#ifndef _UTIL_H_
#define _UTIL_H_ 1
-#if !defined(WIN32)
+#ifdef HAVE_SYS_PARAM_H
#include <sys/param.h>
#endif
+#ifdef HAVE_STDINT_H
+#include <stdint.h>
+#endif
#include <string.h>
#include <errno.h>
#include <krb5.h>
-#if defined(WIN32)
-#define INLINE __inline
-typedef unsigned __int16 uint16_t;
-typedef unsigned __int32 uint32_t;
-#else
-#define INLINE inline
+#ifdef WIN32
+#define inline __inline
+#define snprintf _snprintf
#endif
#ifdef __cplusplus
#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
#endif
-#if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
-#define GSSEAP_UNUSED __attribute__ ((__unused__))
+#if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+#define GSSEAP_UNUSED __attribute__ ((__unused__))
#else
#define GSSEAP_UNUSED
#endif
const char *string,
gss_buffer_t buffer);
+#define makeStringBufferOrCleanup(src, dst) \
+ do { \
+ major = makeStringBuffer((minor), (src), (dst));\
+ if (GSS_ERROR(major)) \
+ goto cleanup; \
+ } while (0)
+
OM_uint32
bufferToString(OM_uint32 *minor,
const gss_buffer_t buffer,
const gss_buffer_t src,
gss_buffer_t dst);
-static INLINE int
+#define duplicateBufferOrCleanup(src, dst) \
+ do { \
+ major = duplicateBuffer((minor), (src), (dst)); \
+ if (GSS_ERROR(major)) \
+ goto cleanup; \
+ } while (0)
+
+static inline int
bufferEqual(const gss_buffer_t b1, const gss_buffer_t b2)
{
return (b1->length == b2->length &&
memcmp(b1->value, b2->value, b2->length) == 0);
}
-static INLINE int
+static inline int
bufferEqualString(const gss_buffer_t b1, const char *s)
{
gss_buffer_desc b2;
#define ITOK_TYPE_REAUTH_RESP 0x00000009 /* optional */
#define ITOK_TYPE_VERSION_INFO 0x0000000A /* optional */
#define ITOK_TYPE_VENDOR_INFO 0x0000000B /* optional */
+#define ITOK_TYPE_GSS_FLAGS 0x0000000C /* optional */
+#define ITOK_TYPE_INITIATOR_MIC 0x0000000D /* critical, required, if not reauth */
+#define ITOK_TYPE_ACCEPTOR_MIC 0x0000000E /* TBD */
#define ITOK_FLAG_CRITICAL 0x80000000 /* critical, wire flag */
#define ITOK_FLAG_VERIFIED 0x40000000 /* verified, API flag */
#define ITOK_TYPE_MASK (~(ITOK_FLAG_CRITICAL | ITOK_FLAG_VERIFIED))
+#define GSSEAP_WIRE_FLAGS_MASK GSS_C_MUTUAL_FLAG
+
OM_uint32 gssEapAllocContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
OM_uint32 gssEapReleaseContext(OM_uint32 *minor, gss_ctx_id_t *pCtx);
gss_ctx_id_t context_handle,
OM_uint32 *time_rec);
+OM_uint32
+gssEapMakeTokenMIC(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ gss_buffer_t tokenMIC);
+
+OM_uint32
+gssEapVerifyTokenMIC(OM_uint32 *minor,
+ gss_ctx_id_t ctx,
+ const gss_buffer_t tokenMIC);
+
/* util_cred.c */
OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred);
OM_uint32 gssEapReleaseCred(OM_uint32 *minor, gss_cred_id_t *pCred);
+gss_OID
+gssEapPrimaryMechForCred(gss_cred_id_t cred);
+
OM_uint32
gssEapAcquireCred(OM_uint32 *minor,
const gss_name_t desiredName,
- const gss_buffer_t password,
OM_uint32 timeReq,
const gss_OID_set desiredMechs,
int cred_usage,
gss_OID_set *pActualMechs,
OM_uint32 *timeRec);
+OM_uint32
+gssEapSetCredPassword(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ const gss_buffer_t password);
+
+OM_uint32
+gssEapSetCredService(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ const gss_name_t target);
+
+OM_uint32
+gssEapResolveInitiatorCred(OM_uint32 *minor,
+ const gss_cred_id_t cred,
+ const gss_name_t target,
+ gss_cred_id_t *resolvedCred);
+
int gssEapCredAvailable(gss_cred_id_t cred, gss_OID mech);
OM_uint32
gss_OID
gssEapSaslNameToOid(const gss_buffer_t name);
+/* util_moonshot.c */
+OM_uint32
+libMoonshotResolveDefaultIdentity(OM_uint32 *minor,
+ const gss_cred_id_t cred,
+ gss_name_t *pName);
+
+OM_uint32
+libMoonshotResolveInitiatorCred(OM_uint32 *minor,
+ gss_cred_id_t cred,
+ const gss_name_t targetName);
+
/* util_name.c */
#define EXPORT_NAME_FLAG_OID 0x1
#define EXPORT_NAME_FLAG_COMPOSITE 0x2
const gss_OID_set src,
gss_OID_set *dst);
-static INLINE int
+static inline int
oidEqual(const gss_OID_desc *o1, const gss_OID_desc *o2)
{
if (o1 == GSS_C_NO_OID)
gssEapSmTransition(gss_ctx_id_t ctx, enum gss_eap_state state);
/* util_token.c */
+struct gss_eap_token_buffer_set {
+ gss_buffer_set_desc buffers; /* pointers only */
+ OM_uint32 *types;
+};
+
OM_uint32
gssEapEncodeInnerTokens(OM_uint32 *minor,
- gss_buffer_set_t extensions,
- OM_uint32 *types,
+ struct gss_eap_token_buffer_set *tokens,
gss_buffer_t buffer);
OM_uint32
gssEapDecodeInnerTokens(OM_uint32 *minor,
const gss_buffer_t buffer,
- gss_buffer_set_t *pExtensions,
- OM_uint32 **pTypes);
+ struct gss_eap_token_buffer_set *tokens);
+
+OM_uint32
+gssEapReleaseInnerTokens(OM_uint32 *minor,
+ struct gss_eap_token_buffer_set *tokens,
+ int freeBuffers);
+
+OM_uint32
+gssEapAllocInnerTokens(OM_uint32 *minor,
+ size_t count,
+ struct gss_eap_token_buffer_set *tokens);
size_t
tokenSize(const gss_OID_desc *mech, size_t body_size);
#define GSSEAP_FREE free
#define GSSEAP_REALLOC realloc
+#ifndef GSSAPI_CALLCONV
+#define GSSAPI_CALLCONV KRB5_CALLCONV
+#endif
+
+#ifdef WIN32
+#define GSSEAP_CONSTRUCTOR
+#define GSSEAP_DESTRUCTOR
+#else
+#define GSSEAP_CONSTRUCTOR __attribute__((constructor))
+#define GSSEAP_DESTRUCTOR __attribute__((destructor))
+#endif
+
#define GSSEAP_NOT_IMPLEMENTED do { \
assert(0 && "not implemented"); \
*minor = ENOSYS; \
return GSS_S_FAILURE; \
} while (0)
+#ifdef WIN32
+
+#include <winbase.h>
+
+#define GSSEAP_GET_LAST_ERROR() (GetLastError()) /* XXX FIXME */
+
+#define GSSEAP_MUTEX CRITICAL_SECTION
+#define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0)
+#define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m))
+#define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m))
+#define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m))
+#define GSSEAP_ONCE_LEAVE do { return TRUE; } while (0)
+
+/* Thread-local is handled separately */
+
+#define GSSEAP_THREAD_ONCE INIT_ONCE
+#define GSSEAP_ONCE_CALLBACK(cb) BOOL CALLBACK cb(PINIT_ONCE InitOnce, PVOID Parameter, PVOID *Context)
+#define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i), NULL, NULL)
+#define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT
+
+#else
+
#include <pthread.h>
-#define GSSEAP_MUTEX pthread_mutex_t
-#define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+#define GSSEAP_GET_LAST_ERROR() (errno)
+#define GSSEAP_MUTEX pthread_mutex_t
#define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
#define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
#define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
#define GSSEAP_SETSPECIFIC(k, d) pthread_setspecific((k), (d))
#define GSSEAP_THREAD_ONCE pthread_once_t
+#define GSSEAP_ONCE_CALLBACK(cb) void cb(void)
#define GSSEAP_ONCE(o, i) pthread_once((o), (i))
#define GSSEAP_ONCE_INITIALIZER PTHREAD_ONCE_INIT
+#define GSSEAP_ONCE_LEAVE do { } while (0)
+
+#endif /* WIN32 */
/* Helper functions */
-static INLINE void
+static inline void
store_uint16_be(uint16_t val, void *vp)
{
unsigned char *p = (unsigned char *)vp;
p[1] = (val ) & 0xff;
}
-static INLINE uint16_t
+static inline uint16_t
load_uint16_be(const void *cvp)
{
const unsigned char *p = (const unsigned char *)cvp;
return (p[1] | (p[0] << 8));
}
-static INLINE void
+static inline void
store_uint32_be(uint32_t val, void *vp)
{
unsigned char *p = (unsigned char *)vp;
p[3] = (val ) & 0xff;
}
-static INLINE uint32_t
+static inline uint32_t
load_uint32_be(const void *cvp)
{
const unsigned char *p = (const unsigned char *)cvp;
| ((uint32_t) p[0] << 24));
}
-static INLINE void
+static inline void
store_uint64_be(uint64_t val, void *vp)
{
unsigned char *p = (unsigned char *)vp;
p[7] = (unsigned char)((val ) & 0xff);
}
-static INLINE uint64_t
+static inline uint64_t
load_uint64_be(const void *cvp)
{
const unsigned char *p = (const unsigned char *)cvp;
return ((uint64_t)load_uint32_be(p) << 32) | load_uint32_be(p + 4);
}
-static INLINE unsigned char *
+static inline unsigned char *
store_buffer(gss_buffer_t buffer, void *vp, int wide_nums)
{
unsigned char *p = (unsigned char *)vp;
return p;
}
-static INLINE unsigned char *
+static inline unsigned char *
load_buffer(const void *cvp, size_t length, gss_buffer_t buffer)
{
buffer->length = 0;
return (unsigned char *)cvp + length;
}
-static INLINE unsigned char *
+static inline unsigned char *
store_oid(gss_OID oid, void *vp)
{
gss_buffer_desc buf;
return store_buffer(&buf, vp, FALSE);
}
-static INLINE void
+static inline void
krbDataToGssBuffer(krb5_data *data, gss_buffer_t buffer)
{
buffer->value = (void *)data->data;
buffer->length = data->length;
}
-static INLINE void
+static inline void
krbPrincComponentToGssBuffer(krb5_principal krbPrinc,
int index, gss_buffer_t buffer)
{
#endif /* HAVE_HEIMDAL_VERSION */
}
-static INLINE void
+static inline void
krbPrincRealmToGssBuffer(krb5_principal krbPrinc, gss_buffer_t buffer)
{
#ifdef HAVE_HEIMDAL_VERSION
#endif
}
-static INLINE void
+static inline void
gssBufferToKrbData(gss_buffer_t buffer, krb5_data *data)
{
data->data = (char *)buffer->value;
data->length = buffer->length;
}
+/* util_tld.c */
+struct gss_eap_status_info;
+
+struct gss_eap_thread_local_data {
+ krb5_context krbContext;
+ struct gss_eap_status_info *statusInfo;
+};
+
+struct gss_eap_thread_local_data *
+gssEapGetThreadLocalData(void);
+
+void
+gssEapDestroyStatusInfo(struct gss_eap_status_info *status);
+
+void
+gssEapDestroyKrbContext(krb5_context context);
+
#ifdef __cplusplus
}
#endif
#ifdef GSSEAP_ENABLE_ACCEPTOR
#include "util_json.h"
#include "util_attr.h"
-#endif
#include "util_base64.h"
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
#ifdef GSSEAP_ENABLE_REAUTH
#include "util_reauth.h"
#endif