#include <assert.h>
#include <string.h>
#include <errno.h>
+#include <unistd.h>
+#include <stdlib.h>
#include <time.h>
/* GSS includes */
#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include "gssapi_eap.h"
+#include "util.h"
/* EAP includes */
-#define IEEE8021X_EAPOL 1
-
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
+#include <crypto/tls.h> /* XXX testing implementation only */
#include <wpabuf.h>
/* Kerberos includes */
#include <krb5.h>
-#include "util.h"
+
+#define NAME_FLAG_NAI 0x00000001
+#define NAME_FLAG_SERVICE 0x00000002
+#define NAME_FLAG_SAML 0x00000010
+#define NAME_FLAG_RADIUS 0x00000020
+
+#define NAME_HAS_ATTRIBUTES(name) ((name)->flags & \
+ (NAME_FLAG_SAML | NAME_FLAG_RADIUS))
+
+struct eap_gss_saml_assertion;
+struct eap_gss_avp_list;
struct gss_name_struct {
+ GSSEAP_MUTEX mutex; /* mutex protecting attributes */
OM_uint32 flags;
- krb5_principal kerberosName;
- void *aaa;
- void *assertion;
+ krb5_principal krbPrincipal; /* this is immutable */
+ struct eap_gss_saml_assertion *assertion;
+ struct eap_gss_avp_list *avps;
};
-#define CRED_FLAG_INITIATOR 0x00000001
-#define CRED_FLAG_ACCEPTOR 0x00000002
+#define CRED_FLAG_INITIATE 0x00000001
+#define CRED_FLAG_ACCEPT 0x00000002
#define CRED_FLAG_DEFAULT_IDENTITY 0x00000004
#define CRED_FLAG_PASSWORD 0x00000008
struct gss_cred_id_struct {
+ GSSEAP_MUTEX mutex;
OM_uint32 flags;
gss_name_t name;
gss_buffer_desc password;
+ gss_OID_set mechanisms;
time_t expiryTime;
};
#define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0)
enum eap_gss_state {
- EAP_STATE_AUTHENTICATE = 1,
+ EAP_STATE_AUTHENTICATE = 0,
EAP_STATE_KEY_TRANSPORT,
EAP_STATE_SECURE_ASSOCIATION,
EAP_STATE_GSS_CHANNEL_BINDINGS,
#define CTX_FLAG_EAP_ALT_REJECT 0x01000000
struct eap_gss_initiator_ctx {
- struct wpabuf *eapReqData;
unsigned int idleWhile;
- struct eap_peer_config eapConfig;
+ struct eap_peer_config eapPeerConfig;
+ struct eap_config eapConfig;
struct eap_sm *eap;
+ struct wpabuf reqData;
};
-/* Acceptor context flags */
struct eap_gss_acceptor_ctx {
+ struct eap_eapol_interface *eapPolInterface;
+ void *tlsContext;
+ struct eap_sm *eap;
+ struct eap_config eapConfig; /* XXX */
};
struct gss_ctx_id_struct {
+ GSSEAP_MUTEX mutex;
enum eap_gss_state state;
OM_uint32 flags;
OM_uint32 gssFlags;
- krb5_context kerberosCtx;
gss_OID mechanismUsed;
krb5_enctype encryptionType;
- krb5_cksumtype checksumType;
- krb5_keyblock *rfc3961Key;
+ krb5_keyblock rfc3961Key;
gss_name_t initiatorName;
gss_name_t acceptorName;
time_t expiryTime;
#define TOK_FLAG_WRAP_CONFIDENTIAL 0x02
#define TOK_FLAG_ACCEPTOR_SUBKEY 0x04
-#define KEY_USAGE_ACCEPTOR_SEAL 512
-#define KEY_USAGE_ACCEPTOR_SIGN 513
-#define KEY_USAGE_INITIATOR_SEAL 514
-#define KEY_USAGE_INITIATOR_SIGN 515
-
-enum gss_eap_token_type {
- TOK_TYPE_MIC = 0x0404,
- TOK_TYPE_WRAP = 0x0504,
- TOK_TYPE_DELETE = 0x0405
-};
+#define KEY_USAGE_ACCEPTOR_SEAL 22
+#define KEY_USAGE_ACCEPTOR_SIGN 23
+#define KEY_USAGE_INITIATOR_SEAL 24
+#define KEY_USAGE_INITIATOR_SIGN 25
/* wrap_iov.c */
OM_uint32