X-Git-Url: http://www.project-moonshot.org/gitweb/?p=moonshot.git;a=blobdiff_plain;f=mech_eap%2FgssapiP_eap.h;h=0d1dd4d9489f6a9b5038f36f6e53c25789fdd923;hp=c6c634e6f6cefd9f0a493a54d85e3a215a041f7b;hb=a3c967e248121c12913c7a59ca6210e57babe0a6;hpb=7b371ea5f89d20a6e7ecf14c4f17a3550f298523 diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h index c6c634e..0d1dd4d 100644 --- a/mech_eap/gssapiP_eap.h +++ b/mech_eap/gssapiP_eap.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2010, JANET(UK) + * Copyright (c) 2011, JANET(UK) * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,36 +34,63 @@ #define _GSSAPIP_EAP_H_ 1 #include "config.h" + +#ifdef HAVE_HEIMDAL_VERSION +#define KRB5_DEPRECATED /* so we can use krb5_free_unparsed_name() */ +#endif + #include #include #include #include #include +#include #include +#include -/* GSS includes */ +/* GSS headers */ #include #include +#ifdef HAVE_HEIMDAL_VERSION +typedef struct gss_any *gss_any_t; +#else #include +#endif #include "gssapi_eap.h" -/* Kerberos includes */ +/* Kerberos headers */ #include -/* EAP includes */ -#ifndef __cplusplus +/* EAP headers */ #include #include #include -#include +#include +#include #include -#endif -#include +/* FreeRADIUS headers */ +#ifdef __cplusplus +extern "C" { +#define operator fr_operator +#endif +#include #include +#include +#include +#ifdef __cplusplus +#undef operator +} +#endif +#include "gsseap_err.h" +#include "radsec_err.h" #include "util.h" +#ifdef __cplusplus +extern "C" { +#endif + /* These name flags are informative and not actually used by anything yet */ #define NAME_FLAG_NAI 0x00000001 #define NAME_FLAG_SERVICE 0x00000002 @@ -72,9 +99,15 @@ struct gss_eap_saml_attr_ctx; struct gss_eap_attr_ctx; -struct gss_name_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_name_t_desc_struct +#else +struct gss_name_struct +#endif +{ GSSEAP_MUTEX mutex; /* mutex protects attrCtx */ OM_uint32 flags; + gss_OID mechanismUsed; /* this is immutable */ krb5_principal krbPrincipal; /* this is immutable */ struct gss_eap_attr_ctx *attrCtx; }; @@ -83,9 +116,15 @@ struct gss_name_struct { #define CRED_FLAG_ACCEPT 0x00020000 #define CRED_FLAG_DEFAULT_IDENTITY 0x00040000 #define CRED_FLAG_PASSWORD 0x00080000 +#define CRED_FLAG_DEFAULT_CCACHE 0x00100000 #define CRED_FLAG_PUBLIC_MASK 0x0000FFFF -struct gss_cred_id_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_cred_id_t_desc_struct +#else +struct gss_cred_id_struct +#endif +{ GSSEAP_MUTEX mutex; OM_uint32 flags; gss_name_t name; @@ -93,6 +132,7 @@ struct gss_cred_id_struct { gss_OID_set mechanisms; time_t expiryTime; char *radiusConfigFile; + char *radiusConfigStanza; #ifdef GSSEAP_ENABLE_REAUTH krb5_ccache krbCredCache; gss_cred_id_t krbCred; @@ -100,22 +140,12 @@ struct gss_cred_id_struct { }; #define CTX_FLAG_INITIATOR 0x00000001 -#define CTX_FLAG_KRB_REAUTH_GSS 0x00000002 +#define CTX_FLAG_KRB_REAUTH 0x00000002 +#define CTX_FLAG_KRB_REAUTH_SUPPORTED 0x00000004 #define CTX_IS_INITIATOR(ctx) (((ctx)->flags & CTX_FLAG_INITIATOR) != 0) -enum gss_eap_state { - EAP_STATE_IDENTITY = 0, - EAP_STATE_AUTHENTICATE, - EAP_STATE_EXTENSIONS_REQ, - EAP_STATE_EXTENSIONS_RESP, - EAP_STATE_ESTABLISHED, -#ifdef GSSEAP_ENABLE_REAUTH - EAP_STATE_KRB_REAUTH_GSS -#endif -}; - -#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == EAP_STATE_ESTABLISHED) +#define CTX_IS_ESTABLISHED(ctx) ((ctx)->state == GSSEAP_STATE_ESTABLISHED) /* Initiator context flags */ #define CTX_FLAG_EAP_SUCCESS 0x00010000 @@ -130,23 +160,26 @@ enum gss_eap_state { #define CTX_FLAG_EAP_MASK 0xFFFF0000 struct gss_eap_initiator_ctx { - gss_cred_id_t defaultCred; unsigned int idleWhile; -#ifndef __cplusplus struct eap_peer_config eapPeerConfig; struct eap_sm *eap; struct wpabuf reqData; -#endif }; struct gss_eap_acceptor_ctx { - rc_handle *radHandle; - int lastStatus; - VALUE_PAIR *avps; + struct rs_context *radContext; + struct rs_connection *radConn; + char *radServer; gss_buffer_desc state; + VALUE_PAIR *vps; }; -struct gss_ctx_id_struct { +#ifdef HAVE_HEIMDAL_VERSION +struct gss_ctx_id_t_desc_struct +#else +struct gss_ctx_id_struct +#endif +{ GSSEAP_MUTEX mutex; enum gss_eap_state state; OM_uint32 flags; @@ -160,16 +193,18 @@ struct gss_ctx_id_struct { time_t expiryTime; uint64_t sendSeq, recvSeq; void *seqState; + gss_cred_id_t defaultCred; union { struct gss_eap_initiator_ctx initiator; #define initiatorCtx ctxU.initiator struct gss_eap_acceptor_ctx acceptor; #define acceptorCtx ctxU.acceptor #ifdef GSSEAP_ENABLE_REAUTH - gss_ctx_id_t kerberos; - #define kerberosCtx ctxU.kerberos + gss_ctx_id_t reauth; + #define reauthCtx ctxU.reauth #endif } ctxU; + gss_buffer_desc conversation; }; #define TOK_FLAG_SENDER_IS_ACCEPTOR 0x01 @@ -180,7 +215,6 @@ struct gss_ctx_id_struct { #define KEY_USAGE_ACCEPTOR_SIGN 23 #define KEY_USAGE_INITIATOR_SEAL 24 #define KEY_USAGE_INITIATOR_SIGN 25 -#define KEY_USAGE_CHANNEL_BINDINGS 64 /* wrap_iov.c */ OM_uint32 @@ -221,4 +255,22 @@ gssEapWrap(OM_uint32 *minor, unsigned char rfc4121Flags(gss_ctx_id_t ctx, int receiving); +/* display_status.c */ +void +gssEapSaveStatusInfo(OM_uint32 minor, const char *format, ...); + +#define IS_WIRE_ERROR(err) ((err) > GSSEAP_RESERVED && \ + (err) <= GSSEAP_RADIUS_PROT_FAILURE) + +/* export_sec_context.c */ +OM_uint32 +gssEapExportSecContext(OM_uint32 *minor, + gss_ctx_id_t ctx, + gss_buffer_t token); + + +#ifdef __cplusplus +} +#endif + #endif /* _GSSAPIP_EAP_H_ */