#define CRED_FLAG_DEFAULT_CCACHE 0x00080000
#define CRED_FLAG_RESOLVED 0x00100000
#define CRED_FLAG_TARGET 0x00200000
+#define CRED_FLAG_CERTIFICATE 0x00400000
+#define CRED_FLAG_CONFIG_BLOB 0x00800000
#define CRED_FLAG_PUBLIC_MASK 0x0000FFFF
#ifdef HAVE_HEIMDAL_VERSION
gss_buffer_desc caCertificate;
gss_buffer_desc subjectNameConstraint;
gss_buffer_desc subjectAltNameConstraint;
+ gss_buffer_desc clientCertificate;
+ gss_buffer_desc privateKey;
+ gss_buffer_desc caCertificateBlob;
#ifdef GSSEAP_ENABLE_REAUTH
krb5_ccache krbCredCache;
gss_cred_id_t reauthCred;
#define CTX_FLAG_EAP_ALT_ACCEPT 0x00800000
#define CTX_FLAG_EAP_ALT_REJECT 0x01000000
#define CTX_FLAG_EAP_CHBIND_ACCEPT 0x02000000
+#define CTX_FLAG_EAP_TRIGGER_START 0x04000000
#define CTX_FLAG_EAP_MASK 0xFFFF0000
+#define CONFIG_BLOB_CLIENT_CERT 0
+#define CONFIG_BLOB_PRIVATE_KEY 1
+#define CONFIG_BLOB_CA_CERT 2
+#define CONFIG_BLOB_MAX 3
+
struct gss_eap_initiator_ctx {
unsigned int idleWhile;
struct eap_peer_config eapPeerConfig;
struct wpabuf reqData;
struct wpabuf *chbindData;
unsigned int chbindReqFlags;
+ struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX];
};
#ifdef GSSEAP_ENABLE_ACCEPTOR
OM_uint32 status_value,
gss_buffer_t status_string);
-#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \
+#define IS_WIRE_ERROR(err) ((err) >= GSSEAP_RESERVED && \
(err) <= GSSEAP_RADIUS_PROT_FAILURE)
#ifdef GSSEAP_ENABLE_ACCEPTOR
void
gssEapFinalize(void);
+ /* Debugging and tracing*/
+ #define gssEapTrace(_fmt, ...) wpa_printf(MSG_INFO, _fmt, __VA_ARGS__);
+
+static inline void
+gssEapTraceStatus(const char *function,
+ OM_uint32 major, OM_uint32 minor)
+{
+ gss_buffer_desc gss_code_buf, mech_buf;
+ OM_uint32 tmpmaj, tmpmin, ctx = 0;
+ gss_code_buf.value = NULL;
+ mech_buf.value = NULL;
+ tmpmaj = gss_display_status(&tmpmin, major,
+ GSS_C_GSS_CODE, GSS_C_NO_OID, &ctx,
+ &gss_code_buf);
+ if (!GSS_ERROR(tmpmaj)) {
+if (minor == 0)
+ tmpmaj = makeStringBuffer(&tmpmin, "no minor", &mech_buf);
+else tmpmaj = gssEapDisplayStatus(&tmpmin, minor, &mech_buf);
+}
+ if (!GSS_ERROR(tmpmaj))
+ wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+ function, (int) gss_code_buf.length, (char *) gss_code_buf.value,
+ (int) mech_buf.length, (char *) mech_buf.value);
+ else wpa_printf(MSG_INFO, "%s: %u/%u",
+ function, major, minor);
+ tmpmaj = gss_release_buffer(&tmpmin, &gss_code_buf);
+ tmpmaj = gss_release_buffer(&tmpmin, &mech_buf);
+ }
+
+
+ /*If built as a library on Linux, don't respect environment when set*uid*/
+#ifdef HAVE_SECURE_GETENV
+#define getenv secure_getenv
+#endif
+
#ifdef __cplusplus
}
#endif