#include <gssapi/gssapi.h>
#include <gssapi/gssapi_ext.h>
#include "gssapi_eap.h"
+#include "util.h"
/* EAP includes */
#define IEEE8021X_EAPOL 1
#include <krb5.h>
struct gss_name_struct {
+ GSSEAP_MUTEX mutex;
OM_uint32 flags;
krb5_principal kerberosName;
void *aaa;
#define CRED_FLAG_PASSWORD 0x00000008
struct gss_cred_id_struct {
+ GSSEAP_MUTEX mutex;
OM_uint32 flags;
gss_name_t name;
gss_buffer_desc password;
};
struct gss_ctx_id_struct {
+ GSSEAP_MUTEX mutex;
enum eap_gss_state state;
OM_uint32 flags;
OM_uint32 gssFlags;
#define KEY_USAGE_INITIATOR_SEAL 514
#define KEY_USAGE_INITIATOR_SIGN 515
-enum gss_eap_token_type {
- TOK_TYPE_EAP_RESP = 0x0601,
- TOK_TYPE_EAP_REQ = 0x0602,
- TOK_TYPE_GSS_CB = 0x0603,
- TOK_TYPE_MIC = 0x0404,
- TOK_TYPE_WRAP = 0x0504,
- TOK_TYPE_DELETE = 0x0405,
- TOK_TYPE_NONE = 0xFFFF
-};
-
/* wrap_iov.c */
OM_uint32
gssEapWrapOrGetMIC(OM_uint32 *minor,
enum gss_eap_token_type toktype);
-#include "util.h"
-
#endif /* _GSSAPIP_EAP_H_ */
#ifndef _UTIL_H_
#define _UTIL_H_ 1
+#include <krb5.h>
+
#define KRB_KEYTYPE(key) ((key)->enctype)
int
int do_replay, int do_sequence, int wide_nums);
/* util_token.c */
+enum gss_eap_token_type {
+ TOK_TYPE_EAP_RESP = 0x0601,
+ TOK_TYPE_EAP_REQ = 0x0602,
+ TOK_TYPE_GSS_CB = 0x0603,
+ TOK_TYPE_MIC = 0x0404,
+ TOK_TYPE_WRAP = 0x0504,
+ TOK_TYPE_DELETE = 0x0405,
+ TOK_TYPE_NONE = 0xFFFF
+};
+
size_t
tokenSize(const gss_OID_desc *mech, size_t body_size);
return GSS_S_FAILURE; \
} while (0)
+#include <pthread.h>
+
+#define GSSEAP_MUTEX pthread_mutex_t
+#define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
+#define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
+#define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
+#define GSSEAP_MUTEX_UNLOCK(m) pthread_mutex_unlock((m))
+
/* Helper functions */
static inline void
store_uint16_be(uint16_t val, void *vp)
return GSS_S_FAILURE;
}
+ if (GSSEAP_MUTEX_INIT(&ctx->mutex) != 0) {
+ *minor = errno;
+ gssEapReleaseContext(&tmpMinor, &ctx);
+ return GSS_S_FAILURE;
+ }
+
*minor = krb5_init_context(&ctx->kerberosCtx);
if (*minor != 0) {
gssEapReleaseContext(&tmpMinor, &ctx);
gss_release_oid(&tmpMinor, &ctx->mechanismUsed);
sequenceFree(ctx->seqState);
+ GSSEAP_MUTEX_DESTROY(&ctx->mutex);
+
memset(ctx, 0, sizeof(*ctx));
GSSEAP_FREE(ctx);
*pCtx = GSS_C_NO_CONTEXT;
OM_uint32
gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
{
+ OM_uint32 tmpMinor;
gss_cred_id_t cred;
assert(*pCred == GSS_C_NO_CREDENTIAL);
return GSS_S_FAILURE;
}
+ if (GSSEAP_MUTEX_INIT(&cred->mutex) != 0) {
+ *minor = errno;
+ gssEapReleaseCred(&tmpMinor, &cred);
+ return GSS_S_FAILURE;
+ }
+
*pCred = cred;
+ *minor = 0;
return GSS_S_COMPLETE;
}
GSSEAP_FREE(cred->password.value);
}
+ GSSEAP_MUTEX_DESTROY(&cred->mutex);
memset(cred, 0, sizeof(*cred));
GSSEAP_FREE(cred);
*pCred = NULL;
OM_uint32
gssEapAllocName(OM_uint32 *minor, gss_name_t *pName)
{
+ OM_uint32 tmpMinor;
gss_name_t name;
assert(*pName == GSS_C_NO_NAME);
return GSS_S_FAILURE;
}
+ if (GSSEAP_MUTEX_INIT(&name->mutex) != 0) {
+ *minor = errno;
+ gssEapReleaseName(&tmpMinor, &name);
+ return GSS_S_FAILURE;
+ }
+
*pName = name;
return GSS_S_COMPLETE;
krb5_free_context(kerbCtx);
}
+ GSSEAP_MUTEX_DESTROY(&name->mutex);
GSSEAP_FREE(name);
*pName = NULL;
*minor = 0;
return GSS_S_COMPLETE;
}
+
+OM_uint32
+gssEapDuplicateName(krb5_context context,
+ const gss_name_t src,
+ gss_name_t *dst)
+{
+}
+
+krb5_boolean
+gssEapCompareName(krb5_context context,
+ gss_name_t name1,
+ gss_name_t name2)
+{
+}