Support EAP-TLS in Moonshot (requires OpenSSL)

[mech_eap.git] / mech_eap / gssapiP_eap.h
diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h

index cd5315d..c763fbd 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -93,8 +93,10 @@ typedef const gss_OID_desc *gss_const_OID;
  /* FreeRADIUS headers */
  #ifdef __cplusplus
  extern "C" {
+#ifndef WIN32
  #define operator fr_operator
  #endif
+#endif
  #include <freeradius/libradius.h>
  #include <freeradius/radius.h>
  
@@ -104,7 +106,9 @@ extern "C" {
  #include <radsec/radsec.h>
  #include <radsec/request.h>
  #ifdef __cplusplus
+#ifndef WIN32
  #undef operator
+#endif
  }
  #endif
  #endif /* GSSEAP_ENABLE_ACCEPTOR */
@@ -145,6 +149,8 @@ struct gss_name_struct
  #define CRED_FLAG_PASSWORD                  0x00040000
  #define CRED_FLAG_DEFAULT_CCACHE            0x00080000
  #define CRED_FLAG_RESOLVED                  0x00100000
+#define CRED_FLAG_TARGET                    0x00200000
+#define CRED_FLAG_CERTIFICATE               0x00400000
  #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
  
  #ifdef HAVE_HEIMDAL_VERSION
@@ -165,6 +171,8 @@ struct gss_cred_id_struct
      gss_buffer_desc caCertificate;
      gss_buffer_desc subjectNameConstraint;
      gss_buffer_desc subjectAltNameConstraint;
+    gss_buffer_desc clientCertificate;
+    gss_buffer_desc privateKey;
  #ifdef GSSEAP_ENABLE_REAUTH
      krb5_ccache krbCredCache;
      gss_cred_id_t reauthCred;
@@ -337,16 +345,63 @@ gssEapDisplayStatus(OM_uint32 *minor,
  #define IS_RADIUS_ERROR(err)            ((err) >= ERROR_TABLE_BASE_rse && \
                                           (err) <= ERROR_TABLE_BASE_rse + 20)
  
+/* exchange_meta_data.c */
+OM_uint32 GSSAPI_CALLCONV
+gssEapExchangeMetaData(OM_uint32 *minor,
+                       gss_const_OID mech,
+                       gss_cred_id_t cred,
+                       gss_ctx_id_t *ctx,
+                       const gss_name_t name,
+                       OM_uint32 req_flags,
+                       gss_const_buffer_t meta_data);
+
  /* export_sec_context.c */
  OM_uint32
  gssEapExportSecContext(OM_uint32 *minor,
                         gss_ctx_id_t ctx,
                         gss_buffer_t token);
  
+/* import_sec_context.c */
+OM_uint32
+gssEapImportContext(OM_uint32 *minor,
+                    gss_buffer_t token,
+                    gss_ctx_id_t ctx);
+
+/* inquire_sec_context_by_oid.c */
+#define NEGOEX_INITIATOR_SALT      "gss-eap-negoex-initiator"
+#define NEGOEX_INITIATOR_SALT_LEN  (sizeof(NEGOEX_INITIATOR_SALT) - 1)
+
+#define NEGOEX_ACCEPTOR_SALT       "gss-eap-negoex-acceptor"
+#define NEGOEX_ACCEPTOR_SALT_LEN   (sizeof(NEGOEX_ACCEPTOR_SALT) - 1)
+
+/* pseudo_random.c */
+OM_uint32
+gssEapPseudoRandom(OM_uint32 *minor,
+                   gss_ctx_id_t ctx,
+                   int prf_key,
+                   const gss_buffer_t prf_in,
+                   ssize_t desired_output_len,
+                   gss_buffer_t prf_out);
+
+/* query_mechanism_info.c */
+OM_uint32
+gssQueryMechanismInfo(OM_uint32 *minor,
+                      gss_const_OID mech_oid,
+                      unsigned char auth_scheme[16]);
+
+/* query_meta_data.c */
+OM_uint32
+gssEapQueryMetaData(OM_uint32 *minor,
+                    gss_const_OID mech GSSEAP_UNUSED,
+                    gss_cred_id_t cred,
+                    gss_ctx_id_t *context_handle,
+                    const gss_name_t name,
+                    OM_uint32 req_flags GSSEAP_UNUSED,
+                    gss_buffer_t meta_data);
  
  /* eap_mech.c */
-void
-gssEapInitiatorInit(void);
+OM_uint32
+gssEapInitiatorInit(OM_uint32 *minor);
  
  void
  gssEapFinalize(void);