*
*/
+/*
+ * Utility functions.
+ */
+
#ifndef _UTIL_H_
#define _UTIL_H_ 1
+#include <sys/param.h>
#include <string.h>
#include <errno.h>
extern "C" {
#endif
-#ifndef MIN /* Usually found in <sys/param.h>. */
+#ifndef MIN
#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
#endif
-#define KRB_KEY_TYPE(key) ((key)->enctype)
-#define KRB_KEY_DATA(key) ((key)->contents)
-#define KRB_KEY_LENGTH(key) ((key)->length)
-#define KRB_KEY_INIT(key) do { \
- KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
- KRB_KEY_DATA(key) = NULL; \
- KRB_KEY_LENGTH(key) = 0; \
- } while (0)
-
-enum gss_eap_token_type {
- TOK_TYPE_NONE = 0x0000, /* no token */
- TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
- TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
- TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
- TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
- TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
- TOK_TYPE_EAP_RESP = 0x0601, /* EAP response */
- TOK_TYPE_EAP_REQ = 0x0602, /* EAP request */
- TOK_TYPE_EXT_REQ = 0x0603, /* GSS EAP extensions request */
- TOK_TYPE_EXT_RESP = 0x0604, /* GSS EAP extensions response */
- TOK_TYPE_GSS_REAUTH = 0x0605, /* GSS EAP fast reauthentication token */
- TOK_TYPE_CONTEXT_ERR = 0x0606, /* context error */
-};
-
-#define EAP_EXPORT_CONTEXT_V1 1
-
/* util_buffer.c */
OM_uint32
makeStringBuffer(OM_uint32 *minor,
gssEapSign(krb5_context context,
krb5_cksumtype type,
size_t rrc,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
krb5_keyblock *key,
+#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count);
gssEapVerify(krb5_context context,
krb5_cksumtype type,
size_t rrc,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
krb5_keyblock *key,
+#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
#endif
/* util_context.c */
+#define EAP_EXPORT_CONTEXT_V1 1
+
+enum gss_eap_token_type {
+ TOK_TYPE_NONE = 0x0000, /* no token */
+ TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
+ TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
+ TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
+ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
+ TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
+ TOK_TYPE_EAP_RESP = 0x0601, /* EAP response */
+ TOK_TYPE_EAP_REQ = 0x0602, /* EAP request */
+ TOK_TYPE_EXT_REQ = 0x0603, /* GSS EAP extensions request */
+ TOK_TYPE_EXT_RESP = 0x0604, /* GSS EAP extensions response */
+ TOK_TYPE_GSS_REAUTH = 0x0605, /* GSS EAP fast reauthentication token */
+ TOK_TYPE_CONTEXT_ERR = 0x0606, /* context error */
+};
+
OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
/* util_crypt.c */
int
gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
- size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
+ size_t rrc,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
+ krb5_keyblock *key,
+#endif
+ int usage,
gss_iov_buffer_desc *iov, int iov_count);
int
gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
- size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
+ size_t rrc,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto crypto,
+#else
+ krb5_keyblock *key,
+#endif
+ int usage,
gss_iov_buffer_desc *iov, int iov_count);
-krb5_cryptotype
+int
gssEapMapCryptoFlag(OM_uint32 type);
gss_iov_buffer_t
krb5_keyblock *pKey);
/* util_exts.c */
-#define EXT_FLAG_CRITICAL 0x80000000
-#define EXT_FLAG_VERIFIED 0x40000000
+#define EXT_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
+#define EXT_FLAG_VERIFIED 0x40000000 /* verified, API flag */
#define EXT_TYPE_GSS_CHANNEL_BINDINGS 0x00000000
#define EXT_TYPE_REAUTH_CREDS 0x00000001
const gss_buffer_t buffer);
/* util_krb.c */
-OM_uint32
-gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
+#ifdef HAVE_HEIMDAL_VERSION
+#define KRB_KEY_TYPE(key) ((key)->keytype)
+#define KRB_KEY_DATA(key) ((key)->keyvalue.data)
+#define KRB_KEY_LENGTH(key) ((key)->keyvalue.length)
+#else
+#define KRB_KEY_TYPE(key) ((key)->enctype)
+#define KRB_KEY_DATA(key) ((key)->contents)
+#define KRB_KEY_LENGTH(key) ((key)->length)
+#endif /* HAVE_HEIMDAL_VERSION */
-OM_uint32
-rfc3961ChecksumTypeForKey(OM_uint32 *minor,
- krb5_keyblock *key,
- krb5_cksumtype *cksumtype);
+#define KRB_KEY_INIT(key) do { \
+ KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
+ KRB_KEY_DATA(key) = NULL; \
+ KRB_KEY_LENGTH(key) = 0; \
+ } while (0)
+
+#ifdef HAVE_HEIMDAL_VERSION
+#define KRB_PRINC_LENGTH(princ) ((princ)->name.name_string.len)
+#define KRB_PRINC_TYPE(princ) ((princ)->name.name_type)
+#define KRB_PRINC_NAME(princ) ((princ)->name.name_string.val)
+#define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto)
+#else
+#define KRB_PRINC_LENGTH(princ) (krb5_princ_size(NULL, (princ)))
+#define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ)))
+#define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ)))
+#define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key)
+#endif /* HAVE_HEIMDAL_VERSION */
+
+#ifdef HAVE_HEIMDAL_VERSION
+#define GSS_IOV_BUFFER_FLAG_ALLOCATE GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATE
+#define GSS_IOV_BUFFER_FLAG_ALLOCATED GSS_IOV_BUFFER_TYPE_FLAG_ALLOCATED
+
+#define GSS_S_CRED_UNAVAIL GSS_S_FAILURE
+#endif
#define GSSEAP_KRB_INIT(ctx) do { \
OM_uint32 tmpMajor; \
+ \
tmpMajor = gssEapKerberosInit(minor, ctx); \
if (GSS_ERROR(tmpMajor)) { \
return tmpMajor; \
} \
} while (0)
+OM_uint32
+gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
+
+OM_uint32
+rfc3961ChecksumTypeForKey(OM_uint32 *minor,
+ krb5_keyblock *key,
+ krb5_cksumtype *cksumtype);
+
+krb5_const_principal
+krbAnonymousPrincipal(void);
+
+krb5_error_code
+krbCryptoLength(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ int type,
+ size_t *length);
+
+krb5_error_code
+krbPaddingLength(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ size_t dataLength,
+ size_t *padLength);
+
+krb5_error_code
+krbBlockSize(krb5_context krbContext,
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto,
+#else
+ krb5_keyblock *key,
+#endif
+ size_t *blockSize);
+
+krb5_error_code
+krbEnctypeToString(krb5_context krbContext,
+ krb5_enctype enctype,
+ const char *prefix,
+ gss_buffer_t string);
+
/* util_lucid.c */
OM_uint32
gssEapExportLucidSecContext(OM_uint32 *minor,
}
static inline void
+krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
+ int index, gss_buffer_t buffer)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ buffer->value = (void *)krbPrinc->name.name_string.val[index];
+ buffer->length = strlen((char *)buffer->value);
+#else
+ buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
+ buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
+#endif /* HAVE_HEIMDAL_VERSION */
+}
+
+static inline void
+krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer)
+{
+#ifdef HAVE_HEIMDAL_VERSION
+ buffer->value = (void *)krbPrinc->realm;
+ buffer->length = strlen(krbPrinc->realm);
+#else
+ krbDataToGssBuffer(krb5_princ_realm(NULL, krbPrinc), buffer);
+#endif
+}
+
+static inline void
gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
{
data->data = (char *)buffer->value;