X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=mech_eap%2Futil.h;h=7a6c094d36e615d70698f9994a468cb33a34ff87;hb=49c65b803b43e159e38f6a16505bad54de153916;hp=2242735279e04b09e242513a0d1a658e1d4243c5;hpb=5229ab0c335b489d4c1125e3eb44ef1d6c92fb4e;p=mech_eap.git diff --git a/mech_eap/util.h b/mech_eap/util.h index 2242735..7a6c094 100644 --- a/mech_eap/util.h +++ b/mech_eap/util.h @@ -61,12 +61,22 @@ #ifndef _UTIL_H_ #define _UTIL_H_ 1 +#ifdef HAVE_SYS_PARAM_H #include +#endif +#ifdef HAVE_STDINT_H +#include +#endif #include #include #include +#ifdef WIN32 +#define inline __inline +#define snprintf _snprintf +#endif + #ifdef __cplusplus extern "C" { #endif @@ -75,7 +85,7 @@ extern "C" { #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b)) #endif -#if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) +#if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) #define GSSEAP_UNUSED __attribute__ ((__unused__)) #else #define GSSEAP_UNUSED @@ -200,7 +210,10 @@ enum gss_eap_token_type { #define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED)) -#define GSSEAP_WIRE_FLAGS_MASK GSS_C_MUTUAL_FLAG +#define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG | \ + GSS_C_DCE_STYLE | \ + GSS_C_IDENTIFY_FLAG | \ + GSS_C_EXTENDED_ERROR_FLAG ) OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx); @@ -257,6 +270,12 @@ gssEapSetCredPassword(OM_uint32 *minor, const gss_buffer_t password); OM_uint32 +gssEapSetCredClientCertificate(OM_uint32 *minor, + gss_cred_id_t cred, + const gss_buffer_t clientCert, + const gss_buffer_t privateKey); + +OM_uint32 gssEapSetCredService(OM_uint32 *minor, gss_cred_id_t cred, const gss_name_t target); @@ -331,6 +350,21 @@ gssEapDeriveRfc3961Key(OM_uint32 *minor, krb5_keyblock *pKey); /* util_krb.c */ + +#ifndef KRB_MALLOC +/* + * If your Kerberos library uses a different allocator to your + * GSS mechanism glue, then you might wish to define these in + * config.h or elsewhere. This should eventually go away when + * we no longer need to allocate memory that is freed by the + * Kerberos library. + */ +#define KRB_CALLOC calloc +#define KRB_MALLOC malloc +#define KRB_FREE free +#define KRB_REALLOC realloc +#endif /* KRB_MALLOC */ + #ifdef HAVE_HEIMDAL_VERSION #define KRB_TIME_FOREVER ((time_t)~0L) @@ -349,6 +383,8 @@ gssEapDeriveRfc3961Key(OM_uint32 *minor, #define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto) +#define KRB_DATA_INIT(d) krb5_data_zero((d)) + #else #define KRB_TIME_FOREVER KRB5_INT32_MAX @@ -367,6 +403,12 @@ gssEapDeriveRfc3961Key(OM_uint32 *minor, #define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key) +#define KRB_DATA_INIT(d) do { \ + (d)->magic = KV5M_DATA; \ + (d)->length = 0; \ + (d)->data = NULL; \ + } while (0) + #endif /* HAVE_HEIMDAL_VERSION */ #define KRB_KEY_INIT(key) do { \ @@ -739,22 +781,63 @@ verifyTokenHeader(OM_uint32 *minor, /* Helper macros */ +#ifndef GSSEAP_MALLOC #define GSSEAP_CALLOC calloc #define GSSEAP_MALLOC malloc #define GSSEAP_FREE free #define GSSEAP_REALLOC realloc +#endif + +#ifndef GSSAPI_CALLCONV +#define GSSAPI_CALLCONV KRB5_CALLCONV +#endif + +#ifndef GSSEAP_ASSERT +#include +#define GSSEAP_ASSERT(x) assert((x)) +#endif /* !GSSEAP_ASSERT */ + +#ifdef WIN32 +#define GSSEAP_CONSTRUCTOR +#define GSSEAP_DESTRUCTOR +#else +#define GSSEAP_CONSTRUCTOR __attribute__((constructor)) +#define GSSEAP_DESTRUCTOR __attribute__((destructor)) +#endif #define GSSEAP_NOT_IMPLEMENTED do { \ - assert(0 && "not implemented"); \ + GSSEAP_ASSERT(0 && "not implemented"); \ *minor = ENOSYS; \ return GSS_S_FAILURE; \ } while (0) +#ifdef WIN32 + +#include + +#define GSSEAP_GET_LAST_ERROR() (GetLastError()) /* XXX FIXME */ + +#define GSSEAP_MUTEX CRITICAL_SECTION +#define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0) +#define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m)) +#define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m)) +#define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m)) +#define GSSEAP_ONCE_LEAVE do { return TRUE; } while (0) + +/* Thread-local is handled separately */ + +#define GSSEAP_THREAD_ONCE INIT_ONCE +#define GSSEAP_ONCE_CALLBACK(cb) BOOL CALLBACK cb(PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context) +#define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i), NULL, NULL) +#define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT + +#else + #include -#define GSSEAP_MUTEX pthread_mutex_t -#define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +#define GSSEAP_GET_LAST_ERROR() (errno) +#define GSSEAP_MUTEX pthread_mutex_t #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL) #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m)) #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m)) @@ -766,8 +849,12 @@ verifyTokenHeader(OM_uint32 *minor, #define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d)) #define GSSEAP_THREAD_ONCE pthread_once_t +#define GSSEAP_ONCE_CALLBACK(cb) void cb(void) #define GSSEAP_ONCE(o, i) pthread_once((o), (i)) #define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT +#define GSSEAP_ONCE_LEAVE do { } while (0) + +#endif /* WIN32 */ /* Helper functions */ static inline void @@ -918,13 +1005,32 @@ gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data) data->length = buffer->length; } +/* util_tld.c */ +struct gss_eap_status_info; + +struct gss_eap_thread_local_data { + krb5_context krbContext; + struct gss_eap_status_info *statusInfo; +}; + +struct gss_eap_thread_local_data * +gssEapGetThreadLocalData(void); + +void +gssEapDestroyStatusInfo(struct gss_eap_status_info *status); + +void +gssEapDestroyKrbContext(krb5_context context); + #ifdef __cplusplus } #endif +#ifdef GSSEAP_ENABLE_ACCEPTOR #include "util_json.h" #include "util_attr.h" #include "util_base64.h" +#endif /* GSSEAP_ENABLE_ACCEPTOR */ #ifdef GSSEAP_ENABLE_REAUTH #include "util_reauth.h" #endif