2 * Copyright (c) 2011, JANET(UK)
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of JANET(UK) nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * Portions Copyright 2003-2010 Massachusetts Institute of Technology.
34 * All Rights Reserved.
36 * Export of this software from the United States of America may
37 * require a specific license from the United States Government.
38 * It is the responsibility of any person or organization contemplating
39 * export to obtain such a license before exporting.
41 * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
42 * distribute this software and its documentation for any purpose and
43 * without fee is hereby granted, provided that the above copyright
44 * notice appear in all copies and that both that copyright notice and
45 * this permission notice appear in supporting documentation, and that
46 * the name of M.I.T. not be used in advertising or publicity pertaining
47 * to distribution of the software without specific, written prior
48 * permission. Furthermore if you modify this software you must label
49 * your software as modified software and not distribute it in such a
50 * fashion that it might be confused with the original M.I.T. software.
51 * M.I.T. makes no representations about the suitability of
52 * this software for any purpose. It is provided "as is" without express
53 * or implied warranty.
64 #ifdef HAVE_SYS_PARAM_H
65 #include <sys/param.h>
76 #define inline __inline
77 #define snprintf _snprintf
85 #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
88 #if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
89 #define GSSEAP_UNUSED __attribute__ ((__unused__))
96 makeStringBuffer(OM_uint32 *minor,
100 #define makeStringBufferOrCleanup(src, dst) \
102 major = makeStringBuffer((minor), (src), (dst));\
103 if (GSS_ERROR(major)) \
108 bufferToString(OM_uint32 *minor,
109 const gss_buffer_t buffer,
113 duplicateBuffer(OM_uint32 *minor,
114 const gss_buffer_t src,
117 #define duplicateBufferOrCleanup(src, dst) \
119 major = duplicateBuffer((minor), (src), (dst)); \
120 if (GSS_ERROR(major)) \
125 bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2)
127 return (b1->length == b2->length &&
128 memcmp(b1->value, b2->value, b2->length) == 0);
132 bufferEqualString(const gss_buffer_t b1, const char *s)
136 b2.length = strlen(s);
137 b2.value = (char *)s;
139 return bufferEqual(b1, &b2);
144 gssEapSign(krb5_context context,
147 #ifdef HAVE_HEIMDAL_VERSION
152 krb5_keyusage sign_usage,
153 gss_iov_buffer_desc *iov,
157 gssEapVerify(krb5_context context,
160 #ifdef HAVE_HEIMDAL_VERSION
165 krb5_keyusage sign_usage,
166 gss_iov_buffer_desc *iov,
172 gssEapEncodeGssChannelBindings(OM_uint32 *minor,
173 gss_channel_bindings_t chanBindings,
174 gss_buffer_t encodedBindings);
178 #define EAP_EXPORT_CONTEXT_V1 1
180 enum gss_eap_token_type {
181 TOK_TYPE_NONE = 0x0000, /* no token */
182 TOK_TYPE_MIC = 0x0404, /* RFC 4121 MIC token */
183 TOK_TYPE_WRAP = 0x0504, /* RFC 4121 wrap token */
184 TOK_TYPE_EXPORT_NAME = 0x0401, /* RFC 2743 exported name */
185 TOK_TYPE_EXPORT_NAME_COMPOSITE = 0x0402, /* exported composite name */
186 TOK_TYPE_DELETE_CONTEXT = 0x0405, /* RFC 2743 delete context */
187 TOK_TYPE_INITIATOR_CONTEXT = 0x0601, /* initiator-sent context token */
188 TOK_TYPE_ACCEPTOR_CONTEXT = 0x0602, /* acceptor-sent context token */
191 /* inner token types and flags */
192 #define ITOK_TYPE_NONE 0x00000000
193 #define ITOK_TYPE_CONTEXT_ERR 0x00000001 /* critical */
194 #define ITOK_TYPE_ACCEPTOR_NAME_REQ 0x00000002 /* TBD */
195 #define ITOK_TYPE_ACCEPTOR_NAME_RESP 0x00000003 /* TBD */
196 #define ITOK_TYPE_EAP_RESP 0x00000004 /* critical, required, if not reauth */
197 #define ITOK_TYPE_EAP_REQ 0x00000005 /* critical, required, if not reauth */
198 #define ITOK_TYPE_GSS_CHANNEL_BINDINGS 0x00000006 /* critical, required, if not reauth */
199 #define ITOK_TYPE_REAUTH_CREDS 0x00000007 /* optional */
200 #define ITOK_TYPE_REAUTH_REQ 0x00000008 /* optional */
201 #define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
202 #define ITOK_TYPE_VERSION_INFO 0x0000000A /* optional */
203 #define ITOK_TYPE_VENDOR_INFO 0x0000000B /* optional */
204 #define ITOK_TYPE_GSS_FLAGS 0x0000000C /* optional */
205 #define ITOK_TYPE_INITIATOR_MIC 0x0000000D /* critical, required, if not reauth */
206 #define ITOK_TYPE_ACCEPTOR_MIC 0x0000000E /* TBD */
208 #define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
209 #define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
211 #define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
213 #define GSSEAP_WIRE_FLAGS_MASK ( GSS_C_MUTUAL_FLAG | \
215 GSS_C_IDENTIFY_FLAG | \
216 GSS_C_EXTENDED_ERROR_FLAG )
218 OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
219 OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
222 gssEapMakeToken(OM_uint32 *minor,
224 const gss_buffer_t innerToken,
225 enum gss_eap_token_type tokenType,
226 gss_buffer_t outputToken);
229 gssEapVerifyToken(OM_uint32 *minor,
231 const gss_buffer_t inputToken,
232 enum gss_eap_token_type *tokenType,
233 gss_buffer_t innerInputToken);
236 gssEapContextTime(OM_uint32 *minor,
237 gss_ctx_id_t context_handle,
238 OM_uint32 *time_rec);
241 gssEapMakeTokenMIC(OM_uint32 *minor,
243 gss_buffer_t tokenMIC);
246 gssEapVerifyTokenMIC(OM_uint32 *minor,
248 const gss_buffer_t tokenMIC);
251 OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
252 OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
255 gssEapPrimaryMechForCred(gss_cred_id_t cred);
258 gssEapAcquireCred(OM_uint32 *minor,
259 const gss_name_t desiredName,
261 const gss_OID_set desiredMechs,
263 gss_cred_id_t *pCred,
264 gss_OID_set *pActualMechs,
268 gssEapSetCredPassword(OM_uint32 *minor,
270 const gss_buffer_t password);
273 gssEapSetCredService(OM_uint32 *minor,
275 const gss_name_t target);
278 gssEapResolveInitiatorCred(OM_uint32 *minor,
279 const gss_cred_id_t cred,
280 const gss_name_t target,
281 gss_cred_id_t *resolvedCred);
283 int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
286 gssEapInquireCred(OM_uint32 *minor,
289 OM_uint32 *pLifetime,
290 gss_cred_usage_t *cred_usage,
291 gss_OID_set *mechanisms);
295 gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
297 #ifdef HAVE_HEIMDAL_VERSION
303 gss_iov_buffer_desc *iov, int iov_count);
306 gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
308 #ifdef HAVE_HEIMDAL_VERSION
314 gss_iov_buffer_desc *iov, int iov_count);
317 gssEapMapCryptoFlag(OM_uint32 type);
320 gssEapLocateIov(gss_iov_buffer_desc *iov,
325 gssEapIovMessageLength(gss_iov_buffer_desc *iov,
328 size_t *assoc_data_length);
331 gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
334 gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
337 gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
340 gssEapDeriveRfc3961Key(OM_uint32 *minor,
341 const unsigned char *key,
343 krb5_enctype enctype,
344 krb5_keyblock *pKey);
347 #ifdef HAVE_HEIMDAL_VERSION
349 #define KRB_TIME_FOREVER ((time_t)~0L)
351 #define KRB_KEY_TYPE(key) ((key)->keytype)
352 #define KRB_KEY_DATA(key) ((key)->keyvalue.data)
353 #define KRB_KEY_LENGTH(key) ((key)->keyvalue.length)
355 #define KRB_PRINC_LENGTH(princ) ((princ)->name.name_string.len)
356 #define KRB_PRINC_TYPE(princ) ((princ)->name.name_type)
357 #define KRB_PRINC_NAME(princ) ((princ)->name.name_string.val)
358 #define KRB_PRINC_REALM(princ) ((princ)->realm)
360 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->keyblock)
361 #define KRB_KT_ENT_FREE(c, e) krb5_kt_free_entry((c), (e))
363 #define KRB_CRYPTO_CONTEXT(ctx) (krbCrypto)
367 #define KRB_TIME_FOREVER KRB5_INT32_MAX
369 #define KRB_KEY_TYPE(key) ((key)->enctype)
370 #define KRB_KEY_DATA(key) ((key)->contents)
371 #define KRB_KEY_LENGTH(key) ((key)->length)
373 #define KRB_PRINC_LENGTH(princ) (krb5_princ_size(NULL, (princ)))
374 #define KRB_PRINC_TYPE(princ) (krb5_princ_type(NULL, (princ)))
375 #define KRB_PRINC_NAME(princ) (krb5_princ_name(NULL, (princ)))
376 #define KRB_PRINC_REALM(princ) (krb5_princ_realm(NULL, (princ)))
378 #define KRB_KT_ENT_KEYBLOCK(e) (&(e)->key)
379 #define KRB_KT_ENT_FREE(c, e) krb5_free_keytab_entry_contents((c), (e))
381 #define KRB_CRYPTO_CONTEXT(ctx) (&(ctx)->rfc3961Key)
383 #endif /* HAVE_HEIMDAL_VERSION */
385 #define KRB_KEY_INIT(key) do { \
386 KRB_KEY_TYPE(key) = ENCTYPE_NULL; \
387 KRB_KEY_DATA(key) = NULL; \
388 KRB_KEY_LENGTH(key) = 0; \
391 #define GSSEAP_KRB_INIT(ctx) do { \
392 OM_uint32 tmpMajor; \
394 tmpMajor = gssEapKerberosInit(minor, ctx); \
395 if (GSS_ERROR(tmpMajor)) { \
401 gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
404 rfc3961ChecksumTypeForKey(OM_uint32 *minor,
406 krb5_cksumtype *cksumtype);
409 krbCryptoLength(krb5_context krbContext,
410 #ifdef HAVE_HEIMDAL_VERSION
411 krb5_crypto krbCrypto,
419 krbPaddingLength(krb5_context krbContext,
420 #ifdef HAVE_HEIMDAL_VERSION
421 krb5_crypto krbCrypto,
429 krbBlockSize(krb5_context krbContext,
430 #ifdef HAVE_HEIMDAL_VERSION
431 krb5_crypto krbCrypto,
438 krbEnctypeToString(krb5_context krbContext,
439 krb5_enctype enctype,
441 gss_buffer_t string);
444 krbMakeAuthDataKdcIssued(krb5_context context,
445 const krb5_keyblock *key,
446 krb5_const_principal issuer,
447 #ifdef HAVE_HEIMDAL_VERSION
448 const AuthorizationData *authdata,
449 AuthorizationData *adKdcIssued
451 krb5_authdata *const *authdata,
452 krb5_authdata ***adKdcIssued
457 krbMakeCred(krb5_context context,
458 krb5_auth_context authcontext,
464 gssEapExportLucidSecContext(OM_uint32 *minor,
466 const gss_OID desiredObject,
467 gss_buffer_set_t *data_set);
470 extern gss_OID GSS_EAP_MECHANISM;
472 #define OID_FLAG_NULL_VALID 0x00000001
473 #define OID_FLAG_FAMILY_MECH_VALID 0x00000002
474 #define OID_FLAG_MAP_NULL_TO_DEFAULT_MECH 0x00000004
475 #define OID_FLAG_MAP_FAMILY_MECH_TO_NULL 0x00000008
478 gssEapCanonicalizeOid(OM_uint32 *minor,
484 gssEapReleaseOid(OM_uint32 *minor, gss_OID *oid);
487 gssEapDefaultMech(OM_uint32 *minor,
491 gssEapIndicateMechs(OM_uint32 *minor,
495 gssEapEnctypeToOid(OM_uint32 *minor,
496 krb5_enctype enctype,
500 gssEapOidToEnctype(OM_uint32 *minor,
502 krb5_enctype *enctype);
505 gssEapIsMechanismOid(const gss_OID oid);
508 gssEapIsConcreteMechanismOid(const gss_OID oid);
511 gssEapValidateMechs(OM_uint32 *minor,
512 const gss_OID_set mechs);
515 gssEapOidToSaslName(const gss_OID oid);
518 gssEapSaslNameToOid(const gss_buffer_t name);
520 /* util_moonshot.c */
522 libMoonshotResolveDefaultIdentity(OM_uint32 *minor,
523 const gss_cred_id_t cred,
527 libMoonshotResolveInitiatorCred(OM_uint32 *minor,
529 const gss_name_t targetName);
532 #define EXPORT_NAME_FLAG_OID 0x1
533 #define EXPORT_NAME_FLAG_COMPOSITE 0x2
534 #define EXPORT_NAME_FLAG_ALLOW_COMPOSITE 0x4
536 OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
537 OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
538 OM_uint32 gssEapExportName(OM_uint32 *minor,
539 const gss_name_t name,
540 gss_buffer_t exportedName);
541 OM_uint32 gssEapExportNameInternal(OM_uint32 *minor,
542 const gss_name_t name,
543 gss_buffer_t exportedName,
545 OM_uint32 gssEapImportName(OM_uint32 *minor,
546 const gss_buffer_t input_name_buffer,
547 const gss_OID input_name_type,
548 const gss_OID input_mech_type,
549 gss_name_t *output_name);
550 OM_uint32 gssEapImportNameInternal(OM_uint32 *minor,
551 const gss_buffer_t input_name_buffer,
552 gss_name_t *output_name,
555 gssEapDuplicateName(OM_uint32 *minor,
556 const gss_name_t input_name,
557 gss_name_t *dest_name);
560 gssEapCanonicalizeName(OM_uint32 *minor,
561 const gss_name_t input_name,
562 const gss_OID mech_type,
563 gss_name_t *dest_name);
566 gssEapDisplayName(OM_uint32 *minor,
568 gss_buffer_t output_name_buffer,
569 gss_OID *output_name_type);
572 gssEapCompareName(OM_uint32 *minor,
579 composeOid(OM_uint32 *minor_status,
586 decomposeOid(OM_uint32 *minor_status,
593 duplicateOid(OM_uint32 *minor_status,
594 const gss_OID_desc * const oid,
598 duplicateOidSet(OM_uint32 *minor,
599 const gss_OID_set src,
603 oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
605 if (o1 == GSS_C_NO_OID)
606 return (o2 == GSS_C_NO_OID);
607 else if (o2 == GSS_C_NO_OID)
608 return (o1 == GSS_C_NO_OID);
610 return (o1->length == o2->length &&
611 memcmp(o1->elements, o2->elements, o1->length) == 0);
614 /* util_ordering.c */
616 sequenceInternalize(OM_uint32 *minor,
622 sequenceExternalize(OM_uint32 *minor,
628 sequenceSize(void *vqueue);
631 sequenceFree(OM_uint32 *minor, void **vqueue);
634 sequenceCheck(OM_uint32 *minor, void **vqueue, uint64_t seqnum);
637 sequenceInit(OM_uint32 *minor, void **vqueue, uint64_t seqnum,
638 int do_replay, int do_sequence, int wide_nums);
642 GSSEAP_STATE_INITIAL = 0x01, /* initial state */
643 GSSEAP_STATE_AUTHENTICATE = 0x02, /* exchange EAP messages */
644 GSSEAP_STATE_INITIATOR_EXTS = 0x04, /* initiator extensions */
645 GSSEAP_STATE_ACCEPTOR_EXTS = 0x08, /* acceptor extensions */
646 #ifdef GSSEAP_ENABLE_REAUTH
647 GSSEAP_STATE_REAUTHENTICATE = 0x10, /* GSS reauthentication messages */
649 GSSEAP_STATE_ESTABLISHED = 0x20, /* context established */
650 GSSEAP_STATE_ALL = 0x3F
653 #define GSSEAP_STATE_NEXT(s) ((s) << 1)
655 #define GSSEAP_SM_STATE(ctx) ((ctx)->state)
658 void gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
659 #define GSSEAP_SM_TRANSITION(ctx, state) gssEapSmTransition((ctx), (state))
661 #define GSSEAP_SM_TRANSITION(ctx, newstate) do { (ctx)->state = (newstate); } while (0)
664 #define GSSEAP_SM_TRANSITION_NEXT(ctx) GSSEAP_SM_TRANSITION((ctx), GSSEAP_STATE_NEXT(GSSEAP_SM_STATE((ctx))))
666 /* state machine entry */
668 OM_uint32 inputTokenType;
669 OM_uint32 outputTokenType;
670 enum gss_eap_state validStates;
672 OM_uint32 (*processToken)(OM_uint32 *,
679 gss_channel_bindings_t,
685 /* state machine flags, set by handler */
686 #define SM_FLAG_FORCE_SEND_TOKEN 0x00000001 /* send token even if no inner tokens */
687 #define SM_FLAG_OUTPUT_TOKEN_CRITICAL 0x00000002 /* output token is critical */
689 /* state machine flags, set by state machine */
690 #define SM_FLAG_INPUT_TOKEN_CRITICAL 0x10000000 /* input token was critical */
692 #define SM_ITOK_FLAG_REQUIRED 0x00000001 /* received tokens must be present */
695 gssEapSmStep(OM_uint32 *minor,
702 gss_channel_bindings_t chanBindings,
703 gss_buffer_t inputToken,
704 gss_buffer_t outputToken,
705 struct gss_eap_sm *sm,
709 gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
712 struct gss_eap_token_buffer_set {
713 gss_buffer_set_desc buffers; /* pointers only */
718 gssEapEncodeInnerTokens(OM_uint32 *minor,
719 struct gss_eap_token_buffer_set *tokens,
720 gss_buffer_t buffer);
722 gssEapDecodeInnerTokens(OM_uint32 *minor,
723 const gss_buffer_t buffer,
724 struct gss_eap_token_buffer_set *tokens);
727 gssEapReleaseInnerTokens(OM_uint32 *minor,
728 struct gss_eap_token_buffer_set *tokens,
732 gssEapAllocInnerTokens(OM_uint32 *minor,
734 struct gss_eap_token_buffer_set *tokens);
737 tokenSize(const gss_OID_desc *mech, size_t body_size);
740 makeTokenHeader(const gss_OID_desc *mech,
743 enum gss_eap_token_type tok_type);
746 verifyTokenHeader(OM_uint32 *minor,
749 unsigned char **buf_in,
751 enum gss_eap_token_type *ret_tok_type);
755 #define GSSEAP_CALLOC calloc
756 #define GSSEAP_MALLOC malloc
757 #define GSSEAP_FREE free
758 #define GSSEAP_REALLOC realloc
760 #ifndef GSSAPI_CALLCONV
761 #define GSSAPI_CALLCONV KRB5_CALLCONV
764 #ifndef GSSEAP_ASSERT
766 #define GSSEAP_ASSERT(x) assert((x))
767 #endif /* !GSSEAP_ASSERT */
770 #define GSSEAP_CONSTRUCTOR
771 #define GSSEAP_DESTRUCTOR
773 #define GSSEAP_CONSTRUCTOR __attribute__((constructor))
774 #define GSSEAP_DESTRUCTOR __attribute__((destructor))
777 #define GSSEAP_NOT_IMPLEMENTED do { \
778 GSSEAP_ASSERT(0 && "not implemented"); \
780 return GSS_S_FAILURE; \
787 #define GSSEAP_GET_LAST_ERROR() (GetLastError()) /* XXX FIXME */
789 #define GSSEAP_MUTEX CRITICAL_SECTION
790 #define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0)
791 #define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m))
792 #define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m))
793 #define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m))
794 #define GSSEAP_ONCE_LEAVE do { return TRUE; } while (0)
796 /* Thread-local is handled separately */
798 #define GSSEAP_THREAD_ONCE INIT_ONCE
799 #define GSSEAP_ONCE_CALLBACK(cb) BOOL CALLBACK cb(PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context)
800 #define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i), NULL, NULL)
801 #define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT
807 #define GSSEAP_GET_LAST_ERROR() (errno)
809 #define GSSEAP_MUTEX pthread_mutex_t
810 #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
811 #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
812 #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
813 #define GSSEAP_MUTEX_UNLOCK(m) pthread_mutex_unlock((m))
815 #define GSSEAP_THREAD_KEY pthread_key_t
816 #define GSSEAP_KEY_CREATE(k, d) pthread_key_create((k), (d))
817 #define GSSEAP_GETSPECIFIC(k) pthread_getspecific((k))
818 #define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d))
820 #define GSSEAP_THREAD_ONCE pthread_once_t
821 #define GSSEAP_ONCE_CALLBACK(cb) void cb(void)
822 #define GSSEAP_ONCE(o, i) pthread_once((o), (i))
823 #define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT
824 #define GSSEAP_ONCE_LEAVE do { } while (0)
828 /* Helper functions */
830 store_uint16_be(uint16_t val, void *vp)
832 unsigned char *p = (unsigned char *)vp;
834 p[0] = (val >> 8) & 0xff;
835 p[1] = (val ) & 0xff;
838 static inline uint16_t
839 load_uint16_be(const void *cvp)
841 const unsigned char *p = (const unsigned char *)cvp;
843 return (p[1] | (p[0] << 8));
847 store_uint32_be(uint32_t val, void *vp)
849 unsigned char *p = (unsigned char *)vp;
851 p[0] = (val >> 24) & 0xff;
852 p[1] = (val >> 16) & 0xff;
853 p[2] = (val >> 8) & 0xff;
854 p[3] = (val ) & 0xff;
857 static inline uint32_t
858 load_uint32_be(const void *cvp)
860 const unsigned char *p = (const unsigned char *)cvp;
862 return (p[3] | (p[2] << 8)
863 | ((uint32_t) p[1] << 16)
864 | ((uint32_t) p[0] << 24));
868 store_uint64_be(uint64_t val, void *vp)
870 unsigned char *p = (unsigned char *)vp;
872 p[0] = (unsigned char)((val >> 56) & 0xff);
873 p[1] = (unsigned char)((val >> 48) & 0xff);
874 p[2] = (unsigned char)((val >> 40) & 0xff);
875 p[3] = (unsigned char)((val >> 32) & 0xff);
876 p[4] = (unsigned char)((val >> 24) & 0xff);
877 p[5] = (unsigned char)((val >> 16) & 0xff);
878 p[6] = (unsigned char)((val >> 8) & 0xff);
879 p[7] = (unsigned char)((val ) & 0xff);
882 static inline uint64_t
883 load_uint64_be(const void *cvp)
885 const unsigned char *p = (const unsigned char *)cvp;
887 return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4);
890 static inline unsigned char *
891 store_buffer(gss_buffer_t buffer, void *vp, int wide_nums)
893 unsigned char *p = (unsigned char *)vp;
896 store_uint64_be(buffer->length, p);
899 store_uint32_be(buffer->length, p);
903 if (buffer->value != NULL) {
904 memcpy(p, buffer->value, buffer->length);
911 static inline unsigned char *
912 load_buffer(const void *cvp, size_t length, gss_buffer_t buffer)
915 buffer->value = GSSEAP_MALLOC(length);
916 if (buffer->value == NULL)
918 buffer->length = length;
919 memcpy(buffer->value, cvp, length);
920 return (unsigned char *)cvp + length;
923 static inline unsigned char *
924 store_oid(gss_OID oid, void *vp)
928 if (oid != GSS_C_NO_OID) {
929 buf.length = oid->length;
930 buf.value = oid->elements;
936 return store_buffer(&buf, vp, FALSE);
940 krbDataToGssBuffer(krb5_data *data, gss_buffer_t buffer)
942 buffer->value = (void *)data->data;
943 buffer->length = data->length;
947 krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
948 int index, gss_buffer_t buffer)
950 #ifdef HAVE_HEIMDAL_VERSION
951 buffer->value = (void *)KRB_PRINC_NAME(krbPrinc)[index];
952 buffer->length = strlen((char *)buffer->value);
954 buffer->value = (void *)krb5_princ_component(NULL, krbPrinc, index)->data;
955 buffer->length = krb5_princ_component(NULL, krbPrinc, index)->length;
956 #endif /* HAVE_HEIMDAL_VERSION */
960 krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer)
962 #ifdef HAVE_HEIMDAL_VERSION
963 buffer->value = (void *)KRB_PRINC_REALM(krbPrinc);
964 buffer->length = strlen((char *)buffer->value);
966 krbDataToGssBuffer(KRB_PRINC_REALM(krbPrinc), buffer);
971 gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
973 data->data = (char *)buffer->value;
974 data->length = buffer->length;
978 struct gss_eap_status_info;
980 struct gss_eap_thread_local_data {
981 krb5_context krbContext;
982 struct gss_eap_status_info *statusInfo;
985 struct gss_eap_thread_local_data *
986 gssEapGetThreadLocalData(void);
989 gssEapDestroyStatusInfo(struct gss_eap_status_info *status);
992 gssEapDestroyKrbContext(krb5_context context);
998 #ifdef GSSEAP_ENABLE_ACCEPTOR
999 #include "util_json.h"
1000 #include "util_attr.h"
1001 #include "util_base64.h"
1002 #endif /* GSSEAP_ENABLE_ACCEPTOR */
1003 #ifdef GSSEAP_ENABLE_REAUTH
1004 #include "util_reauth.h"
1007 #endif /* _UTIL_H_ */