#include "util_radius.h"
#include "utils/radius_utils.h"
#include "openssl/err.h"
+#ifdef HAVE_MOONSHOT_GET_IDENTITY
#include "libmoonshot.h"
+#endif
/* methods allowed for phase1 authentication*/
static const struct eap_method_type allowed_eap_method_types[] = {
} /* else log failures? */
}
+#ifdef HAVE_MOONSHOT_GET_IDENTITY
static int cert_to_byte_array(X509 *cert, unsigned char **bytes)
{
unsigned char *buf;
return hash_len;
}
-
static int peerValidateServerCert(int ok_so_far, X509* cert, void *ca_ctx)
{
char *realm = NULL;
wpa_printf(MSG_INFO, "peerValidateServerCert: Returning %d\n", ok_so_far);
return ok_so_far;
}
-
+#endif
static OM_uint32
peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
eapPeerConfig->private_key_passwd = (char *)cred->password.value;
}
+#ifdef HAVE_MOONSHOT_GET_IDENTITY
eapPeerConfig->server_cert_cb = peerValidateServerCert;
+#endif
eapPeerConfig->server_cert_ctx = eapPeerConfig;
*minor = 0;
* context credential does not currently have the reauth creds.
*/
if (GSSEAP_SM_STATE(ctx) == GSSEAP_STATE_INITIAL) {
- if (!gssEapCanReauthP(cred, target, timeReq))
+ if (!gssEapCanReauthP(cred, (gss_name_t) target, timeReq))
return GSS_S_CONTINUE_NEEDED;
ctx->flags |= CTX_FLAG_KRB_REAUTH;
GSSEAP_ASSERT(cred != GSS_C_NO_CREDENTIAL);
- major = gssEapMechToGlueName(minor, target, &mechTarget);
+ major = gssEapMechToGlueName(minor, (gss_name_t) target, &mechTarget);
if (GSS_ERROR(major))
goto cleanup;
krb5_data data;
krb5_checksum cksum;
gss_buffer_desc cksumBuffer;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto;
+#endif
if (chanBindings == GSS_C_NO_CHANNEL_BINDINGS ||
chanBindings->application_data.length == 0)
gssBufferToKrbData(&chanBindings->application_data, &data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, 0, &krbCrypto);
+ if (code != 0) {
+ *minor = code;
+ return GSS_S_FAILURE;
+ }
+
+ code = krb5_create_checksum(krbContext, krbCrypto,
+ KEY_USAGE_GSSEAP_CHBIND_MIC,
+ ctx->checksumType,
+ data.data, data.length,
+ &cksum);
+ krb5_crypto_destroy(krbContext, krbCrypto);
+#else
code = krb5_c_make_checksum(krbContext, ctx->checksumType,
&ctx->rfc3961Key,
KEY_USAGE_GSSEAP_CHBIND_MIC,
&data, &cksum);
+#endif /* HAVE_HEIMDAL_VERSION */
if (code != 0) {
*minor = code;
return GSS_S_FAILURE;
major = duplicateBuffer(minor, &cksumBuffer, outputToken);
if (GSS_ERROR(major)) {
- krb5_free_checksum_contents(krbContext, &cksum);
+ KRB_CHECKSUM_FREE(krbContext, &cksum);
return major;
}
*minor = 0;
*smFlags |= SM_FLAG_OUTPUT_TOKEN_CRITICAL;
- krb5_free_checksum_contents(krbContext, &cksum);
+ KRB_CHECKSUM_FREE(krbContext, &cksum);
return GSS_S_CONTINUE_NEEDED;
}