*/
user->methods[0].vendor = EAP_VENDOR_IETF;
user->methods[0].method = EAP_TYPE_MSCHAPV2;
- user->password = (unsigned char *)strdup("");
- user->password_len = 0;
+ user->password = (unsigned char *)strdup(" ");
+ user->password_len = 1;
return 0;
}
major = GSS_S_FAILURE;
goto cleanup;
}
+
+ ctx->acceptorCtx.eapPolInterface = eap_get_interface(ctx->acceptorCtx.eap);
+ ctx->acceptorCtx.eapPolInterface->portEnabled = TRUE;
+ ctx->acceptorCtx.eapPolInterface->eapRestart = TRUE;
}
if (ctx->acceptorName == GSS_C_NO_NAME && cred->name != GSS_C_NO_NAME) {
----------------------------------------------------------------------
])
else
- printf "Kerberos found in $krb5dir\n";
+ printf "Kerberos found in $krb5dir\n";
KRB5_LIBS="-lgssapi_krb5 -lkrb5";
- KRB5_LDFLAGS="-L$krb5dir/lib";
+ KRB5_LDFLAGS="-L$krb5dir/lib";
AC_SUBST(KRB5_CFLAGS)
AC_SUBST(KRB5_LDFLAGS)
AC_SUBST(KRB5_LIBS)
----------------------------------------------------------------------
])
else
- printf "EAP found in $eapdir\n";
- EAP_LIBS="-leap";
- EAP_LDFLAGS="-L$eapdir/eap_example";
+ printf "EAP found in $eapdir\n";
+ EAP_CFLAGS="$EAP_CFLAGS \
+-DEAP_TLS \
+-DEAP_PEAP \
+-DEAP_TTLS \
+-DEAP_MD5 \
+-DEAP_MSCHAPv2 \
+-DEAP_GTC \
+-DEAP_OTP \
+-DEAP_LEAP \
+-DEAP_PSK \
+-DEAP_PAX \
+-DEAP_SAKE \
+-DEAP_GPSK \
+-DEAP_GPSK_SHA256 \
+-DEAP_SERVER_IDENTITY \
+-DEAP_SERVER_TLS \
+-DEAP_SERVER_PEAP \
+-DEAP_SERVER_TTLS \
+-DEAP_SERVER_MD5 \
+-DEAP_SERVER_MSCHAPV2 \
+-DEAP_SERVER_GTC \
+-DEAP_SERVER_PSK \
+-DEAP_SERVER_PAX \
+-DEAP_SERVER_SAKE \
+-DEAP_SERVER_GPSK \
+-DEAP_SERVER_GPSK_SHA256 \
+-DIEEE8021X_EAPOL";
+ EAP_LIBS="-leap -lutils -lcrypto -ltls";
+ EAP_LDFLAGS="-L$eapdir/eap_example -L$eapdir/src/utils -L$eapdir/src/crypto -L$eapdir/src/tls";
AC_SUBST(EAP_CFLAGS)
AC_SUBST(EAP_LDFLAGS)
AC_SUBST(EAP_LIBS)
fi
])dnl
-
#include "gssapiP_eap.h"
OM_uint32
-gss_acquire_cred_with_password(OM_uint32 *minor,
- const gss_name_t desired_name,
- const gss_buffer_t password,
- OM_uint32 time_req,
- const gss_OID_set desired_mechs,
- gss_cred_usage_t cred_usage,
- gss_cred_id_t *output_cred_handle,
- gss_OID_set *actual_mechs,
- OM_uint32 *time_rec)
+gssspi_acquire_cred_with_password(OM_uint32 *minor,
+ const gss_name_t desired_name,
+ const gss_buffer_t password,
+ OM_uint32 time_req,
+ const gss_OID_set desired_mechs,
+ gss_cred_usage_t cred_usage,
+ gss_cred_id_t *output_cred_handle,
+ gss_OID_set *actual_mechs,
+ OM_uint32 *time_rec)
{
return gssEapAcquireCred(minor, desired_name, password,
time_req, desired_mechs, cred_usage,
krb5_context krbContext;
gss_name_t name;
- if (name == GSS_C_NO_NAME) {
+ if (input_name == GSS_C_NO_NAME) {
*minor = EINVAL;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
}
goto cleanup;
}
- major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps);
- if (GSS_ERROR(major))
- goto cleanup;
+ if (input_name->avps != NULL) {
+ major = radiusDuplicateAVPs(minor, input_name->avps, &name->avps);
+ if (GSS_ERROR(major))
+ goto cleanup;
+ }
- major = samlDuplicateAssertion(minor, input_name->assertion, &name->assertion);
- if (GSS_ERROR(major))
- goto cleanup;
+ if (input_name->assertion != NULL) {
+ major = samlDuplicateAssertion(minor, input_name->assertion,
+ &name->assertion);
+ if (GSS_ERROR(major))
+ goto cleanup;
+ }
*dest_name = name;
if (ret == 0)
ret = eap_server_tnc_register();
#endif /* EAP_SERVER_TNC */
+
+ return ret;
}
static int
#include <assert.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <time.h>
/* GSS includes */
#include "util.h"
/* EAP includes */
-#define IEEE8021X_EAPOL 1
-
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
#endif /* __cplusplus */
#endif /* _GSSAPI_EAP_H_ */
-
ctx->flags &= ~(CTX_FLAG_EAP_SUCCESS);
ctx->state = EAP_STATE_ESTABLISHED;
major = GSS_S_COMPLETE;
- } else if (code == 0) {
+ } else if ((ctx->flags & CTX_FLAG_EAP_FAIL) || code == 0) {
major = GSS_S_FAILURE;
}
gss_accept_sec_context
gss_acquire_cred
-gss_acquire_cred_with_password
gss_add_cred
gss_add_cred_with_password
gss_canonicalize_name
GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM
GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM
GSS_EAP_NT_PRINCIPAL_NAME
+gssspi_acquire_cred_with_password
gss_internal_release_oid(OM_uint32 *minor,
gss_OID *oid)
{
- OM_uint32 major;
gss_OID internalizedOid = GSS_C_NO_OID;
if (gssEapInternalizeOid(*oid, &internalizedOid)) {
OM_uint32
gssspi_set_cred_option(OM_uint32 *minor,
- gss_cred_id_t *cred,
+ gss_cred_id_t cred,
const gss_OID desired_object,
const gss_buffer_t value)
{
for (i = 0; i < sizeof(setCredOps) / sizeof(setCredOps[0]); i++) {
if (oidEqual(&setCredOps[i].oid, desired_object)) {
- major = (*setCredOps[i].setOption)(minor, cred,
+ major = (*setCredOps[i].setOption)(minor, &cred,
desired_object, value);
break;
}
gss_buffer_t attr,
gss_buffer_t value)
{
- OM_uint32 major, tmpMinor;
+ OM_uint32 major;
gss_buffer_desc prefix, suffix;
enum gss_eap_attribute_type type;
OM_uint32 tmpMinor;
gss_cred_id_t cred;
- assert(*pCred == GSS_C_NO_CREDENTIAL);
+ *pCred = GSS_C_NO_CREDENTIAL;
cred = (gss_cred_id_t)GSSEAP_CALLOC(1, sizeof(*cred));
if (cred == NULL) {
if (GSS_ERROR(major))
goto cleanup;
+ switch (credUsage) {
+ case GSS_C_BOTH:
+ cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
+ break;
+ case GSS_C_INITIATE:
+ cred->flags |= CRED_FLAG_INITIATE;
+ break;
+ case GSS_C_ACCEPT:
+ cred->flags |= CRED_FLAG_ACCEPT;
+ break;
+ default:
+ major = GSS_S_FAILURE;
+ goto cleanup;
+ break;
+ }
+
if (desiredName != GSS_C_NO_NAME) {
major = gss_duplicate_name(minor, desiredName, &cred->name);
if (GSS_ERROR(major))
goto cleanup;
} else {
+ if (cred->flags & CRED_FLAG_INITIATE) {
+ gss_buffer_desc buf;
+
+ buf.value = getlogin(); /* XXX */
+ buf.length = strlen((char *)buf.value);
+
+ major = gss_import_name(&minor, &buf,
+ GSS_C_NT_USER_NAME, &cred->name);
+ if (GSS_ERROR(major))
+ goto cleanup;
+ }
+
cred->flags |= CRED_FLAG_DEFAULT_IDENTITY;
}
if (GSS_ERROR(major))
goto cleanup;
- switch (credUsage) {
- case GSS_C_BOTH:
- cred->flags |= CRED_FLAG_INITIATE | CRED_FLAG_ACCEPT;
- break;
- case GSS_C_INITIATE:
- cred->flags |= CRED_FLAG_INITIATE;
- break;
- case GSS_C_ACCEPT:
- cred->flags |= CRED_FLAG_ACCEPT;
- break;
- default:
- major = GSS_S_FAILURE;
- goto cleanup;
- break;
- }
-
if (pActualMechs != NULL) {
major = duplicateOidSet(minor, cred->mechanisms, pActualMechs);
if (GSS_ERROR(major))
}
void
-gssEapIovMessageLnegth(gss_iov_buffer_desc *iov,
+gssEapIovMessageLength(gss_iov_buffer_desc *iov,
int iov_count,
size_t *data_length_p,
size_t *assoc_data_length_p)
return 0;
}
-
* mechInvoke(5)
*/
-static gss_OID_desc gssEapMechPrefix = {
- /* Note that alone this is not a valid DER encoded OID */
- 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x00"
-};
-
static gss_OID_desc gssEapConcreteMechs[] = {
/* 1.3.6.1.4.1.5322.21.1 */
- { 11, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
+ { 9, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01" },
/* 1.3.6.1.4.1.5322.21.1.17 */
- { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
+ { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x11" },
/* 1.3.6.1.4.1.5322.21.1.18 */
- { 12, "\x06\x0A\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
+ { 10, "\x2B\x06\x01\x04\x01\xA9\x4A\x15\x01\x12" }
};
gss_OID GSS_EAP_MECHANISM = &gssEapConcreteMechs[0];
int
gssEapIsConcreteMechanismOid(const gss_OID oid)
{
- return oid->length > gssEapMechPrefix.length &&
- memcmp(oid->elements, gssEapMechPrefix.elements,
- gssEapMechPrefix.length) == 0;
+ return oid->length > GSS_EAP_MECHANISM->length &&
+ memcmp(oid->elements, GSS_EAP_MECHANISM->elements,
+ GSS_EAP_MECHANISM->length) == 0;
}
int
int suffix;
major = decomposeOid(minor,
- gssEapMechPrefix.elements,
- gssEapMechPrefix.length,
+ GSS_EAP_MECHANISM->elements,
+ GSS_EAP_MECHANISM->length,
oid,
&suffix);
if (major == GSS_S_COMPLETE)
return GSS_S_FAILURE;
}
- oid->elements = GSSEAP_MALLOC(gssEapMechPrefix.length + 1);
+ oid->elements = GSSEAP_MALLOC(GSS_EAP_MECHANISM->length + 1);
if (oid->elements == NULL) {
*minor = ENOMEM;
free(oid);
}
major = composeOid(minor,
- gssEapMechPrefix.elements,
- gssEapMechPrefix.length,
+ GSS_EAP_MECHANISM->elements,
+ GSS_EAP_MECHANISM->length,
enctype,
oid);
if (major == GSS_S_COMPLETE) {
OM_uint32 tmpMinor;
gss_name_t name;
- assert(*pName == GSS_C_NO_NAME);
+ *pName = GSS_C_NO_NAME;
name = (gss_name_t)GSSEAP_CALLOC(1, sizeof(*name));
if (name == NULL) {
name->flags |= NAME_FLAG_SERVICE;
}
+ *pName = name;
*minor = 0;
+
return GSS_S_COMPLETE;
}
return GSS_S_FAILURE;
}
p->length = oid->length;
- p->elements = GSSEAP_MALLCO(p->length);
+ p->elements = GSSEAP_MALLOC(p->length);
if (p->elements == NULL) {
GSSEAP_FREE(p);
return GSS_S_FAILURE;
radiusFreeAVPs(OM_uint32 *minor,
struct eap_gss_avp_list *avps)
{
- GSSEAP_FREE(avps);
+ if (avps != NULL) {
+ GSSEAP_NOT_IMPLEMENTED;
+ }
}
OM_uint32
samlFreeAssertion(OM_uint32 *minor,
struct eap_gss_saml_assertion *assertion)
{
- GSSEAP_NOT_IMPLEMENTED;
+ if (assertion != NULL) {
+ GSSEAP_NOT_IMPLEMENTED;
+ }
}
OM_uint32
store_uint16_be(ec, outbuf + 4);
/* RRC */
store_uint16_be(0, outbuf + 6);
- store_64_be(ctx->sendSeq, outbuf + 8);
+ store_uint64_be(ctx->sendSeq, outbuf + 8);
/*
* EC | copy of header to be encrypted, located in
store_uint16_be(0xFFFF, outbuf + 4);
store_uint16_be(0xFFFF, outbuf + 6);
}
- store_64_be(ctx->sendSeq, outbuf + 8);
+ store_uint64_be(ctx->sendSeq, outbuf + 8);
code = gssEapSign(krbContext, 0, /* 0 == pick from crypto */
rrc, &ctx->rfc3961Key, keyUsage,