more work on SAML ification

[mech_eap.git] / gssapiP_eap.h
diff --git a/gssapiP_eap.h b/gssapiP_eap.h

index 6013c1d..e02927c 100644 (file)
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -36,6 +36,8 @@
  #include <assert.h>
  #include <string.h>
  #include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
  #include <time.h>
  
  /* GSS includes */
@@ -44,34 +46,28 @@
  #include "gssapi_eap.h"
  #include "util.h"
  
-/* EAP includes */
-#define IEEE8021X_EAPOL 1
+/* Kerberos includes */
+#include <krb5.h>
  
+/* EAP includes */
  #include <common.h>
  #include <eap_peer/eap.h>
  #include <eap_peer/eap_config.h>
+#include <crypto/tls.h>                     /* XXX testing implementation only */
  #include <wpabuf.h>
  
-/* Kerberos includes */
-#include <krb5.h>
-
  #define NAME_FLAG_NAI                       0x00000001
  #define NAME_FLAG_SERVICE                   0x00000002
-#define NAME_FLAG_SAML                      0x00000010
-#define NAME_FLAG_RADIUS                    0x00000020
  
-#define NAME_HAS_ATTRIBUTES(name)           ((name)->flags & \
-                                             (NAME_FLAG_SAML | NAME_FLAG_RADIUS))
+#define NAME_HAS_ATTRIBUTES(name)           ((name)->samlCtx != NULL)
  
-struct eap_gss_saml_assertion;
-struct eap_gss_avp_list;
+struct eap_gss_saml_attr_ctx;
  
  struct gss_name_struct {
      GSSEAP_MUTEX mutex; /* mutex protecting attributes */
      OM_uint32 flags;
      krb5_principal krbPrincipal; /* this is immutable */
-    struct eap_gss_saml_assertion *assertion;
-    struct eap_gss_avp_list *avps;
+    struct eap_gss_saml_attr_ctx *samlCtx;
  };
  
  #define CRED_FLAG_INITIATE                  0x00000001
@@ -94,8 +90,10 @@ struct gss_cred_id_struct {
  
  enum eap_gss_state {
      EAP_STATE_AUTHENTICATE = 0,
+#if 0
      EAP_STATE_KEY_TRANSPORT,
      EAP_STATE_SECURE_ASSOCIATION,
+#endif
      EAP_STATE_GSS_CHANNEL_BINDINGS,
      EAP_STATE_ESTABLISHED
  };
@@ -116,13 +114,14 @@ enum eap_gss_state {
  struct eap_gss_initiator_ctx {
      unsigned int idleWhile;
      struct eap_peer_config eapPeerConfig;
-    struct eap_config eapConfig;
      struct eap_sm *eap;
      struct wpabuf reqData;
  };
  
-/* Acceptor context flags */
  struct eap_gss_acceptor_ctx {
+    struct eap_eapol_interface *eapPolInterface;
+    void *tlsContext;
+    struct eap_sm *eap;
  };
  
  struct gss_ctx_id_struct {
@@ -131,19 +130,20 @@ struct gss_ctx_id_struct {
      OM_uint32 flags;
      OM_uint32 gssFlags;
      gss_OID mechanismUsed;
+    krb5_cksumtype checksumType;
      krb5_enctype encryptionType;
      krb5_keyblock rfc3961Key;
      gss_name_t initiatorName;
      gss_name_t acceptorName;
      time_t expiryTime;
+    uint64_t sendSeq, recvSeq;
+    void *seqState;
      union {
          struct eap_gss_initiator_ctx initiator;
          #define initiatorCtx         ctxU.initiator
          struct eap_gss_acceptor_ctx  acceptor;
          #define acceptorCtx          ctxU.acceptor
      } ctxU;
-    uint64_t sendSeq, recvSeq;
-    void *seqState;
  };
  
  #define TOK_FLAG_SENDER_IS_ACCEPTOR         0x01
@@ -154,6 +154,7 @@ struct gss_ctx_id_struct {
  #define KEY_USAGE_ACCEPTOR_SIGN             23
  #define KEY_USAGE_INITIATOR_SEAL            24
  #define KEY_USAGE_INITIATOR_SIGN            25
+#define KEY_USAGE_CHANNEL_BINDINGS          64
  
  /* wrap_iov.c */
  OM_uint32
@@ -174,5 +175,4 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
                          int iov_count,
                          enum gss_eap_token_type toktype);
  
-
  #endif /* _GSSAPIP_EAP_H_ */