gss_LTLIBRARIES = libmech_eap.la
-libmech_eap_la_CFLAGS = -g -Wall -fno-strict-aliasing @KRB_CFLAGS@ @TARGET_CFLAGS@
-libmech_eap_la_LDFLAGS = @KRB_LDFLAGS@ @TARGET_LDFLAGS@
-libmech_eap_la_LIBADD = @KRB_LIBS@
+libmech_eap_la_CFLAGS = -g -Wall -fno-strict-aliasing @KRB5_CFLAGS@ @TARGET_CFLAGS@
+libmech_eap_la_LDFLAGS = -export-symbols mech_eap.exports -version-info 0:0:0 @KRB5_LDFLAGS@ @TARGET_LDFLAGS@
+libmech_eap_la_LIBADD = @KRB5_LIBS@
-libmech_eap_la_SOURCES =
+libmech_eap_la_SOURCES = \
+ accept_sec_context.c \
+ acquire_cred.c \
+ acquire_cred_with_password.c \
+ add_cred.c \
+ add_cred_with_password.c \
+ canonicalize_name.c \
+ compare_name.c \
+ context_time.c \
+ delete_sec_context.c \
+ display_name.c \
+ display_name_ext.c \
+ duplicate_name.c \
+ eap_mech.c \
+ export_name.c \
+ export_sec_context.c \
+ get_mic.c \
+ get_name_attribute.c \
+ import_name.c \
+ import_sec_context.c \
+ indicate_mechs.c \
+ init_sec_context.c \
+ inquire_context.c \
+ inquire_cred.c \
+ inquire_mechs_for_name.c \
+ inquire_names_for_mech.c \
+ map_name_to_any.c \
+ process_context_token.c \
+ pseudo_random.c \
+ release_any_name_mapping.c \
+ release_cred.c \
+ release_name.c \
+ set_name_attribute.c \
+ store_cred.c \
+ unwrap.c \
+ unwrap_iov.c \
+ verify_mic.c \
+ wrap.c \
+ wrap_iov.c \
+ wrap_iov_length.c \
+ wrap_size_limit.c
-AC_INIT(radsecproxy, 1.4, radsecproxy@uninett.no)
-AC_CANONICAL_TARGET
+AC_PREREQ([2.61])
+AC_INIT([mech_eap], [0.1], [bugs@project-moonshot.org])
+dnl AC_CONFIG_MACRO_DIR([m4])
AM_INIT_AUTOMAKE
+LT_PREREQ([2.2])
+LT_INIT([dlopen disable-static])
+
AC_PROG_CC
-AM_PROG_CC_C_O
-udp=yes
-AC_ARG_ENABLE(udp,
- [ --enable-udp whether to enable UDP transport: yes/no; default yes ],
- [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
- udp=$enableval
- else
- echo "--enable-udp argument must be yes or no"
- exit -1
- fi
- ])
-
-tcp=yes
-AC_ARG_ENABLE(tcp,
- [ --enable-tcp whether to enable TCP transport: yes/no; default yes ],
- [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
- tcp=$enableval
- else
- echo "--enable-tcp argument must be yes or no"
- exit -1
- fi
- ])
-
-tls=yes
-AC_ARG_ENABLE(tls,
- [ --enable-tls whether to enable TLS (RadSec) transport: yes/no; default yes ],
- [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
- tls=$enableval
- else
- echo "--enable-tls argument must be yes or no"
- exit -1
- fi
- ])
-
-dtls=yes
-AC_ARG_ENABLE(dtls,
- [ --enable-dtls whether to enable DTLS transport: yes/no; default yes ],
- [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
- dtls=$enableval
- else
- echo "--enable-dtls argument must be yes or no"
- exit -1
- fi
- ])
-
+
dnl Check if we're on Solaris and set CFLAGS accordingly
-AC_CANONICAL_SYSTEM
-case "${target_os}" in
- solaris*)
- TARGET_CFLAGS="-DSYS_SOLARIS9 -D_POSIX_PTHREAD_SEMANTICS"
- if test "$GCC" != yes ; then
- TARGET_CFLAGS="$TARGET_CFLAGS -mt"
- else
- TARGET_CFLAGS="$TARGET_CFLAGS -pthreads"
- fi
- TARGET_LDFLAGS="-lpthread -lsocket -lnsl"
- ;;
- *)
- TARGET_CFLAGS="-Wall -pedantic -pthread"
- TARGET_LDFLAGS=""
- esac
-dnl Adding enabled options
-if test "x$udp" = "xyes" ; then
- echo "UDP transport enabled"
- TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_UDP"
-fi
-if test "x$tcp" = "xyes" ; then
- echo "TCP transport enabled"
- TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_TCP"
-fi
-if test "x$tls" = "xyes" ; then
- echo "TLS (RadSec) transport enabled"
- TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_TLS"
-fi
-if test "x$dtls" = "xyes" ; then
- echo "DTLS transport enabled"
- TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_DTLS"
-fi
-
-AC_ARG_VAR([DOCBOOK2X_MAN], [docbook2x-man])
-AC_CHECK_PROG([DOCBOOK2X_MAN], [docbook2x-man], [yes])
-AM_CONDITIONAL(HAVE_DOCBOOK2X_MAN, test "$DOCBOOK2X_MAN" = "yes")
+dnl AC_CANONICAL_TARGET
+dnl case "${target_os}" in
+dnl solaris*)
+dnl TARGET_CFLAGS="-DSYS_SOLARIS9 -D_POSIX_PTHREAD_SEMANTICS"
+dnl if test "$GCC" != yes ; then
+dnl TARGET_CFLAGS="$TARGET_CFLAGS -mt"
+dnl else
+dnl TARGET_CFLAGS="$TARGET_CFLAGS -pthreads"
+dnl fi
+dnl TARGET_LDFLAGS="-lpthread -lsocket -lnsl"
+dnl ;;
+dnl *)
+dnl TARGET_CFLAGS="-Wall -pedantic -pthread"
+dnl TARGET_LDFLAGS=""
+dnl esac
AC_SUBST(TARGET_CFLAGS)
AC_SUBST(TARGET_LDFLAGS)
-AX_CHECK_SSL
-AC_OUTPUT(Makefile)
+AX_CHECK_KRB5
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
+
+#ifndef _GSSAPIP_EAP_H_
+#define _GSSAPIP_EAP_H_ 1
+
+#include <gssapi/gssapi.h>
+#include <krb5.h>
+
+#include "gssapi_eap.h"
+
+struct gss_name_struct {
+ OM_uint32 flags;
+ krb5_principal principal;
+ void *aaa;
+ void *assertion;
+};
+
+#define CRED_FLAG_INITIATOR 0x00000001
+#define CRED_FLAG_ACCEPTOR 0x00000002
+#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004
+#define CRED_FLAG_PASSWORD 0x00000008
+
+struct gss_cred_id_struct {
+ OM_uint32 flags;
+ gss_name_t initiatorName;
+ gss_name_t acceptorName;
+ gss_buffer_desc password;
+};
+
+#define CTX_FLAG_INITIATOR 0x00000001
+
+enum eap_gss_state {
+ EAP_STATE_AUTHENTICATE = 1,
+ EAP_STATE_KEY_TRANSPORT,
+ EAP_STATE_SECURE_ASSOCIATION,
+ EAP_STATE_GSS_CHANNEL_BINDINGS,
+ EAP_STATE_ESTABLISHED
+};
+
+struct gss_ctx_id_struct {
+ enum eap_gss_state state;
+ OM_uint32 flags;
+ OM_uint32 gssFlags;
+ krb5_context kerberosCtx;
+ gss_OID mechanismUsed;
+ krb5_cksumtype checksumType;
+ krb5_keyblock *encryptionKey;
+ gss_name_t initiatorName;
+ gss_name_t acceptorName;
+ OM_uint32 lifetime;
+};
+
+#endif /* _GSSAPIP_EAP_H_ */
+