP_RADIUS_PROT_FAILURE)
+
+/* export_sec_context.c */
+OM_uint32
+gssEapExportSecContext(OM_uint32 *minor,
+                       gss_ctx_id_t ctx,
+                       gss_buffer_t token);
+
+
 #ifdef __cplusplus
 }
 #endif