Add some plumbing for exporting names

[mech_eap.orig] / gssapiP_eap.h

diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index 128b0fe..9bafde4 100644 (file)
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -42,6 +42,7 @@
 #include <gssapi/gssapi.h>
 #include <gssapi/gssapi_ext.h>
 #include "gssapi_eap.h"
+#include "util.h"
 
 /* EAP includes */
 #define IEEE8021X_EAPOL 1
@@ -54,11 +55,20 @@
 /* Kerberos includes */
 #include <krb5.h>
 
+#define NAME_FLAG_NAI                       0x00000001
+#define NAME_FLAG_SERVICE                   0x00000002
+#define NAME_FLAG_SAML                      0x00000010
+#define NAME_FLAG_RADIUS                    0x00000020
+
+struct eap_gss_saml_assertion;
+struct eap_gss_avp_list;
+
 struct gss_name_struct {
+    GSSEAP_MUTEX mutex; /* mutex protecting attributes */
     OM_uint32 flags;
-    krb5_principal kerberosName;
-    void *aaa;
-    void *assertion;
+    krb5_principal krbPrincipal; /* this is immutable */
+    struct eap_gss_saml_assertion *assertion;
+    struct eap_gss_avp_list *avps;
 };
 
 #define CRED_FLAG_INITIATOR                 0x00000001
@@ -67,6 +77,7 @@ struct gss_name_struct {
 #define CRED_FLAG_PASSWORD                  0x00000008
 
 struct gss_cred_id_struct {
+    GSSEAP_MUTEX mutex;
     OM_uint32 flags;
     gss_name_t name;
     gss_buffer_desc password;
@@ -110,14 +121,14 @@ struct eap_gss_acceptor_ctx {
 };
 
 struct gss_ctx_id_struct {
+    GSSEAP_MUTEX mutex;
     enum eap_gss_state state;
     OM_uint32 flags;
     OM_uint32 gssFlags;
-    krb5_context kerberosCtx;
     gss_OID mechanismUsed;
     krb5_enctype encryptionType;
     krb5_cksumtype checksumType;
-    krb5_keyblock *encryptionKey;
+    krb5_keyblock rfc3961Key;
     gss_name_t initiatorName;
     gss_name_t acceptorName;
     time_t expiryTime;
@@ -135,87 +146,10 @@ struct gss_ctx_id_struct {
 #define TOK_FLAG_WRAP_CONFIDENTIAL          0x02
 #define TOK_FLAG_ACCEPTOR_SUBKEY            0x04
 
-enum gss_eap_token_type {
-    TOK_TYPE_MIC     = 0x0404,
-    TOK_TYPE_WRAP    = 0x0504,
-    TOK_TYPE_DELETE  = 0x0405
-};
-
-/* Helper APIs */
-OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-
-OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
-OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
-
-OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-
-/* Kerberos token services */
-#define KRB_USAGE_ACCEPTOR_SEAL             22
-#define KRB_USAGE_ACCEPTOR_SIGN             23
-#define KRB_USAGE_INITIATOR_SEAL            24
-#define KRB_USAGE_INITIATOR_SIGN            25
-
-#if 0
-#define KRB_KEYTYPE(key)                    ((key)->keytype)
-#else
-#define KRB_KEYTYPE(key)                    ((key)->enctype)
-#endif
-
-/* util_crypt.c */
-int
-gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
-              size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
-              gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
-              size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
-              gss_iov_buffer_desc *iov, int iov_count);
-
-krb5_cryptotype
-gssEapTranslateCryptoFlag(OM_uint32 type);
-
-gss_iov_buffer_t
-gssEapLocateIov(gss_iov_buffer_desc *iov,
-                int iov_count,
-                OM_uint32 type);
-
-void
-gssEapIovMessageLength(gss_iov_buffer_desc *iov,
-                       int iov_count,
-                       size_t *data_length,
-                       size_t *assoc_data_length);
-
-void
-gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
-
-/* util_cksum.c */
-int
-gssEapSign(krb5_context context,
-           krb5_cksumtype type,
-           size_t rrc,
-           krb5_keyblock *key,
-           krb5_keyusage sign_usage,
-           gss_iov_buffer_desc *iov,
-           int iov_count);
-
-int
-gssEapVerify(krb5_context context,
-             krb5_cksumtype type,
-             size_t rrc,  
-             krb5_keyblock *key,
-             krb5_keyusage sign_usage,
-             gss_iov_buffer_desc *iov,
-             int iov_count,
-             int *valid);
+#define KEY_USAGE_ACCEPTOR_SEAL             22
+#define KEY_USAGE_ACCEPTOR_SIGN             23
+#define KEY_USAGE_INITIATOR_SEAL            24
+#define KEY_USAGE_INITIATOR_SIGN            25
 
 /* wrap_iov.c */
 OM_uint32
@@ -236,17 +170,5 @@ gssEapUnwrapOrVerifyMIC(OM_uint32 *minor_status,
                         int iov_count,
                         enum gss_eap_token_type toktype);
 
-/* Helper macros */
-#define GSSEAP_CALLOC(count, size)      (calloc((count), (size)))
-#define GSSEAP_FREE(ptr)                (free((ptr)))
-#define GSSEAP_MALLOC(size)             (malloc((size)))
-#define GSSEAP_REALLOC(ptr, size)       (realloc((ptr), (size)))
-
-#define GSSEAP_NOT_IMPLEMENTED          do {            \
-        assert(0 && "not implemented");                 \
-        *minor = ENOSYS;                                \
-        return GSS_S_FAILURE;                           \
-    } while (0)
 
 #endif /* _GSSAPIP_EAP_H_ */
-