#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include "gssapi_eap.h"
+#include "util.h"
/* EAP includes */
#define IEEE8021X_EAPOL 1
/* Kerberos includes */
#include <krb5.h>
+#define NAME_FLAG_NAI 0x00000001
+#define NAME_FLAG_SERVICE 0x00000002
+#define NAME_FLAG_SAML 0x00000010
+#define NAME_FLAG_RADIUS 0x00000020
+
+struct eap_gss_saml_assertion;
+struct eap_gss_avp_list;
+
struct gss_name_struct {
+ GSSEAP_MUTEX mutex; /* mutex protecting attributes */
OM_uint32 flags;
- krb5_principal kerberosName;
- void *aaa;
- void *assertion;
+ krb5_principal krbPrincipal; /* this is immutable */
+ struct eap_gss_saml_assertion *assertion;
+ struct eap_gss_avp_list *avps;
};
#define CRED_FLAG_INITIATOR 0x00000001
#define CRED_FLAG_PASSWORD 0x00000008
struct gss_cred_id_struct {
+ GSSEAP_MUTEX mutex;
OM_uint32 flags;
gss_name_t name;
gss_buffer_desc password;
};
struct gss_ctx_id_struct {
+ GSSEAP_MUTEX mutex;
enum eap_gss_state state;
OM_uint32 flags;
OM_uint32 gssFlags;
- krb5_context kerberosCtx;
gss_OID mechanismUsed;
krb5_enctype encryptionType;
krb5_cksumtype checksumType;
- krb5_keyblock *encryptionKey;
+ krb5_keyblock rfc3961Key;
gss_name_t initiatorName;
gss_name_t acceptorName;
time_t expiryTime;
#define TOK_FLAG_WRAP_CONFIDENTIAL 0x02
#define TOK_FLAG_ACCEPTOR_SUBKEY 0x04
-enum gss_eap_token_type {
- TOK_TYPE_MIC = 0x0404,
- TOK_TYPE_WRAP = 0x0504,
- TOK_TYPE_DELETE = 0x0405
-};
-
-/* Helper APIs */
-OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
-
-OM_uint32 gssEapAllocName(OM_uint32 *minor, gss_name_t *pName);
-OM_uint32 gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName);
-
-OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
-
-/* Kerberos token services */
-#define KRB_USAGE_ACCEPTOR_SEAL 22
-#define KRB_USAGE_ACCEPTOR_SIGN 23
-#define KRB_USAGE_INITIATOR_SEAL 24
-#define KRB_USAGE_INITIATOR_SIGN 25
-
-#if 0
-#define KRB_KEYTYPE(key) ((key)->keytype)
-#else
-#define KRB_KEYTYPE(key) ((key)->enctype)
-#endif
-
-/* util_crypt.c */
-int
-gssEapEncrypt(krb5_context context, int dce_style, size_t ec,
- size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
- gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapDecrypt(krb5_context context, int dce_style, size_t ec,
- size_t rrc, krb5_keyblock *key, int usage, krb5_pointer iv,
- gss_iov_buffer_desc *iov, int iov_count);
-
-krb5_cryptotype
-gssEapTranslateCryptoFlag(OM_uint32 type);
-
-gss_iov_buffer_t
-gssEapLocateIov(gss_iov_buffer_desc *iov,
- int iov_count,
- OM_uint32 type);
-
-void
-gssEapIovMessageLength(gss_iov_buffer_desc *iov,
- int iov_count,
- size_t *data_length,
- size_t *assoc_data_length);
-
-void
-gssEapReleaseIov(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapIsIntegrityOnly(gss_iov_buffer_desc *iov, int iov_count);
-
-int
-gssEapAllocIov(gss_iov_buffer_t iov, size_t size);
-
-/* util_cksum.c */
-int
-gssEapSign(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count);
-
-int
-gssEapVerify(krb5_context context,
- krb5_cksumtype type,
- size_t rrc,
- krb5_keyblock *key,
- krb5_keyusage sign_usage,
- gss_iov_buffer_desc *iov,
- int iov_count,
- int *valid);
+#define KEY_USAGE_ACCEPTOR_SEAL 22
+#define KEY_USAGE_ACCEPTOR_SIGN 23
+#define KEY_USAGE_INITIATOR_SEAL 24
+#define KEY_USAGE_INITIATOR_SIGN 25
/* wrap_iov.c */
OM_uint32
int iov_count,
enum gss_eap_token_type toktype);
-/* Helper macros */
-#define GSSEAP_CALLOC(count, size) (calloc((count), (size)))
-#define GSSEAP_FREE(ptr) (free((ptr)))
-#define GSSEAP_MALLOC(size) (malloc((size)))
-#define GSSEAP_REALLOC(ptr, size) (realloc((ptr), (size)))
-
-#define GSSEAP_NOT_IMPLEMENTED do { \
- assert(0 && "not implemented"); \
- *minor = ENOSYS; \
- return GSS_S_FAILURE; \
- } while (0)
#endif /* _GSSAPIP_EAP_H_ */
-