#include <assert.h>
#include <string.h>
#include <errno.h>
+#ifdef HAVE_UNISTD_H
#include <unistd.h>
+#endif
+#ifdef HAVE_STDLIB_H
#include <stdlib.h>
+#endif
+#ifdef HAVE_STDARG_H
#include <stdarg.h>
+#endif
#include <time.h>
+#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
+#endif
+
+#ifdef WIN32
+#ifndef MAXHOSTNAMELEN
+# include <WinSock2.h>
+# define MAXHOSTNAMELEN NI_MAXHOST
+#endif
+#endif
/* GSS headers */
#include <gssapi/gssapi.h>
#include <krb5.h>
/* EAP headers */
+#include <includes.h>
#include <common.h>
#include <eap_peer/eap.h>
#include <eap_peer/eap_config.h>
#include <wpabuf.h>
/* FreeRADIUS headers */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
#ifdef __cplusplus
extern "C" {
#define operator fr_operator
#undef operator
}
#endif
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
#include "gsseap_err.h"
#include "radsec_err.h"
OM_uint32 flags;
gss_OID mechanismUsed; /* this is immutable */
krb5_principal krbPrincipal; /* this is immutable */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
struct gss_eap_attr_ctx *attrCtx;
+#endif
};
#define CRED_FLAG_INITIATE 0x00010000
struct wpabuf reqData;
};
+#ifdef GSSEAP_ENABLE_ACCEPTOR
struct gss_eap_acceptor_ctx {
struct rs_context *radContext;
struct rs_connection *radConn;
gss_buffer_desc state;
VALUE_PAIR *vps;
};
+#endif
#ifdef HAVE_HEIMDAL_VERSION
struct gss_ctx_id_t_desc_struct
union {
struct gss_eap_initiator_ctx initiator;
#define initiatorCtx ctxU.initiator
+#ifdef GSSEAP_ENABLE_ACCEPTOR
struct gss_eap_acceptor_ctx acceptor;
#define acceptorCtx ctxU.acceptor
+#endif
#ifdef GSSEAP_ENABLE_REAUTH
gss_ctx_id_t reauth;
#define reauthCtx ctxU.reauth
#define KEY_USAGE_INITIATOR_SEAL 24
#define KEY_USAGE_INITIATOR_SIGN 25
+/* accept_sec_context.c */
+OM_uint32
+gssEapAcceptSecContext(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_cred_id_t cred,
+ gss_buffer_t input_token,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_name_t *src_name,
+ gss_OID *mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec,
+ gss_cred_id_t *delegated_cred_handle);
+
+/* init_sec_context.c */
+OM_uint32
+gssEapInitSecContext(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ gss_ctx_id_t ctx,
+ gss_name_t target_name,
+ gss_OID mech_type,
+ OM_uint32 req_flags,
+ OM_uint32 time_req,
+ gss_channel_bindings_t input_chan_bindings,
+ gss_buffer_t input_token,
+ gss_OID *actual_mech_type,
+ gss_buffer_t output_token,
+ OM_uint32 *ret_flags,
+ OM_uint32 *time_rec);
+
/* wrap_iov.c */
OM_uint32
gssEapWrapOrGetMIC(OM_uint32 *minor,
#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \
(err) <= GSSEAP_RADIUS_PROT_FAILURE)
+/* upper bound of RADIUS error range must be kept in sync with radsec.h */
+#define IS_RADIUS_ERROR(err) ((err) >= ERROR_TABLE_BASE_rse && \
+ (err) <= ERROR_TABLE_BASE_rse + 20)
+
/* export_sec_context.c */
OM_uint32
gssEapExportSecContext(OM_uint32 *minor,