#include "gssapiP_eap.h"
+#define BUILTIN_EAP
+
+#ifdef BUILTIN_EAP
#define EAP_MAX_METHODS 8
#define EAP_TTLS_AUTH_PAP 1
#define EAP_TTLS_AUTH_MSCHAP 4
#define EAP_TTLS_AUTH_MSCHAPV2 8
-#if 1
struct eap_user {
struct {
int vendor;
*len = 0;
return NULL;
}
-#endif
+#endif /* BUILTIN_EAP */
static OM_uint32
acceptReady(OM_uint32 *minor, gss_ctx_id_t ctx)
if (ctx->encryptionType != ENCTYPE_NULL &&
ctx->acceptorCtx.eapPolInterface->eapKeyAvailable) {
- major = rfc3961EncTypeToChecksumType(minor, ctx->encryptionType,
- &ctx->checksumType);
- if (GSS_ERROR(major))
- return major;
-
major = gssEapDeriveRfc3961Key(minor,
ctx->acceptorCtx.eapPolInterface->eapKeyData,
ctx->acceptorCtx.eapPolInterface->eapKeyDataLen,
&ctx->rfc3961Key);
if (GSS_ERROR(major))
return major;
+
+ major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
+ &ctx->checksumType);
+ if (GSS_ERROR(major))
+ return major;
} else {
/*
* draft-howlett-eap-gss says that integrity/confidentialty should
int iov_count,
enum gss_eap_token_type toktype);
-
#endif /* _GSSAPIP_EAP_H_ */
eap_key_available(ctx->initiatorCtx.eap)) {
key = eap_get_eapKeyData(ctx->initiatorCtx.eap, &keyLength);
- major = rfc3961EncTypeToChecksumType(minor, ctx->encryptionType,
- &ctx->checksumType);
+ major = gssEapDeriveRfc3961Key(minor, key, keyLength,
+ ctx->encryptionType, &ctx->rfc3961Key);
if (GSS_ERROR(major))
return major;
- major = gssEapDeriveRfc3961Key(minor, key, keyLength,
- ctx->encryptionType, &ctx->rfc3961Key);
+ major = rfc3961ChecksumTypeForKey(minor, &ctx->rfc3961Key,
+ &ctx->checksumType);
if (GSS_ERROR(major))
return major;
} else {
gssEapKerberosInit(OM_uint32 *minor, krb5_context *context);
OM_uint32
-rfc3961EncTypeToChecksumType(OM_uint32 *minor,
- krb5_enctype etype,
- krb5_cksumtype *cksumtype);
+rfc3961ChecksumTypeForKey(OM_uint32 *minor,
+ krb5_keyblock *key,
+ krb5_cksumtype *cksumtype);
#define GSSEAP_KRB_INIT(ctx) do { \
OM_uint32 tmpMajor; \
return (code == 0) ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
+#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
extern krb5_error_code
krb5int_c_mandatory_cksumtype(krb5_context, krb5_enctype, krb5_cksumtype *);
+#endif
OM_uint32
-rfc3961EncTypeToChecksumType(OM_uint32 *minor,
- krb5_enctype etype,
- krb5_cksumtype *cksumtype)
+rfc3961ChecksumTypeForKey(OM_uint32 *minor,
+ krb5_keyblock *key,
+ krb5_cksumtype *cksumtype)
{
krb5_context krbContext;
+#ifndef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+ krb5_data data;
+ krb5_checksum cksum;
+#endif
GSSEAP_KRB_INIT(&krbContext);
- *minor = krb5int_c_mandatory_cksumtype(krbContext, etype, cksumtype);
+#ifdef HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE
+ *minor = krb5int_c_mandatory_cksumtype(krbContext, KRB_KEY_TYPE(key),
+ cksumtype);
if (*minor != 0)
return GSS_S_FAILURE;
+#else
+ data.length = 0;
+ data.data = NULL;
+
+ memset(&cksum, 0, sizeof(cksum));
+
+ *minor = krb5_c_make_checksum(krbContext, 0, key, 0, &data, &cksum);
+ if (*minor != 0)
+ return GSS_S_FAILURE;
+
+ *cksumtype = cksum.checksum_type;
+
+ krb5_free_checksum_contents(krbContext, &cksum);
+#endif /* HAVE_KRB5INT_C_MANDATORY_CKSUMTYPE */
return GSS_S_COMPLETE;
}