From: Luke Howard Date: Tue, 7 Sep 2010 15:08:29 +0000 (+0200) Subject: More work on initial implementation X-Git-Url: http://www.project-moonshot.org/gitweb/?p=cyrus-sasl.git;a=commitdiff_plain;h=84b0e5b5e0603e0d93071328b80814a28e4bb4c8 More work on initial implementation --- diff --git a/mech_eap/eap_mech.c b/mech_eap/eap_mech.c index 3e0654b..da3de43 100644 --- a/mech_eap/eap_mech.c +++ b/mech_eap/eap_mech.c @@ -32,3 +32,142 @@ #include "gssapiP_eap.h" +static int +eapPeerRegisterMethods(void) +{ + int ret = 0; + +#ifdef EAP_MD5 + if (ret == 0) + ret = eap_peer_md5_register(); +#endif /* EAP_MD5 */ + +#ifdef EAP_TLS + if (ret == 0) + ret = eap_peer_tls_register(); +#endif /* EAP_TLS */ + +#ifdef EAP_MSCHAPv2 + if (ret == 0) + ret = eap_peer_mschapv2_register(); +#endif /* EAP_MSCHAPv2 */ + +#ifdef EAP_PEAP + if (ret == 0) + ret = eap_peer_peap_register(); +#endif /* EAP_PEAP */ + +#ifdef EAP_TTLS + if (ret == 0) + ret = eap_peer_ttls_register(); +#endif /* EAP_TTLS */ + +#ifdef EAP_GTC + if (ret == 0) + ret = eap_peer_gtc_register(); +#endif /* EAP_GTC */ + +#ifdef EAP_OTP + if (ret == 0) + ret = eap_peer_otp_register(); +#endif /* EAP_OTP */ + +#ifdef EAP_SIM + if (ret == 0) + ret = eap_peer_sim_register(); +#endif /* EAP_SIM */ + +#ifdef EAP_LEAP + if (ret == 0) + ret = eap_peer_leap_register(); +#endif /* EAP_LEAP */ + +#ifdef EAP_PSK + if (ret == 0) + ret = eap_peer_psk_register(); +#endif /* EAP_PSK */ + +#ifdef EAP_AKA + if (ret == 0) + ret = eap_peer_aka_register(); +#endif /* EAP_AKA */ + +#ifdef EAP_AKA_PRIME + if (ret == 0) + ret = eap_peer_aka_prime_register(); +#endif /* EAP_AKA_PRIME */ + +#ifdef EAP_FAST + if (ret == 0) + ret = eap_peer_fast_register(); +#endif /* EAP_FAST */ + +#ifdef EAP_PAX + if (ret == 0) + ret = eap_peer_pax_register(); +#endif /* EAP_PAX */ + +#ifdef EAP_SAKE + if (ret == 0) + ret = eap_peer_sake_register(); +#endif /* EAP_SAKE */ + +#ifdef EAP_GPSK + if (ret == 0) + ret = eap_peer_gpsk_register(); +#endif /* EAP_GPSK */ + +#ifdef EAP_WSC + if (ret == 0) + ret = eap_peer_wsc_register(); +#endif /* EAP_WSC */ + +#ifdef EAP_IKEV2 + if (ret == 0) + ret = eap_peer_ikev2_register(); +#endif /* EAP_IKEV2 */ + +#ifdef EAP_VENDOR_TEST + if (ret == 0) + ret = eap_peer_vendor_test_register(); +#endif /* EAP_VENDOR_TEST */ + +#ifdef EAP_TNC + if (ret == 0) + ret = eap_peer_tnc_register(); +#endif /* EAP_TNC */ + + return ret; +} + +static int +gssEapInitLibEap(void) +{ + return eapPeerRegisterMethods(); +} + +static int +gssEapInitLibRadSec(void) +{ + return 0; +} + +static void gssEapInit(void) __attribute__((constructor)); +static void gssEapFinalize(void) __attribute__((destructor)); + +static void +gssEapInit(void) +{ + int ret; + + ret = gssEapInitLibEap(); + if (ret == 0) + gssEapInitLibRadSec(); +} + +static void +gssEapFinalize(void) +{ + eap_peer_unregister_methods(); +} + diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index 3e0654b..719b093 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -32,3 +32,110 @@ #include "gssapiP_eap.h" +static OM_uint32 +policyVariableToFlag(enum eapol_bool_var variable) +{ + OM_uint32 flag = 0; + + switch (variable) { + case EAPOL_eapSuccess: + flag = CTX_FLAG_EAP_SUCCESS; + break; + case EAPOL_eapRestart: + flag = CTX_FLAG_EAP_RESTART; + break; + case EAPOL_eapFail: + flag = CTX_FLAG_EAP_FAIL; + break; + case EAPOL_eapResp: + flag = CTX_FLAG_EAP_RESP; + break; + case EAPOL_eapNoResp: + flag = CTX_FLAG_EAP_NO_RESP; + break; + case EAPOL_eapReq: + flag = CTX_FLAG_EAP_REQ; + break; + case EAPOL_portEnabled: + flag = CTX_FLAG_EAP_PORT_ENABLED; + break; + case EAPOL_altAccept: + flag = CTX_FLAG_EAP_ALT_ACCEPT; + break; + case EAPOL_altReject: + flag = CTX_FLAG_EAP_ALT_REJECT; + break; + } + + return flag; +} + +static Boolean +peerGetBool(void *data, enum eapol_bool_var variable) +{ + gss_ctx_id_t ctx = data; + OM_uint32 flag; + + if (ctx == GSS_C_NO_CONTEXT) + return FALSE; + + flag = policyVariableToFlag(variable); + + return ((ctx->flags & flag) != 0); +} + +static void +peerSetBool(void *data, enum eapol_bool_var variable, + Boolean value) +{ + gss_ctx_id_t ctx = data; + OM_uint32 flag; + + if (ctx == GSS_C_NO_CONTEXT) + return FALSE; + + flag = policyVariableToFlag(variable); + + if (value) + ctx->flags |= flag; + else + ctx->flags &= ~(flag); +} + +static int +peerGetInt(void *data, enum eapol_int_var variable) +{ + gss_ctx_id_t ctx = data; + + if (ctx == GSS_C_NO_CONTEXT) + return FALSE; + + assert(CTX_IS_INITIATOR(ctx)); + + switch (variable) { + case EAPOL_idleWhile: + return ctx->initiatorCtx.idleWhile; + break; + } + + return 0; +} + +static void +peerSetInt(void *data, enum eapol_int_var variable, + unsigned int value) +{ + gss_ctx_id_t ctx = data; + + if (ctx == GSS_C_NO_CONTEXT) + return FALSE; + + assert(CTX_IS_INITIATOR(ctx)); + + switch (variable) { + case EAPOL_idleWhile: + ctx->initiatorCtx.idleWhile = value; + break; + } +} + diff --git a/mech_eap/util_context.c b/mech_eap/util_context.c new file mode 100644 index 0000000..44fc866 --- /dev/null +++ b/mech_eap/util_context.c @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2010, JANET(UK) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of JANET(UK) nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapiP_eap.h" + +OM_uint32 +gssEapAllocContext(OM_uint32 *minor, + gss_ctx_id_t *pCtx) +{ + gss_ctx_id_t ctx; + + assert(*pCtx == GSS_C_NO_CONTEXT); + + ctx = (gss_ctx_id_t)GSSEAP_CALLOC(1, sizeof(*ctx)); + if (ctx == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + *pCtx = ctx; + + return GSS_S_COMPLETE; +} + +static void +releaseInitiatorContext(struct eap_gss_initiator_ctx *ctx) +{ + eap_peer_sm_deinit(ctx->eap); + wpabuf_free(ctx->eapReqData); +} + +static void +releaseAcceptorContext(struct eap_gss_acceptor_ctx *ctx) +{ +} + +OM_uint32 +gssEapReleaseContext(OM_uint32 *minor, + gss_ctx_id_t *pCtx) +{ + OM_uint32 major, tmpMinor; + gss_ctx_id_t ctx = *pCtx; + + if (ctx == GSS_C_NO_CONTEXT) { + return GSS_S_COMPLETE; + } + + if (CTX_IS_INITIATOR(ctx)) { + releaseInitiatorContext(&ctx->initiatorCtx); + } else { + releaseAcceptorContext(&ctx->acceptorCtx); + } + + if (ctx->encryptionKey != NULL) { + krb5_free_keyblock(ctx->kerberosCtx, ctx->encryptionKey); + } + + if (ctx->kerberosCtx != NULL) { + krb5_free_context(ctx->kerberosCtx); + } + + gssEapReleaseName(&tmpMinor, &ctx->initiatorName); + gssEapReleaseName(&tmpMinor, &ctx->acceptorName); + + memset(ctx, 0, sizeof(*ctx)); + GSSEAP_FREE(ctx); + *pCtx = GSS_C_NO_CONTEXT; + + return GSS_S_COMPLETE; +} + diff --git a/mech_eap/util_cred.c b/mech_eap/util_cred.c new file mode 100644 index 0000000..384c5a1 --- /dev/null +++ b/mech_eap/util_cred.c @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2010, JANET(UK) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of JANET(UK) nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapiP_eap.h" + +OM_uint32 +gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) +{ + gss_cred_id_t cred; + + assert(*pCred == GSS_C_NO_CREDENTIAL); + + cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred)); + if (cred == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + *pCred = cred; + + return GSS_S_COMPLETE; +} + +OM_uint32 +gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred) +{ + OM_uint32 tmpMinor; + gss_cred_id_t cred = *pCred; + krb5_context kerbCtx = NULL; + + if (cred == GSS_C_NO_CREDENTIAL) { + return GSS_S_COMPLETE; + } + + gssEapReleaseName(&tmpMinor, &cred->name); + + if (cred->password.value != NULL) { + memset(cred->password.value, 0, cred->password.length); + GSSEAP_FREE(cred->password.value); + } + + memset(cred, 0, sizeof(*cred)); + GSSEAP_FREE(cred); + + *pCred = NULL; + + return GSS_S_COMPLETE; +} + diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c new file mode 100644 index 0000000..1c5910d --- /dev/null +++ b/mech_eap/util_name.c @@ -0,0 +1,74 @@ +/* + * Copyright (c) 2010, JANET(UK) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of JANET(UK) nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "gssapiP_eap.h" + +OM_uint32 +gssEapAllocName(OM_uint32 *minor, gss_name_t *pName) +{ + gss_name_t name; + + assert(*pName == GSS_C_NO_NAME); + + name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name)); + if (name == NULL) { + *minor = ENOMEM; + return GSS_S_FAILURE; + } + + *pName = name; + + return GSS_S_COMPLETE; +} + +OM_uint32 +gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName) +{ + gss_name_t name = *pName; + krb5_context kerbCtx = NULL; + + if (name == GSS_C_NO_NAME) { + return GSS_S_COMPLETE; + } + + krb5_init_context(&kerbCtx); + krb5_free_principal(kerbCtx, name->kerberosName); + if (kerbCtx != NULL) { + krb5_free_context(kerbCtx); + } + + GSSEAP_FREE(name); + *pName = NULL; + + return GSS_S_COMPLETE; +} +