dnl Based on the one from the Boinc project by Reinhard
++AC_DEFUN([AX_CHECK_WINDOWS],
++[AC_MSG_CHECKING(for windows)
++target_windows="no"
++AC_CHECK_HEADER(windows.h,[target_windows="yes"],[target_windows="no"])
++AC_MSG_RESULT($target_windows)
++AM_CONDITIONAL(TARGET_WINDOWS,test "x$target_windows" = "xyes")
++])dnl
++
AC_DEFUN([AX_CHECK_KRB5],
[AC_MSG_CHECKING(for GSS-API and Kerberos implementation)
KRB5_DIR=
krb5dir="$dir"
if test -x "$dir/bin/krb5-config"; then
found_krb5="yes";
-- KRB5_CFLAGS=`$dir/bin/krb5-config gssapi --cflags`;
-- KRB5_LIBS=`$dir/bin/krb5-config gssapi --libs`;
-- COMPILE_ET="$dir/bin/compile_et";
++ if test "x$target_windows" = "xyes"; then
++ KRB5_CFLAGS=-I"$check_krb5_dir/include";
++ KRB5_LIBS="-L$check_krb5_dir/lib/ -lkrb5_32 -lgssapi32";
++ COMPILE_ET="$check_krb5_dir/bin/compile_et";
++ else
++ KRB5_CFLAGS=`$dir/bin/krb5-config gssapi --cflags`;
++ KRB5_LIBS=`$dir/bin/krb5-config gssapi --libs`;
++ COMPILE_ET="$dir/bin/compile_et";
++ fi
break;
fi
-done])
+done
AC_MSG_RESULT($found_krb5)
if test x_$found_krb5 != x_yes; then
AC_MSG_ERROR([
AC_INIT([mech_eap], [0.1], [bugs@project-moonshot.org])
dnl AC_CONFIG_MACRO_DIR([m4])
dnl AM_INIT_AUTOMAKE([silent-rules])
+ AC_USE_SYSTEM_EXTENSIONS
+ AC_GNU_SOURCE
AM_INIT_AUTOMAKE
-LT_PREREQ([2.4])
+ AM_PROG_CC_C_O
+ AM_MAINTAINER_MODE()
- LT_INIT([dlopen disable-static])
+LT_PREREQ([2.2])
+ LT_INIT([dlopen disable-static win32-dll])
- AC_PROG_CC
+ dnl AC_PROG_CC
AC_PROG_CXX
AC_CONFIG_HEADERS([config.h])
AC_CHECK_HEADERS(stdarg.h stdio.h stdint.h sys/param.h)
AC_SUBST(TARGET_CFLAGS)
AC_SUBST(TARGET_LDFLAGS)
+ AX_CHECK_WINDOWS
AX_CHECK_KRB5
-AM_CONDITIONAL(HEIMDAL, test "x$heimdal" != "xno")
-dnl AX_CHECK_EAP
-if test "x$acceptor" = "xyes" ; then
+AX_CHECK_OPENSAML
+AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
+
+AX_CHECK_SHIBRESOLVER
+AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
+if test x_$found_shibresolver = x_yes; then
AX_CHECK_SHIBSP
- AX_CHECK_SHIBRESOLVER
+fi
+
+if test "x$acceptor" = "xyes" ; then
AX_CHECK_RADSEC
AX_CHECK_JANSSON
fi
gssinclude_HEADERS = gssapi_eap.h
EAP_CFLAGS = -I$(srcdir)/../libeap/src -I$(srcdir)/../libeap/src/common -I$(srcdir)/../libeap/src/eap_common \
- -I$(srcdir)/../libeap/src/utils \
- -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL
+ -I$(srcdir)/../libeap/src/utils
+if GSSEAP_ENABLE_ACCEPTOR
+GSSEAP_EXPORTS = mech_eap.exports
+else
+GSSEAP_EXPORTS = mech_eap-noacceptor.exports
+endif
+
gssdir = $(libdir)/gss
gss_LTLIBRARIES = mech_eap.la
+
+ if TARGET_WINDOWS
+ EAP_CFLAGS += -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO
+ OS_LIBS = -lshell32 -ladvapi32 -lws2_32 -lcomerr32
+ mech_eap_la_CFLAGS = -Zi
+ mech_eap_la_CXXFLAGS = -Zi
+ else
+ EAP_CFLAGS += -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL
+ OS_LIBS =
+ mech_eap_la_CFLAGS = -Werror -Wall -Wunused-parameter
+ mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter
+ endif
+
mech_eap_la_CPPFLAGS = -DBUILD_GSSEAP_LIB -DSYSCONFDIR=\"${sysconfdir}\" -DDATAROOTDIR=\"${datarootdir}\"
-mech_eap_la_CFLAGS += @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS)
-mech_eap_la_CXXFLAGS += @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS)
+mech_eap_la_CFLAGS = -Werror -Wall -Wunused-parameter \
+ @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS)
+mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter \
+ @KRB5_CFLAGS@ @RADSEC_CFLAGS@ \
+ @OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \
+ @TARGET_CFLAGS@ $(EAP_CFLAGS)
mech_eap_la_LDFLAGS = -avoid-version -module \
- -export-symbols $(srcdir)/mech_eap.exports -no-undefined \
+ -export-symbols $(GSSEAP_EXPORTS) -no-undefined \
@RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
-mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
- @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@ $(OS_LIBS) $(LTLIBOBJS)
++if TARGET_WINDOWS
++mech_eap_la_LDFLAGS += -debug
++endif
+
+mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
+ @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@
-
mech_eap_la_SOURCES = \
- accept_sec_context.c \
acquire_cred.c \
acquire_cred_with_password.c \
add_cred.c \
clean-generic:
rm -f gsseap_err.[ch] radsec_err.[ch]
-
-endif
#endif
#include <freeradius/libradius.h>
#include <freeradius/radius.h>
-////Because freeradius/autoconf.h is evil!
-////#undef uint16_t
-////#undef uint32_t
-////#undef uint8_t
+
+ #undef pid_t
+
++/* libradsec headers */
#include <radsec/radsec.h>
#include <radsec/request.h>
#ifdef __cplusplus
#ifdef GSSEAP_DEBUG
assert(remain == 0);
#endif
- #endif
++#endif /* GSSEAP_ENABLE_ACCEPTOR */
major = GSS_S_COMPLETE;
*minor = 0;
#define MIN(_a,_b) ((_a)<(_b)?(_a):(_b))
#endif
- #if !defined(WIN32) && (!(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)))
+ #if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
-#define GSSEAP_UNUSED __attribute__ ((__unused__))
+#define GSSEAP_UNUSED __attribute__ ((__unused__))
#else
#define GSSEAP_UNUSED
#endif
} while (0)
#ifdef WIN32
+
#include <winbase.h>
-#define GSSEAP_MUTEX CRITICAL_SECTION
-// wrapper for EnterCriticalSection() to provide return value
-inline int win32_mutex_init(CRITICAL_SECTION* m)
-{
- EnterCriticalSection(m);
- return 0;
-}
-#define GSSEAP_MUTEX_INIT(m) win32_mutex_init((m))
+#define GSSEAP_GET_LAST_ERROR() (GetLastError())
+
+#define GSSEAP_MUTEX CRITICAL_SECTION
-
+#define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0)
#define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m))
#define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m))
#define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m))
- /* XXX yet to implement thread-local wrappers */
++/* Thread-local is handled separately */
+
+#define GSSEAP_THREAD_ONCE INIT_ONCE
+#define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i))
+#define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT
+
#else
+
#include <pthread.h>
-#define GSSEAP_MUTEX pthread_mutex_t
-#define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER
+#define GSSEAP_GET_LAST_ERROR() (errno)
-
+#define GSSEAP_MUTEX pthread_mutex_t
#define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL)
#define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m))
#define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m))
#ifdef GSSEAP_ENABLE_ACCEPTOR
#include "util_json.h"
#include "util_attr.h"
-#endif
#include "util_base64.h"
- #endif
++#endif /* GSSEAP_ENABLE_ACCEPTOR */
#ifdef GSSEAP_ENABLE_REAUTH
#include "util_reauth.h"
#endif
if (ctx->flags & CTX_FLAG_KRB_REAUTH) {
gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER);
} else
--#endif
++#endif /* GSSEAP_ENABLE_REAUTH */
if (CTX_IS_INITIATOR(ctx)) {
releaseInitiatorContext(&ctx->initiatorCtx);
- } else {
+ }
#ifdef GSSEAP_ENABLE_ACCEPTOR
+ else {
releaseAcceptorContext(&ctx->acceptorCtx);
-#endif
}
- #endif
++#endif /* GSSEAP_ENABLE_ACCEPTOR */
krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
#include "gssapiP_eap.h"
-#if defined(WIN32)
-/*This didn't work for me(Alexey) when Visual Studio 2005 Express is used: */
-#include <Shlobj.h>
-/*This didn't work for me(Kevin) when Visual Studio 2010 Express is used: */
-/*#include <ShFolder.h>*/
-
-#if !defined(snprintf)
-#define snprintf _snprintf
-#endif
-
+#ifdef WIN32
- #include <shlobj.h>
++# include <shlobj.h> /* may need to use ShFolder.h instead */
++# include <stdio.h>
#else
--#include <pwd.h>
++# include <pwd.h>
#endif
-#include <stdio.h> /* for BUFSIZ */
OM_uint32
gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred)
ccacheName = getenv("GSSEAP_IDENTITY");
if (ccacheName == NULL) {
-#if !defined(WIN32)
- if (getpwuid_r(getuid(), &pwd, pwbuf, sizeof(pwbuf), &pw) != 0 ||
- pw == NULL || pw->pw_dir == NULL) {
+#ifdef WIN32
+ TCHAR szPath[MAX_PATH];
+
+ if (!SUCCEEDED(SHGetFolderPath(NULL,
+ CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */
+ NULL, /* User access token */
- 0,
++ 0, /* SHGFP_TYPE_CURRENT */
+ szPath))) {
major = GSS_S_CRED_UNAVAIL;
- *minor = GetLastError();
- *minor = errno;
++ *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */
goto cleanup;
}
*minor = 0;
tld = gssEapGetThreadLocalData();
- if (tld)
- {
- *context = tld->context;
+ if (tld != NULL) {
+ *context = tld->krbContext;
if (*context == NULL) {
*minor = initKrbContext(context);
- if (*minor == 0) {
- tld->context = *context;
- }
+ if (*minor == 0)
+ tld->krbContext = *context;
}
}
-
return *minor == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE;
}
gssEapRadiusMapError(OM_uint32 *minor,
struct rs_error *err);
-////This really need to be a function call on Windows
++/* This really needs to be a function call on Windows */
#define RS_CONFIG_FILE SYSCONFDIR "/radsec.conf"
#define VENDORPEC_MS 311 /* RFC 2548 */
* SUCH DAMAGE.
*/
-/* Access all thread-local data through these methods which
- * use pthreads to manage thread-local memory on Unix and TlsFoo() on Windows.
- * This would be more flexible, scalable, and extensible
- * if implemented through a callback interface, but given that
- * there are currently only two 'clients', hard-coding seems more
- * straightforward
+/*
- * Thread local data abstraction.
++ * Thread local data abstraction, using pthreads on Unix and the TlsXXX
++ * APIs on Windows.
*/
+
#include "gssapiP_eap.h"
/* Clean up thread-local data; called on thread detach */
gssEapGetThreadLocalData()
{
struct gss_eap_thread_local_data *tld;
+
GSSEAP_ONCE(&tldKeyOnce, createThreadLocalDataKey);
+
tld = GSSEAP_GETSPECIFIC(tldKey);
- if (!tld)
- {
+ if (tld == NULL) {
tld = GSSEAP_CALLOC(1, sizeof(*tld));
+ if (tld == NULL)
+ return NULL;
+
GSSEAP_SETSPECIFIC(tldKey, tld);
}
+
return tld;
}
+
#endif /* WIN32 */