Updated through tag hostap_2_5 from git://w1.fi/hostap.git

[mech_eap.git] / mech_eap / gssapiP_eap.h

diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 19f1770..1e8a360 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -133,6 +133,8 @@ struct gss_name_struct
 #define CRED_FLAG_DEFAULT_CCACHE            0x00080000
 #define CRED_FLAG_RESOLVED                  0x00100000
 #define CRED_FLAG_TARGET                    0x00200000
+#define CRED_FLAG_CERTIFICATE               0x00400000
+#define CRED_FLAG_CONFIG_BLOB               0x00800000
 #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
 #ifdef HAVE_HEIMDAL_VERSION
@@ -153,6 +155,9 @@ struct gss_cred_id_struct
     gss_buffer_desc caCertificate;
     gss_buffer_desc subjectNameConstraint;
     gss_buffer_desc subjectAltNameConstraint;
+    gss_buffer_desc clientCertificate;
+    gss_buffer_desc privateKey;
+    gss_buffer_desc caCertificateBlob;
 #ifdef GSSEAP_ENABLE_REAUTH
     krb5_ccache krbCredCache;
     gss_cred_id_t reauthCred;
@@ -178,8 +183,14 @@ struct gss_cred_id_struct
 #define CTX_FLAG_EAP_ALT_ACCEPT             0x00800000
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
 #define CTX_FLAG_EAP_CHBIND_ACCEPT          0x02000000
+#define CTX_FLAG_EAP_TRIGGER_START          0x04000000
 #define CTX_FLAG_EAP_MASK                   0xFFFF0000
 
+#define CONFIG_BLOB_CLIENT_CERT             0
+#define CONFIG_BLOB_PRIVATE_KEY             1
+#define CONFIG_BLOB_CA_CERT                 2
+#define CONFIG_BLOB_MAX                     3
+
 struct gss_eap_initiator_ctx {
     unsigned int idleWhile;
     struct eap_peer_config eapPeerConfig;
@@ -187,6 +198,7 @@ struct gss_eap_initiator_ctx {
     struct wpabuf reqData;
     struct wpabuf *chbindData;
     unsigned int chbindReqFlags;
+    struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX];
 };
 
 #ifdef GSSEAP_ENABLE_ACCEPTOR
@@ -326,7 +338,7 @@ gssEapDisplayStatus(OM_uint32 *minor,
                     OM_uint32 status_value,
                     gss_buffer_t status_string);
 
-#define IS_WIRE_ERROR(err)              ((err) > GSSEAP_RESERVED && \
+#define IS_WIRE_ERROR(err)              ((err) >= GSSEAP_RESERVED && \
                                          (err) <= GSSEAP_RADIUS_PROT_FAILURE)
 
 #ifdef GSSEAP_ENABLE_ACCEPTOR
@@ -396,6 +408,41 @@ gssEapInitiatorInit(OM_uint32 *minor);
 void
 gssEapFinalize(void);
 
+  /* Debugging and tracing*/
+  #define gssEapTrace(_fmt, ...) wpa_printf(MSG_INFO, _fmt, __VA_ARGS__);
+
+static inline void
+gssEapTraceStatus(const char *function,
+                 OM_uint32 major, OM_uint32 minor)
+{
+    gss_buffer_desc  gss_code_buf, mech_buf;
+    OM_uint32 tmpmaj, tmpmin, ctx = 0;
+    gss_code_buf.value = NULL;
+    mech_buf.value = NULL;
+    tmpmaj = gss_display_status(&tmpmin,  major,
+                               GSS_C_GSS_CODE, GSS_C_NO_OID, &ctx,
+                               &gss_code_buf);
+  if (!GSS_ERROR(tmpmaj)) {
+if (minor == 0)
+    tmpmaj = makeStringBuffer(&tmpmin, "no minor", &mech_buf);
+else tmpmaj = gssEapDisplayStatus(&tmpmin, minor, &mech_buf);
+}
+    if (!GSS_ERROR(tmpmaj))
+       wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+                  function, (int) gss_code_buf.length, (char *) gss_code_buf.value,
+                  (int) mech_buf.length, (char *) mech_buf.value);
+    else wpa_printf(MSG_INFO, "%s: %u/%u",
+                   function, major, minor);
+    tmpmaj = gss_release_buffer(&tmpmin, &gss_code_buf);
+    tmpmaj = gss_release_buffer(&tmpmin, &mech_buf);
+ }
+
+
+  /*If built as a library on Linux, don't respect environment when set*uid*/
+#ifdef HAVE_SECURE_GETENV
+#define getenv secure_getenv
+#endif
+
 #ifdef __cplusplus
 }
 #endif