From 7c94f42e6e1dc8dde851836062de016c914f4f43 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 7 Sep 2010 15:37:08 +0200
Subject: [PATCH] More stubs for EAP mechanism

---
 .gitignore    |  28 +++++++++++++--
 Makefile.am   |  48 ++++++++++++++++++++++---
 acinclude.m4  |   6 ++--
 configure.ac  | 110 +++++++++++++---------------------------------------------
 gssapiP_eap.h |  53 ++++++++++++++++++++++++++++
 5 files changed, 150 insertions(+), 95 deletions(-)

diff --git a/.gitignore b/.gitignore
index aa6cf56..fbcaac4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,26 @@
-autom4te.cache
+/aclocal.m4
+/autom4te.cache
+/compile
+/config.guess
+/config.log
+/config.status
+/config.sub
+/config.h
+/configure
+/depcomp
+
+/libtool
+/ltmain.sh
+/missing
+
+.DS_Store
+
 Makefile.in
-aclocal.m4
-configure
+Makefile
+
+*.la
+*.lo
+*~
+
+.deps
+.libs
diff --git a/Makefile.am b/Makefile.am
index 990c7f7..479c57a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,9 +4,49 @@ gssdir = $(libdir)/gss
 
 gss_LTLIBRARIES = libmech_eap.la
 
-libmech_eap_la_CFLAGS  = -g -Wall -fno-strict-aliasing @KRB_CFLAGS@ @TARGET_CFLAGS@
-libmech_eap_la_LDFLAGS = @KRB_LDFLAGS@ @TARGET_LDFLAGS@
-libmech_eap_la_LIBADD  = @KRB_LIBS@
+libmech_eap_la_CFLAGS  = -g -Wall -fno-strict-aliasing @KRB5_CFLAGS@ @TARGET_CFLAGS@
+libmech_eap_la_LDFLAGS = -export-symbols mech_eap.exports -version-info 0:0:0 @KRB5_LDFLAGS@ @TARGET_LDFLAGS@
+libmech_eap_la_LIBADD  = @KRB5_LIBS@
 
-libmech_eap_la_SOURCES =
+libmech_eap_la_SOURCES =    			\
+	accept_sec_context.c			\
+	acquire_cred.c				\
+	acquire_cred_with_password.c		\
+	add_cred.c				\
+	add_cred_with_password.c		\
+	canonicalize_name.c			\
+	compare_name.c				\
+	context_time.c				\
+	delete_sec_context.c			\
+	display_name.c				\
+	display_name_ext.c			\
+	duplicate_name.c			\
+	eap_mech.c				\
+	export_name.c				\
+	export_sec_context.c			\
+	get_mic.c				\
+	get_name_attribute.c			\
+	import_name.c				\
+	import_sec_context.c			\
+	indicate_mechs.c			\
+	init_sec_context.c			\
+	inquire_context.c			\
+	inquire_cred.c				\
+	inquire_mechs_for_name.c		\
+	inquire_names_for_mech.c		\
+	map_name_to_any.c			\
+	process_context_token.c			\
+	pseudo_random.c				\
+	release_any_name_mapping.c		\
+	release_cred.c				\
+	release_name.c				\
+	set_name_attribute.c			\
+	store_cred.c				\
+	unwrap.c				\
+	unwrap_iov.c				\
+	verify_mic.c				\
+	wrap.c					\
+	wrap_iov.c				\
+	wrap_iov_length.c			\
+	wrap_size_limit.c
 
diff --git a/acinclude.m4 b/acinclude.m4
index 8daa90e..c376194 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -38,8 +38,8 @@ else
         printf "Kerberos found in $krb5dir\n";
 	krb5_LIBS="-lgssapi_krb5 -lkrb5";
         krb5_LDFLAGS="-L$krb5dir/lib";
-	AC_SUBST(krb5_CFLAGS)
-	AC_SUBST(krb5_LDFLAGS)
-	AC_SUBST(krb5_LIBS)
+	AC_SUBST(KRB5_CFLAGS)
+	AC_SUBST(KRB5_LDFLAGS)
+	AC_SUBST(KRB5_LIBS)
 fi
 ])dnl
diff --git a/configure.ac b/configure.ac
index d5fa858..79826d3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,91 +1,31 @@
-AC_INIT(radsecproxy, 1.4, radsecproxy@uninett.no)
-AC_CANONICAL_TARGET
+AC_PREREQ([2.61])
+AC_INIT([mech_eap], [0.1], [bugs@project-moonshot.org])
+dnl AC_CONFIG_MACRO_DIR([m4])
 AM_INIT_AUTOMAKE
+LT_PREREQ([2.2])
+LT_INIT([dlopen disable-static])
+
 AC_PROG_CC
-AM_PROG_CC_C_O
-udp=yes
-AC_ARG_ENABLE(udp,
-  [  --enable-udp whether to enable UDP transport: yes/no; default yes ],
-  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
-      udp=$enableval
-    else
-      echo "--enable-udp argument must be yes or no"
-      exit -1
-    fi
-  ])
- 
-tcp=yes
-AC_ARG_ENABLE(tcp,
-  [  --enable-tcp whether to enable TCP transport: yes/no; default yes ],
-  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
-      tcp=$enableval
-    else
-      echo "--enable-tcp argument must be yes or no"
-      exit -1
-    fi
-  ])
- 
-tls=yes
-AC_ARG_ENABLE(tls,
-  [  --enable-tls whether to enable TLS (RadSec) transport: yes/no; default yes ],
-  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
-      tls=$enableval
-    else
-      echo "--enable-tls argument must be yes or no"
-      exit -1
-    fi
-  ])
- 
-dtls=yes
-AC_ARG_ENABLE(dtls,
-  [  --enable-dtls whether to enable DTLS transport: yes/no; default yes ],
-  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
-      dtls=$enableval
-    else
-      echo "--enable-dtls argument must be yes or no"
-      exit -1
-    fi
-  ])
- 
+
 dnl Check if we're on Solaris and set CFLAGS accordingly
-AC_CANONICAL_SYSTEM
-case "${target_os}" in
-  solaris*)
-    TARGET_CFLAGS="-DSYS_SOLARIS9 -D_POSIX_PTHREAD_SEMANTICS"
-    if test "$GCC" != yes ; then
-      TARGET_CFLAGS="$TARGET_CFLAGS -mt"
-    else
-      TARGET_CFLAGS="$TARGET_CFLAGS -pthreads"
-    fi
-    TARGET_LDFLAGS="-lpthread -lsocket -lnsl"
-    ;;
-  *)
-    TARGET_CFLAGS="-Wall -pedantic -pthread"
-    TARGET_LDFLAGS=""
-  esac
-dnl Adding enabled options
-if test "x$udp" = "xyes" ; then
-  echo "UDP transport enabled"
-  TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_UDP"
-fi
-if test "x$tcp" = "xyes" ; then
-  echo "TCP transport enabled"
-  TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_TCP"
-fi
-if test "x$tls" = "xyes" ; then
-  echo "TLS (RadSec) transport enabled"
-  TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_TLS"
-fi
-if test "x$dtls" = "xyes" ; then
-  echo "DTLS transport enabled"
-  TARGET_CFLAGS="$TARGET_CFLAGS -DRADPROT_DTLS"
-fi
- 
-AC_ARG_VAR([DOCBOOK2X_MAN], [docbook2x-man])
-AC_CHECK_PROG([DOCBOOK2X_MAN], [docbook2x-man], [yes])
-AM_CONDITIONAL(HAVE_DOCBOOK2X_MAN, test "$DOCBOOK2X_MAN" = "yes")
+dnl AC_CANONICAL_TARGET
+dnl case "${target_os}" in
+dnl   solaris*)
+dnl     TARGET_CFLAGS="-DSYS_SOLARIS9 -D_POSIX_PTHREAD_SEMANTICS"
+dnl     if test "$GCC" != yes ; then
+dnl       TARGET_CFLAGS="$TARGET_CFLAGS -mt"
+dnl     else
+dnl       TARGET_CFLAGS="$TARGET_CFLAGS -pthreads"
+dnl     fi
+dnl     TARGET_LDFLAGS="-lpthread -lsocket -lnsl"
+dnl     ;;
+dnl   *)
+dnl     TARGET_CFLAGS="-Wall -pedantic -pthread"
+dnl     TARGET_LDFLAGS=""
+dnl   esac
 
 AC_SUBST(TARGET_CFLAGS)
 AC_SUBST(TARGET_LDFLAGS)
-AX_CHECK_SSL
-AC_OUTPUT(Makefile)
+AX_CHECK_KRB5
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT
diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 10a6e82..6415371 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -29,3 +29,56 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+
+#ifndef _GSSAPIP_EAP_H_
+#define _GSSAPIP_EAP_H_ 1
+
+#include <gssapi/gssapi.h>
+#include <krb5.h>
+
+#include "gssapi_eap.h"
+
+struct gss_name_struct {
+    OM_uint32 flags;
+    krb5_principal principal;
+    void *aaa;
+    void *assertion;
+};
+
+#define CRED_FLAG_INITIATOR                 0x00000001
+#define CRED_FLAG_ACCEPTOR                  0x00000002
+#define CRED_FLAG_DEFAULT_IDENTITY          0x00000004
+#define CRED_FLAG_PASSWORD                  0x00000008
+
+struct gss_cred_id_struct {
+    OM_uint32 flags;
+    gss_name_t initiatorName;
+    gss_name_t acceptorName;
+    gss_buffer_desc password;
+};
+
+#define CTX_FLAG_INITIATOR                  0x00000001
+
+enum eap_gss_state {
+    EAP_STATE_AUTHENTICATE = 1,
+    EAP_STATE_KEY_TRANSPORT,
+    EAP_STATE_SECURE_ASSOCIATION,
+    EAP_STATE_GSS_CHANNEL_BINDINGS,
+    EAP_STATE_ESTABLISHED
+};
+
+struct gss_ctx_id_struct {
+    enum eap_gss_state state;
+    OM_uint32 flags;
+    OM_uint32 gssFlags;
+    krb5_context kerberosCtx;
+    gss_OID mechanismUsed;
+    krb5_cksumtype checksumType;
+    krb5_keyblock *encryptionKey;
+    gss_name_t initiatorName;
+    gss_name_t acceptorName;
+    OM_uint32 lifetime;
+};
+
+#endif /* _GSSAPIP_EAP_H_ */
+
-- 
2.1.4