#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
-scriptversion=2012-10-14.11; # UTC
+scriptversion=2016-06-08.14; # UTC
# Copyright (C) 1999-2013 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
ret=$?
if test -f "$cofile"; then
- test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+ mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
- test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+ mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
struct eap_ttls_data *data,
struct wpabuf **resp)
{
- struct wpabuf *chbind_req, *res;
+ struct wpabuf *chbind_req;
int length = 1, i;
struct eap_peer_config *config = eap_get_config(sm);
eapGssSmAcceptGssReauth(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags,
OM_uint32 timeReq,
eapGssSmAcceptAcceptorName(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptVendorInfo(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx GSSEAP_UNUSED,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptIdentity(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
* Choose the correct error for an access reject packet.
*/
static OM_uint32
-eapGssAcceptHandleReject(
- OM_uint32 *minor,
+eapGssAcceptHandleReject(OM_uint32 *minor,
struct rs_packet *response)
{
rs_avp **vps;
- rs_const_avp *vp = NULL;
+ rs_const_avp *vp = NULL;
OM_uint32 major;
- const char * reply_message = NULL;
+ const char *reply_message = NULL;
size_t reply_length = 0;
rs_packet_avps(response, &vps);
PW_ERROR_CAUSE, 0, &vp);
if (!GSS_ERROR(major)) {
switch (rs_avp_integer_value(vp)) {
- /* Values from http://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-18 */
- case 502: /*request not routable (proxy)*/
+ /* Values from http://www.iana.org/assignments/radius-types/radius-types.xhtml#radius-types-18 */
+ case 502: /* request not routable (proxy) */
*minor = GSSEAP_RADIUS_UNROUTABLE;
break;
- case 501: /*administratively prohibited*/
+ case 501: /* administratively prohibited */
*minor = GSSEAP_RADIUS_ADMIN_PROHIBIT;
break;
*minor = GSSEAP_RADIUS_AUTH_FAILURE;
break;
}
- } else *minor = GSSEAP_RADIUS_AUTH_FAILURE;
+ } else
+ *minor = GSSEAP_RADIUS_AUTH_FAILURE;
- if (reply_message)
+ if (reply_message != NULL)
gssEapSaveStatusInfo(*minor, "%s: %.*s", error_message(*minor),
reply_length, reply_message);
- else gssEapSaveStatusInfo( *minor, "%s", error_message(*minor));
+ else
+ gssEapSaveStatusInfo(*minor, "%s", error_message(*minor));
+
return GSS_S_DEFECTIVE_CREDENTIAL;
}
+
/*
* Process a EAP response from the initiator.
*/
eapGssSmAcceptAuthenticate(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptGssFlags(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptGssChannelBindings(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptInitiatorMIC(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptReauthCreds(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptAcceptorMIC(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmAcceptGssReauth(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
OM_uint32 GSSAPI_CALLCONV
gss_accept_sec_context(OM_uint32 *minor,
gss_ctx_id_t *context_handle,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t cred,
+#else
gss_cred_id_t cred,
+#endif
gss_buffer_t input_token,
gss_channel_bindings_t input_chan_bindings,
gss_name_t *src_name,
major = gssEapAcceptSecContext(minor,
ctx,
- cred,
+ (gss_cred_id_t)cred,
input_token,
input_chan_bindings,
src_name,
gssEapReleaseContext(&tmpMinor, context_handle);
gssEapTraceStatus("gss_accept_sec_context", major, *minor);
+
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_acquire_cred(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t desired_name,
+#else
gss_name_t desired_name,
+#endif
OM_uint32 time_req,
gss_OID_set desired_mechs,
gss_cred_usage_t cred_usage,
*/
OM_uint32 GSSAPI_CALLCONV
gss_add_cred(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t input_cred_handle GSSEAP_UNUSED,
+ gss_const_name_t desired_name,
+#else
gss_cred_id_t input_cred_handle GSSEAP_UNUSED,
gss_name_t desired_name,
+#endif
gss_OID desired_mech,
gss_cred_usage_t cred_usage,
OM_uint32 initiator_time_req,
OM_uint32 GSSAPI_CALLCONV
gss_add_cred_with_password(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t input_cred_handle GSSEAP_UNUSED,
+ gss_const_name_t desired_name,
+#else
const gss_cred_id_t input_cred_handle GSSEAP_UNUSED,
const gss_name_t desired_name,
+#endif
const gss_OID desired_mech,
const gss_buffer_t password,
gss_cred_usage_t cred_usage,
OM_uint32 GSSAPI_CALLCONV
gss_canonicalize_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t input_name,
+#else
const gss_name_t input_name,
+#endif
const gss_OID mech_type,
gss_name_t *output_name)
{
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
}
- GSSEAP_MUTEX_LOCK(&input_name->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)input_name)->mutex);
major = gssEapCanonicalizeName(minor, input_name, mech_type, output_name);
- GSSEAP_MUTEX_UNLOCK(&input_name->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)input_name)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_compare_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t name1,
+ gss_const_name_t name2,
+#else
gss_name_t name1,
gss_name_t name2,
+#endif
int *name_equal)
{
return gssEapCompareName(minor, name1, name2, 0, name_equal);
OM_uint32 GSSAPI_CALLCONV
gss_context_time(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
OM_uint32 *time_rec)
{
OM_uint32 major;
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
*minor = GSSEAP_CONTEXT_INCOMPLETE;
goto cleanup;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
ATTRIBUTE SAML-AAA-Assertion 132 string
ATTRIBUTE MS-Windows-Auth-Data 133 octets
ATTRIBUTE MS-Windows-Group-Sid 134 string
-ATTRIBUTE EAP-Channel-Binding-Message 135 octets
-ATTRIBUTE Trust-Router-COI 136 string
-ATTRIBUTE Trust-Router-APC 137 string
-attribute Moonshot-Host-TargetedId 138 string
-attribute Moonshot-Realm-TargetedId 139 string
-attribute Moonshot-TR-COI-TargetedId 140 string
+ATTRIBUTE EAP-Channel-Binding-Message 135 octets
+ATTRIBUTE Trust-Router-COI 136 string
+ATTRIBUTE Trust-Router-APC 137 string
+ATTRIBUTE Moonshot-Host-TargetedId 138 string
+ATTRIBUTE Moonshot-Realm-TargetedId 139 string
+ATTRIBUTE Moonshot-TR-COI-TargetedId 140 string
END-VENDOR UKERNA
OM_uint32 GSSAPI_CALLCONV
gss_display_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t name,
+#else
gss_name_t name,
+#endif
gss_buffer_t output_name_buffer,
gss_OID *output_name_type)
{
OM_uint32 GSSAPI_CALLCONV
gss_duplicate_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t input_name,
+#else
const gss_name_t input_name,
+#endif
gss_name_t *dest_name)
{
OM_uint32 major;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
}
- GSSEAP_MUTEX_LOCK(&input_name->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)input_name)->mutex);
major = gssEapDuplicateName(minor, input_name, dest_name);
- GSSEAP_MUTEX_UNLOCK(&input_name->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)input_name)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_export_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t input_name,
+#else
const gss_name_t input_name,
+#endif
gss_buffer_t exported_name)
{
OM_uint32 major;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_BAD_NAME;
}
- GSSEAP_MUTEX_LOCK(&input_name->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)input_name)->mutex);
major = gssEapExportName(minor, input_name, exported_name);
- GSSEAP_MUTEX_UNLOCK(&input_name->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)input_name)->mutex);
return major;
}
#include "gssapiP_eap.h"
OM_uint32 GSSAPI_CALLCONV
-gss_get_mic(OM_uint32 *minor,
- gss_ctx_id_t ctx,
- gss_qop_t qop_req,
- gss_buffer_t message_buffer,
- gss_buffer_t message_token)
+gss_get_mic_iov(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_qop_t qop_req,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
{
OM_uint32 major;
- gss_iov_buffer_desc iov[2];
if (ctx == GSS_C_NO_CONTEXT) {
*minor = EINVAL;
*minor = 0;
- message_token->value = NULL;
- message_token->length = 0;
-
GSSEAP_MUTEX_LOCK(&ctx->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
goto cleanup;
}
+ major = gssEapWrapOrGetMIC(minor, ctx, FALSE, NULL,
+ iov, iov_count, TOK_TYPE_MIC);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+cleanup:
+ GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+
+ return major;
+}
+
+OM_uint32 GSSAPI_CALLCONV
+gss_get_mic(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
+ gss_ctx_id_t ctx,
+#endif
+ gss_qop_t qop_req,
+#ifdef HAVE_HEIMDAL_VERSION
+ const gss_buffer_t message_buffer,
+#else
+ gss_buffer_t message_buffer,
+#endif
+ gss_buffer_t message_token)
+{
+ OM_uint32 major;
+ gss_iov_buffer_desc iov[2];
+
iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[0].buffer = *message_buffer;
- iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER | GSS_IOV_BUFFER_FLAG_ALLOCATE;
+ iov[1].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN | GSS_IOV_BUFFER_FLAG_ALLOCATE;
iov[1].buffer.value = NULL;
iov[1].buffer.length = 0;
- major = gssEapWrapOrGetMIC(minor, ctx, FALSE, NULL, iov, 2, TOK_TYPE_MIC);
- if (GSS_ERROR(major))
- goto cleanup;
-
- *message_token = iov[1].buffer;
-
-cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ major = gss_get_mic_iov(minor, (gss_ctx_id_t)ctx, qop_req, iov, 2);
+ if (major == GSS_S_COMPLETE)
+ *message_token = iov[1].buffer;
return major;
}
typedef const gss_OID_desc *gss_const_OID;
#endif
+#ifndef GSS_IOV_BUFFER_TYPE_MIC_TOKEN
+#define GSS_IOV_BUFFER_TYPE_MIC_TOKEN 12 /* MIC token destination */
+#endif
+
/* Kerberos headers */
#include <krb5.h>
+#include <com_err.h>
/* EAP headers */
#include <includes.h>
gssEapInitSecContext(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target_name,
+ gss_const_name_t target_name,
gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
OM_uint32
gssEapWrapIovLength(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
int conf_req_flag,
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
- int iov_count);
+ int iov_count,
+ enum gss_eap_token_type tokType);
+
OM_uint32
gssEapWrap(OM_uint32 *minor,
gss_ctx_id_t ctx,
gss_buffer_t output_message_buffer);
unsigned char
-rfc4121Flags(gss_ctx_id_t ctx, int receiving);
+rfc4121Flags(gss_const_ctx_id_t ctx, int receiving);
/* display_status.c */
void
/* pseudo_random.c */
OM_uint32
gssEapPseudoRandom(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
int prf_key,
const gss_buffer_t prf_in,
gss_buffer_t prf_out);
void
gssEapFinalize(void);
- /* Debugging and tracing*/
- #define gssEapTrace(_fmt, ...) wpa_printf(MSG_INFO, _fmt, __VA_ARGS__);
-
-void
-gssEapTraceStatus(const char *function, OM_uint32 major, OM_uint32 minor);
+/* Debugging and tracing */
+static inline void
+gssEapTraceStatus(const char *function,
+ OM_uint32 major,
+ OM_uint32 minor)
+{
+ gss_buffer_desc gssErrorCodeBuf = GSS_C_EMPTY_BUFFER;
+ gss_buffer_desc gssMechBuf = GSS_C_EMPTY_BUFFER;
+ OM_uint32 tmpMajor, tmpMinor;
+ OM_uint32 messageCtx = 0;
+
+ tmpMajor = gss_display_status(&tmpMinor, major,
+ GSS_C_GSS_CODE, GSS_C_NO_OID,
+ &messageCtx, &gssErrorCodeBuf);
+ if (!GSS_ERROR(tmpMajor)) {
+ if (minor == 0)
+ tmpMajor = makeStringBuffer(&tmpMinor, "no minor", &gssMechBuf);
+ else
+ tmpMajor = gssEapDisplayStatus(&tmpMinor, minor, &gssMechBuf);
+ }
+
+ if (!GSS_ERROR(tmpMajor))
+ wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
+ function,
+ (int)gssErrorCodeBuf.length, (char *)gssErrorCodeBuf.value,
+ (int)gssMechBuf.length, (char *)gssMechBuf.value);
+ else
+ wpa_printf(MSG_INFO, "%s: %u/%u",
+ function, major, minor);
+
+ gss_release_buffer(&tmpMinor, &gssErrorCodeBuf);
+ gss_release_buffer(&tmpMinor, &gssMechBuf);
+}
- /*If built as a library on Linux, don't respect environment when set*uid*/
+/* If built as a library on Linux, don't respect environment when set*uid */
#ifdef HAVE_SECURE_GETENV
#define getenv secure_getenv
#endif
static OM_uint32
initBegin(OM_uint32 *minor,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq,
return major;
if (target != GSS_C_NO_NAME) {
- GSSEAP_MUTEX_LOCK(&target->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)target)->mutex);
major = gssEapDuplicateName(minor, target, &ctx->acceptorName);
if (GSS_ERROR(major)) {
- GSSEAP_MUTEX_UNLOCK(&target->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)target)->mutex);
return major;
}
- GSSEAP_MUTEX_UNLOCK(&target->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)target)->mutex);
}
major = gssEapCanonicalizeOid(minor,
eapGssSmInitError(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx GSSEAP_UNUSED,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitGssReauth(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags,
OM_uint32 timeReq,
eapGssSmInitVendorInfo(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx GSSEAP_UNUSED,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitAcceptorName(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitIdentity(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitAuthenticate(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitGssFlags(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitGssChannelBindings(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitInitiatorMIC(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitReauthCreds(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
eapGssSmInitAcceptorMIC(OM_uint32 *minor,
gss_cred_id_t cred GSSEAP_UNUSED,
gss_ctx_id_t ctx,
- gss_name_t target GSSEAP_UNUSED,
+ gss_const_name_t target GSSEAP_UNUSED,
gss_OID mech GSSEAP_UNUSED,
OM_uint32 reqFlags GSSEAP_UNUSED,
OM_uint32 timeReq GSSEAP_UNUSED,
gssEapInitSecContext(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target_name,
+ gss_const_name_t target_name,
gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
OM_uint32 GSSAPI_CALLCONV
gss_init_sec_context(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t cred,
+#else
gss_cred_id_t cred,
+#endif
gss_ctx_id_t *context_handle,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t target_name,
+#else
gss_name_t target_name,
+#endif
gss_OID mech_type,
OM_uint32 req_flags,
OM_uint32 time_req,
GSSEAP_MUTEX_LOCK(&ctx->mutex);
major = gssEapInitSecContext(minor,
- cred,
+ (gss_cred_id_t)cred,
ctx,
target_name,
mech_type,
if (GSS_ERROR(major))
gssEapReleaseContext(&tmpMinor, context_handle);
- gssEapTraceStatus( "gss_init_sec_context", major, *minor);
+ gssEapTraceStatus("gss_init_sec_context", major, *minor);
+
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_context(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
gss_name_t *src_name,
gss_name_t *targ_name,
OM_uint32 *lifetime_rec,
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
}
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (src_name != NULL) {
if (ctx->initiatorName != GSS_C_NO_NAME) {
*minor = 0;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
if (GSS_ERROR(major)) {
gssEapReleaseName(&tmpMinor, src_name);
OM_uint32 GSSAPI_CALLCONV
gss_inquire_cred(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t cred,
+#else
gss_cred_id_t cred,
+#endif
gss_name_t *name,
OM_uint32 *pLifetime,
gss_cred_usage_t *cred_usage,
return GSS_S_NO_CRED;
}
- GSSEAP_MUTEX_LOCK(&cred->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_cred_id_t)cred)->mutex);
- major = gssEapInquireCred(minor, cred, name, pLifetime, cred_usage, mechanisms);
+ major = gssEapInquireCred(minor, (gss_cred_id_t)cred, name, pLifetime,
+ cred_usage, mechanisms);
- GSSEAP_MUTEX_UNLOCK(&cred->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_cred_id_t)cred)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_cred_by_mech(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t cred,
+#else
gss_cred_id_t cred,
+#endif
gss_OID mech_type,
gss_name_t *name,
OM_uint32 *pInitiatorLifetime,
return GSS_S_NO_CRED;
}
- GSSEAP_MUTEX_LOCK(&cred->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_cred_id_t)cred)->mutex);
if (!gssEapCredAvailable(cred, mech_type)) {
major = GSS_S_BAD_MECH;
goto cleanup;
}
- major = gssEapInquireCred(minor, cred, name, &lifetime, cred_usage, NULL);
+ major = gssEapInquireCred(minor, (gss_cred_id_t)cred, name,
+ &lifetime, cred_usage, NULL);
if (GSS_ERROR(major))
goto cleanup;
*pAcceptorLifetime = (cred->flags & CRED_FLAG_ACCEPT) ? lifetime : 0;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&cred->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_cred_id_t)cred)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_cred_by_oid(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_cred_id_t cred_handle,
+#else
const gss_cred_id_t cred_handle,
+#endif
const gss_OID desired_object GSSEAP_UNUSED,
gss_buffer_set_t *data_set)
{
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CRED;
}
- GSSEAP_MUTEX_LOCK(&cred_handle->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_cred_id_t)cred_handle)->mutex);
major = GSS_S_UNAVAILABLE;
*minor = GSSEAP_BAD_CRED_OPTION;
}
#endif
- GSSEAP_MUTEX_UNLOCK(&cred_handle->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_cred_id_t)cred_handle)->mutex);
return major;
}
OM_uint32 GSSAPI_CALLCONV
gss_inquire_mechs_for_name(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_name_t input_name,
+#else
const gss_name_t input_name,
+#endif
gss_OID_set *mech_types)
{
OM_uint32 major, tmpMinor;
static OM_uint32
inquireSessionKey(OM_uint32 *minor,
- const gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
const gss_OID desired_object GSSEAP_UNUSED,
gss_buffer_set_t *dataSet)
{
static OM_uint32
inquireNegoExKey(OM_uint32 *minor,
- const gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
const gss_OID desired_object,
gss_buffer_set_t *dataSet)
{
static struct {
gss_OID_desc oid;
- OM_uint32 (*inquire)(OM_uint32 *, const gss_ctx_id_t,
+ OM_uint32 (*inquire)(OM_uint32 *, gss_const_ctx_id_t,
const gss_OID, gss_buffer_set_t *);
} inquireCtxOps[] = {
{
OM_uint32 GSSAPI_CALLCONV
gss_inquire_sec_context_by_oid(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
const gss_ctx_id_t ctx,
+#endif
const gss_OID desired_object,
gss_buffer_set_t *data_set)
{
*data_set = GSS_C_NO_BUFFER_SET;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
#if 0
if (!CTX_IS_ESTABLISHED(ctx)) {
}
}
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
gss_export_name
gss_export_sec_context
gss_get_mic
+gss_get_mic_iov
gss_import_name
gss_import_sec_context
gss_indicate_mechs
gss_unwrap
gss_unwrap_iov
gss_verify_mic
+gss_verify_mic_iov
gss_wrap
gss_wrap_iov
gss_wrap_iov_length
gss_export_name_composite
gss_export_sec_context
gss_get_mic
+gss_get_mic_iov
gss_get_name_attribute
gss_import_name
gss_import_sec_context
gss_unwrap
gss_unwrap_iov
gss_verify_mic
+gss_verify_mic_iov
gss_wrap
gss_wrap_iov
gss_wrap_iov_length
OM_uint32 GSSAPI_CALLCONV
gss_process_context_token(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
gss_buffer_t token_buffer)
{
OM_uint32 major;
return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
}
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
*minor = GSSEAP_CONTEXT_INCOMPLETE;
return GSS_S_NO_CONTEXT;
}
iov[0].type = GSS_IOV_BUFFER_TYPE_HEADER;
iov[0].buffer = *token_buffer;
- major = gssEapUnwrapOrVerifyMIC(minor, ctx, NULL, NULL,
+ major = gssEapUnwrapOrVerifyMIC(minor, (gss_ctx_id_t)ctx, NULL, NULL,
iov, 1, TOK_TYPE_DELETE_CONTEXT);
if (GSS_ERROR(major)) {
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
- return gssEapReleaseContext(minor, &ctx);
+ return gssEapReleaseContext(minor, (gss_ctx_id_t *)&ctx);
}
OM_uint32
gssEapPseudoRandom(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
int prf_key,
const gss_buffer_t prf_in,
gss_buffer_t prf_out)
unsigned char *p;
krb5_context krbContext;
ssize_t desired_output_len = prf_out->length;
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
*minor = 0;
goto cleanup;
}
- code = krb5_c_prf_length(krbContext,
- ctx->encryptionType,
- &prflen);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf_length(krbContext, ctx->encryptionType, &prflen);
+#else
+ code = krb5_c_prf_length(krbContext, ctx->encryptionType, &prflen);
+#endif
if (code != 0)
goto cleanup;
goto cleanup;
}
-#ifndef HAVE_HEIMDAL_VERSION
- /* Same API, but different allocation rules, unfortunately. */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &ctx->rfc3961Key, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+#else
t.length = prflen;
t.data = GSSEAP_MALLOC(t.length);
if (t.data == NULL) {
while (desired_output_len > 0) {
store_uint32_be(i, ns.data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
+#else
code = krb5_c_prf(krbContext, &ctx->rfc3961Key, &ns, &t);
+#endif
if (code != 0)
goto cleanup;
GSSEAP_FREE(ns.data);
}
#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto_destroy(krbContext, krbCrypto);
krb5_data_free(&t);
#else
if (t.data != NULL) {
OM_uint32 GSSAPI_CALLCONV
gss_unwrap(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
gss_buffer_t input_message_buffer,
gss_buffer_t output_message_buffer,
int *conf_state,
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
major = GSS_S_NO_CONTEXT;
iov[1].buffer.value = NULL;
iov[1].buffer.length = 0;
- major = gssEapUnwrapOrVerifyMIC(minor, ctx, conf_state, qop_state,
+ major = gssEapUnwrapOrVerifyMIC(minor, (gss_ctx_id_t)ctx,
+ conf_state, qop_state,
iov, 2, TOK_TYPE_WRAP);
if (major == GSS_S_COMPLETE) {
*output_message_buffer = iov[1].buffer;
}
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
if (qop_state != NULL)
*qop_state = GSS_C_QOP_DEFAULT;
- header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ header = gssEapLocateHeaderIov(iov, iov_count, toktype);
GSSEAP_ASSERT(header != NULL);
padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
code = gssEapVerify(krbContext, ctx->checksumType, rrc,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
- iov, iov_count, &valid);
+ iov, iov_count, toktype, &valid);
if (code != 0 || valid == FALSE) {
major = GSS_S_BAD_SIG;
goto cleanup;
goto defective;
seqnum = load_uint64_be(ptr + 8);
- /*
- * Although MIC tokens don't have a RRC, they are similarly
- * composed of a header and a checksum. So the verify_mic()
- * can be implemented with a single header buffer, fake the
- * RRC to the putative trailer length if no trailer buffer.
- */
- code = gssEapVerify(krbContext, ctx->checksumType,
- trailer != NULL ? 0 : header->buffer.length - 16,
+ /* For MIC tokens, the GSS header and checksum are in the same buffer.
+ * Fake up an RRC so that the checksum is expected in the header. */
+ rrc = (trailer != NULL) ? 0 : header->buffer.length - 16;
+ code = gssEapVerify(krbContext, ctx->checksumType, rrc,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
- iov, iov_count, &valid);
+ iov, iov_count, toktype, &valid);
if (code != 0 || valid == FALSE) {
major = GSS_S_BAD_SIG;
goto cleanup;
}
/* util_cksum.c */
+enum gss_eap_token_type {
+ TOK_TYPE_NONE = 0x0000, /* no token */
+ TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
+ TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
+ TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
+ TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
+ TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
+ TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
+ TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
+};
+
int
gssEapSign(krb5_context context,
krb5_cksumtype type,
#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
- int iov_count);
+ int iov_count,
+ enum gss_eap_token_type toktype);
int
gssEapVerify(krb5_context context,
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
+ enum gss_eap_token_type toktype,
int *valid);
#if 0
/* util_context.c */
#define EAP_EXPORT_CONTEXT_V1 1
-enum gss_eap_token_type {
- TOK_TYPE_NONE = 0x0000, /* no token */
- TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
- TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
- TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
- TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
- TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
- TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
- TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
-};
-
/* inner token types and flags */
#define ITOK_TYPE_NONE 0x00000000
#define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
OM_uint32
gssEapContextTime(OM_uint32 *minor,
- gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 *time_rec);
OM_uint32
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
- const gss_name_t desiredName,
+ gss_const_name_t desiredName,
OM_uint32 timeReq,
const gss_OID_set desiredMechs,
int cred_usage,
OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t target);
+ gss_const_name_t target);
OM_uint32
gssEapResolveInitiatorCred(OM_uint32 *minor,
const gss_cred_id_t cred,
- const gss_name_t target,
+ gss_const_name_t target,
gss_cred_id_t *resolvedCred);
-int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
+int gssEapCredAvailable(gss_const_cred_id_t cred, gss_OID mech);
OM_uint32
gssEapInquireCred(OM_uint32 *minor,
int iov_count,
OM_uint32 type);
+gss_iov_buffer_t
+gssEapLocateHeaderIov(gss_iov_buffer_desc *iov,
+ int iov_count,
+ enum gss_eap_token_type toktype);
+
void
gssEapIovMessageLength(gss_iov_buffer_desc *iov,
int iov_count,
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
int type,
size_t *length);
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t dataLength,
size_t *padLength);
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t *blockSize);
/* util_lucid.c */
OM_uint32
gssEapExportLucidSecContext(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
const gss_OID desiredObject,
gss_buffer_set_t *data_set);
OM_uint32
libMoonshotResolveInitiatorCred(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t targetName);
+ gss_const_name_t targetName);
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
OM_uint32 gssEapExportName(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName);
OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName,
OM_uint32 flags);
OM_uint32 gssEapImportName(OM_uint32 *minor,
OM_uint32 flags);
OM_uint32
gssEapDuplicateName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_name_t *dest_name);
OM_uint32
gssEapCanonicalizeName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t *dest_name);
OM_uint32
gssEapDisplayName(OM_uint32 *minor,
- gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t output_name_buffer,
gss_OID *output_name_type);
OM_uint32
gssEapCompareName(OM_uint32 *minor,
- gss_name_t name1,
- gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
OM_uint32 flags,
int *name_equal);
OM_uint32 (*processToken)(OM_uint32 *,
gss_cred_id_t,
gss_ctx_id_t,
- gss_name_t,
+ gss_const_name_t,
gss_OID,
OM_uint32,
OM_uint32,
gssEapSmStep(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags,
OM_uint32 timeReq,
}
static inline void
-krbFreeUnparsedName(krb5_context krbContext, gss_buffer_t nameBuf)
+krbFreeUnparsedName(krb5_context krbContext GSSEAP_UNUSED, gss_buffer_t nameBuf)
{
#ifdef HAVE_HEIMDAL_VERSION
krb5_xfree((char *) nameBuf->value);
OM_uint32
gssEapExportAttrContext(OM_uint32 *minor,
- gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t buffer)
{
if (name->attrCtx == NULL) {
OM_uint32
gssEapDuplicateAttrContext(OM_uint32 *minor,
- gss_name_t in,
+ gss_const_name_t in,
gss_name_t out)
{
gss_eap_attr_ctx *ctx = NULL;
OM_uint32
gssEapExportAttrContext(OM_uint32 *minor,
- gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t buffer);
OM_uint32
OM_uint32
gssEapDuplicateAttrContext(OM_uint32 *minor,
- gss_name_t in,
+ gss_const_name_t in,
gss_name_t out);
OM_uint32
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
+ enum gss_eap_token_type toktype,
int verify,
int *valid)
{
if (code != 0)
return code;
- header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ header = gssEapLocateHeaderIov(iov, iov_count, toktype);
GSSEAP_ASSERT(header != NULL);
trailer = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_TRAILER);
#endif
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
- int iov_count)
+ int iov_count,
+ enum gss_eap_token_type toktype)
{
return gssEapChecksum(context, type, rrc, crypto,
- sign_usage, iov, iov_count, 0, NULL);
+ sign_usage, iov, iov_count, toktype, 0, NULL);
}
int
krb5_keyusage sign_usage,
gss_iov_buffer_desc *iov,
int iov_count,
+ enum gss_eap_token_type toktype,
int *valid)
{
return gssEapChecksum(context, type, rrc, crypto,
- sign_usage, iov, iov_count, 1, valid);
+ sign_usage, iov, iov_count, toktype, 1, valid);
}
#if 0
OM_uint32
gssEapContextTime(OM_uint32 *minor,
- gss_ctx_id_t context_handle,
+ gss_const_ctx_id_t context_handle,
OM_uint32 *time_rec)
{
*minor = 0;
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
- const gss_name_t desiredName,
+ gss_const_name_t desiredName,
OM_uint32 timeReq GSSEAP_UNUSED,
const gss_OID_set desiredMechs,
int credUsage,
goto cleanup;
if (desiredName != GSS_C_NO_NAME) {
- GSSEAP_MUTEX_LOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_name_t)desiredName)->mutex);
major = gssEapDuplicateName(minor, desiredName, &cred->name);
if (GSS_ERROR(major)) {
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
goto cleanup;
}
- GSSEAP_MUTEX_UNLOCK(&desiredName->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_name_t)desiredName)->mutex);
}
#ifdef GSSEAP_ENABLE_ACCEPTOR
gssEapReleaseCred(&tmpMinor, &cred);
gssEapTraceStatus("gss_acquire_cred", major, *minor);
+
return major;
}
* lock because mechanisms list is immutable.
*/
int
-gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech)
+gssEapCredAvailable(gss_const_cred_id_t cred, gss_OID mech)
{
OM_uint32 minor;
int present = 0;
OM_uint32
gssEapSetCredService(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t target)
+ gss_const_name_t target)
{
OM_uint32 major, tmpMinor;
gss_name_t newTarget = GSS_C_NO_NAME;
OM_uint32
gssEapResolveInitiatorCred(OM_uint32 *minor,
const gss_cred_id_t cred,
- const gss_name_t targetName
+ gss_const_name_t targetName
#ifndef HAVE_MOONSHOT_GET_IDENTITY
GSSEAP_UNUSED
#endif
return p;
}
+gss_iov_buffer_t
+gssEapLocateHeaderIov(gss_iov_buffer_desc *iov, int iov_count, enum gss_eap_token_type toktype)
+{
+ if (toktype == TOK_TYPE_MIC)
+ return gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_MIC_TOKEN);
+ else
+ return gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+}
+
void
gssEapIovMessageLength(gss_iov_buffer_desc *iov,
int iov_count,
*pKrbContext = krbContext;
cleanup:
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_xfree(defaultRealm);
+#else
krb5_free_default_realm(krbContext, defaultRealm);
+#endif
if (code != 0 && krbContext != NULL)
krb5_free_context(krbContext);
krb5_keyblock *pKey)
{
krb5_context krbContext;
-#ifndef HAVE_HEIMDAL_VERSION
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#else
krb5_data data;
#endif
krb5_data ns, t, derivedKeyData;
KRB_DATA_INIT(&t);
KRB_DATA_INIT(&derivedKeyData);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_enctype_keybits(krbContext, encryptionType, &randomLength);
+ if (code != 0)
+ goto cleanup;
+
+ randomLength = (randomLength + 7) / 8; /* from mit_glue.c */
+
+ code = krb5_enctype_keysize(krbContext, encryptionType, &keyLength);
+ if (code != 0)
+ goto cleanup;
+#else
code = krb5_c_keylengths(krbContext, encryptionType,
&randomLength, &keyLength);
if (code != 0)
goto cleanup;
+#endif /* HAVE_HEIMDAL_VERSION */
/* Convert EAP MSK into a Kerberos key */
ns.data = (char *)constant;
/* Plug derivation constant and key into PRF */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf_length(krbContext, encryptionType, &prfLength);
+#else
code = krb5_c_prf_length(krbContext, encryptionType, &prfLength);
+#endif
if (code != 0)
goto cleanup;
-#ifndef HAVE_HEIMDAL_VERSION
- /* Same API, but different allocation rules, unfortunately. */
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_init(krbContext, &kd, 0, &krbCrypto);
+ if (code != 0)
+ goto cleanup;
+#else
t.length = prfLength;
t.data = GSSEAP_MALLOC(t.length);
if (t.data == NULL) {
{
store_uint32_be(i, ns.data);
+#ifdef HAVE_HEIMDAL_VERSION
+ code = krb5_crypto_prf(krbContext, krbCrypto, &ns, &t);
+#else
code = krb5_c_prf(krbContext, &kd, &ns, &t);
+#endif
if (code != 0)
goto cleanup;
if (code != 0)
krb5_free_keyblock_contents(krbContext, &kd);
#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto_destroy(krbContext, krbCrypto);
krb5_data_free(&t);
#else
if (t.data != NULL) {
krb5_cksumtype *cksumtype)
{
krb5_context krbContext;
-#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+#if !defined(HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE) && !defined(HAVE_HEIMDAL_VERSION)
krb5_data data;
krb5_checksum cksum;
#endif
+#ifdef HAVE_HEIMDAL_VERSION
+ krb5_crypto krbCrypto = NULL;
+#endif
GSSEAP_KRB_INIT(&krbContext);
cksumtype);
if (*minor != 0)
return GSS_S_FAILURE;
+#elif defined(HAVE_HEIMDAL_VERSION)
+ *minor = krb5_crypto_init(krbContext, key, 0, &krbCrypto);
+ if (*minor != 0)
+ return GSS_S_FAILURE;
+
+ *minor = krb5_crypto_get_checksum_type(krbContext, krbCrypto, cksumtype);
+
+ krb5_crypto_destroy(krbContext, krbCrypto);
+
+ if (*minor != 0)
+ return GSS_S_FAILURE;
#else
KRB_DATA_INIT(&data);
krb5_free_checksum_contents(krbContext, &cksum);
#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
- if (!krb5_c_is_keyed_cksum(*cksumtype)) {
+#ifdef HAVE_HEIMDAL_VERSION
+ if (!krb5_checksum_is_keyed(krbContext, *cksumtype))
+#else
+ if (!krb5_c_is_keyed_cksum(*cksumtype))
+#endif
+ {
*minor = (OM_uint32)KRB5KRB_AP_ERR_INAPP_CKSUM;
return GSS_S_FAILURE;
}
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
int type,
size_t *length)
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t dataLength,
size_t *padLength)
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto,
#else
- krb5_keyblock *key,
+ const krb5_keyblock *key,
#endif
size_t *blockSize)
{
OM_uint32
gssEapExportLucidSecContext(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
const gss_OID desiredObject GSSEAP_UNUSED,
gss_buffer_set_t *data_set)
{
GSSEAP_KRB_INIT(&krbContext);
+#ifdef HAVE_HEIMDAL_VERSION
+ *minor = krb5_get_default_in_tkt_etypes(krbContext, KRB5_PDU_NONE, &etypes);
+#else
*minor = krb5_get_permitted_enctypes(krbContext, &etypes);
+#endif
if (*minor != 0) {
return GSS_S_FAILURE;
}
OM_uint32
libMoonshotResolveInitiatorCred(OM_uint32 *minor,
gss_cred_id_t cred,
- const gss_name_t targetName)
+ gss_const_name_t targetName)
{
OM_uint32 major, tmpMinor;
gss_OID nameMech = gssEapPrimaryMechForCred(cred);
if (KRB_PRINC_REALM(krbPrinc) == NULL)
code = ENOMEM;
}
-#endif
-
+ krb5_xfree(defaultRealm);
+#else
if (defaultRealm != NULL)
krb5_free_default_realm(krbContext, defaultRealm);
+#endif
}
if (nameBuffer != GSS_C_NO_BUFFER)
OM_uint32
gssEapExportName(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName)
{
return gssEapExportNameInternal(minor, name, exportedName,
OM_uint32
gssEapExportNameInternal(OM_uint32 *minor,
- const gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t exportedName,
OM_uint32 flags)
{
OM_uint32
gssEapCanonicalizeName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
const gss_OID mech_type,
gss_name_t *dest_name)
{
OM_uint32
gssEapDuplicateName(OM_uint32 *minor,
- const gss_name_t input_name,
+ gss_const_name_t input_name,
gss_name_t *dest_name)
{
return gssEapCanonicalizeName(minor, input_name,
}
static int
-hasRealmP(gss_name_t name)
+hasRealmP(gss_const_name_t name)
{
#ifdef HAVE_HEIMDAL_VERSION
if (KRB_PRINC_REALM(name->krbPrincipal) != NULL &&
OM_uint32
gssEapDisplayName(OM_uint32 *minor,
- gss_name_t name,
+ gss_const_name_t name,
gss_buffer_t output_name_buffer,
gss_OID *output_name_type)
{
OM_uint32
gssEapCompareName(OM_uint32 *minor,
- gss_name_t name1,
- gss_name_t name2,
+ gss_const_name_t name1,
+ gss_const_name_t name2,
OM_uint32 flags,
int *name_equal)
{
gssEapSmStep(OM_uint32 *minor,
gss_cred_id_t cred,
gss_ctx_id_t ctx,
- gss_name_t target,
+ gss_const_name_t target,
gss_OID mech,
OM_uint32 reqFlags,
OM_uint32 timeReq,
+++ /dev/null
-/*
- * Copyright (c) 2016, JANET(UK)
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * 3. Neither the name of JANET(UK) nor the names of its contributors
- * may be used to endorse or promote products derived from this software
- * without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
- * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- */
-
-
-#include "gssapiP_eap.h"
-
-void
-gssEapTraceStatus(const char *function,
- OM_uint32 major, OM_uint32 minor)
-{
- gss_buffer_desc gss_code_buf, mech_buf;
- OM_uint32 tmpmaj, tmpmin, ctx = 0;
- gss_code_buf.value = NULL;
- mech_buf.value = NULL;
- tmpmaj = gss_display_status(&tmpmin, major,
- GSS_C_GSS_CODE, GSS_C_NO_OID, &ctx,
- &gss_code_buf);
- if (!GSS_ERROR(tmpmaj)) {
- if (minor == 0)
- tmpmaj = makeStringBuffer(&tmpmin, "no minor", &mech_buf);
- else tmpmaj = gssEapDisplayStatus(&tmpmin, minor, &mech_buf);
- }
- if (!GSS_ERROR(tmpmaj)) {
- wpa_printf(MSG_INFO, "%s: %.*s/%.*s",
- function, (int) gss_code_buf.length, (char *) gss_code_buf.value,
- (int) mech_buf.length, (char *) mech_buf.value);
- }
- else {
- wpa_printf(MSG_INFO, "%s: %08X/%08X", function, major, minor);
- }
- tmpmaj = gss_release_buffer(&tmpmin, &gss_code_buf);
- tmpmaj = gss_release_buffer(&tmpmin, &mech_buf);
-}
-
#include "gssapiP_eap.h"
OM_uint32 GSSAPI_CALLCONV
+gss_verify_mic_iov(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_qop_t *qop_state,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 major;
+
+ if (ctx == GSS_C_NO_CONTEXT) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+ }
+
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
+
+ major = gssEapUnwrapOrVerifyMIC(minor, (gss_ctx_id_t)ctx, NULL, qop_state,
+ iov, iov_count, TOK_TYPE_MIC);
+
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
+
+ return major;
+}
+
+OM_uint32 GSSAPI_CALLCONV
gss_verify_mic(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
gss_buffer_t message_buffer,
gss_buffer_t message_token,
gss_qop_t *qop_state)
{
- OM_uint32 major;
- gss_iov_buffer_desc iov[3];
- int conf_state;
-
- if (message_token->length < 16) {
- *minor = GSSEAP_TOK_TRUNC;
- return GSS_S_BAD_SIG;
- }
-
- *minor = 0;
+ gss_iov_buffer_desc iov[2];
iov[0].type = GSS_IOV_BUFFER_TYPE_DATA;
iov[0].buffer = *message_buffer;
- iov[1].type = GSS_IOV_BUFFER_TYPE_HEADER;
+ iov[1].type = GSS_IOV_BUFFER_TYPE_MIC_TOKEN;
iov[1].buffer = *message_token;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
-
- major = gssEapUnwrapOrVerifyMIC(minor, ctx, &conf_state, qop_state,
- iov, 2, TOK_TYPE_MIC);
-
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
-
- return major;
+ return gss_verify_mic_iov(minor, (gss_ctx_id_t)ctx, qop_state, iov, 2);
}
OM_uint32 GSSAPI_CALLCONV
gss_wrap(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
int conf_req_flag,
gss_qop_t qop_req,
gss_buffer_t input_message_buffer,
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
major = GSS_S_NO_CONTEXT;
goto cleanup;
}
- major = gssEapWrap(minor, ctx, conf_req_flag, qop_req,
- input_message_buffer,
+ major = gssEapWrap(minor, (gss_ctx_id_t)ctx, conf_req_flag,
+ qop_req, input_message_buffer,
conf_state, output_message_buffer);
if (GSS_ERROR(major))
goto cleanup;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
iov[3].buffer.length = 0;
major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req,
- NULL, iov, 4);
+ NULL, iov, 4, TOK_TYPE_WRAP);
if (GSS_ERROR(major)) {
return major;
}
#include "gssapiP_eap.h"
unsigned char
-rfc4121Flags(gss_ctx_id_t ctx, int receiving)
+rfc4121Flags(gss_const_ctx_id_t ctx, int receiving)
{
unsigned char flags;
int isAcceptor;
gssEapIovMessageLength(iov, iov_count, &dataLen, &assocDataLen);
- header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ header = gssEapLocateHeaderIov(iov, iov_count, toktype);
if (header == NULL) {
*minor = GSSEAP_MISSING_IOV;
return GSS_S_FAILURE;
code = gssEapSign(krbContext, ctx->checksumType, rrc,
KRB_CRYPTO_CONTEXT(ctx), keyUsage,
- iov, iov_count);
+ iov, iov_count, toktype);
if (code != 0)
goto cleanup;
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
major = GSS_S_NO_CONTEXT;
goto cleanup;
}
- major = gssEapWrapOrGetMIC(minor, ctx, conf_req_flag, conf_state,
+ major = gssEapWrapOrGetMIC(minor, (gss_ctx_id_t)ctx, conf_req_flag, conf_state,
iov, iov_count, TOK_TYPE_WRAP);
if (GSS_ERROR(major))
goto cleanup;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}
+
OM_uint32
gssEapWrapIovLength(OM_uint32 *minor,
- gss_ctx_id_t ctx,
+ gss_const_ctx_id_t ctx,
int conf_req_flag,
gss_qop_t qop_req,
int *conf_state,
gss_iov_buffer_desc *iov,
- int iov_count)
+ int iov_count,
+ enum gss_eap_token_type toktype)
{
gss_iov_buffer_t header, trailer, padding;
size_t dataLength, assocDataLength;
size_t krbHeaderLen = 0, krbTrailerLen = 0, krbPadLen = 0;
krb5_error_code code;
krb5_context krbContext;
- int dce_style;
+ int dce_or_mic;
size_t ec;
#ifdef HAVE_HEIMDAL_VERSION
krb5_crypto krbCrypto = NULL;
GSSEAP_KRB_INIT(&krbContext);
- header = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_HEADER);
+ header = gssEapLocateHeaderIov(iov, iov_count, toktype);
if (header == NULL) {
*minor = GSSEAP_MISSING_IOV;
return GSS_S_FAILURE;
INIT_IOV_DATA(trailer);
}
- dce_style = ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0);
+ /* MIC tokens and DCE-style wrap tokens have similar length considerations:
+ * no padding, and the framing surrounds the header only, not the data. */
+ dce_or_mic = ((ctx->gssFlags & GSS_C_DCE_STYLE) != 0 ||
+ toktype == TOK_TYPE_MIC);
/* For CFX, EC is used instead of padding, and is placed in header or trailer */
padding = gssEapLocateIov(iov, iov_count, GSS_IOV_BUFFER_TYPE_PADDING);
return GSS_S_FAILURE;
}
- if (krbPadLen == 0 && dce_style) {
+ if (krbPadLen == 0 && dce_or_mic) {
/* Windows rejects AEAD tokens with non-zero EC */
code = krbBlockSize(krbContext, KRB_CRYPTO_CONTEXT(ctx), &ec);
if (code != 0) {
}
major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req,
- conf_state, iov, iov_count);
+ conf_state, iov, iov_count, TOK_TYPE_WRAP);
+ if (GSS_ERROR(major))
+ goto cleanup;
+
+cleanup:
+ GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+
+ return major;
+}
+
+OM_uint32 GSSAPI_CALLCONV
+gss_get_mic_iov_length(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_qop_t qop_req,
+ gss_iov_buffer_desc *iov,
+ int iov_count)
+{
+ OM_uint32 major;
+
+ if (ctx == GSS_C_NO_CONTEXT) {
+ *minor = EINVAL;
+ return GSS_S_CALL_INACCESSIBLE_READ | GSS_S_NO_CONTEXT;
+ }
+
+ *minor = 0;
+
+ GSSEAP_MUTEX_LOCK(&ctx->mutex);
+
+ if (!CTX_IS_ESTABLISHED(ctx)) {
+ major = GSS_S_NO_CONTEXT;
+ *minor = GSSEAP_CONTEXT_INCOMPLETE;
+ goto cleanup;
+ }
+
+ major = gssEapWrapIovLength(minor, ctx, FALSE, qop_req,
+ NULL, iov, iov_count, TOK_TYPE_MIC);
if (GSS_ERROR(major))
goto cleanup;
OM_uint32 GSSAPI_CALLCONV
gss_wrap_size_limit(OM_uint32 *minor,
+#ifdef HAVE_HEIMDAL_VERSION
+ gss_const_ctx_id_t ctx,
+#else
gss_ctx_id_t ctx,
+#endif
int conf_req_flag,
gss_qop_t qop_req,
OM_uint32 req_output_size,
*minor = 0;
- GSSEAP_MUTEX_LOCK(&ctx->mutex);
+ GSSEAP_MUTEX_LOCK(&((gss_ctx_id_t)ctx)->mutex);
if (!CTX_IS_ESTABLISHED(ctx)) {
major = GSS_S_NO_CONTEXT;
iov[3].buffer.length = 0;
major = gssEapWrapIovLength(minor, ctx, conf_req_flag, qop_req,
- NULL, iov, 4);
+ NULL, iov, TOK_TYPE_WRAP, 4);
if (GSS_ERROR(major))
goto cleanup;
*max_input_size = 0;
cleanup:
- GSSEAP_MUTEX_UNLOCK(&ctx->mutex);
+ GSSEAP_MUTEX_UNLOCK(&((gss_ctx_id_t)ctx)->mutex);
return major;
}