AC_DEFINE_UNQUOTED([HAVE_SHIBRESOLVER], 1, [Define is Shibboleth resolver is available])
fi
fi
-AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
])dnl
AC_DEFUN([AX_CHECK_OPENSAML],
AC_DEFINE_UNQUOTED([HAVE_OPENSAML], 1, [Define is OpenSAML is available])
fi
fi
-AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
])dnl
AC_DEFUN([AX_CHECK_RADSEC],
fi
AM_CONDITIONAL(GSSEAP_ENABLE_REAUTH, test "x$reauth" != "xno")
+acceptor=yes
+AC_ARG_ENABLE(acceptor,
+ [ --enable-acceptor whether to enable acceptor codepaths: yes/no; default yes ],
+ [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
+ acceptor=$enableval
+ else
+ echo "--enable-acceptor argument must be yes or no"
+ exit -1
+ fi
+ ])
+
+if test "x$acceptor" = "xyes" ; then
+ echo "acceptor enabled"
+ TARGET_CFLAGS="$TARGET_CFLAGS -DGSSEAP_ENABLE_ACCEPTOR"
+fi
+AM_CONDITIONAL(GSSEAP_ENABLE_ACCEPTOR, test "x$acceptor" != "xno")
+
AC_SUBST(TARGET_CFLAGS)
AC_SUBST(TARGET_LDFLAGS)
AX_CHECK_KRB5
-dnl AX_CHECK_EAP
AX_CHECK_OPENSAML
+AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
+
AX_CHECK_SHIBRESOLVER
+AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
if test x_$found_shibresolver = x_yes; then
AX_CHECK_SHIBSP
fi
-AX_CHECK_RADSEC
-AX_CHECK_JANSSON
+
+if test "x$acceptor" = "xyes" ; then
+ AX_CHECK_RADSEC
+ AX_CHECK_JANSSON
+fi
+
AX_CHECK_LIBMOONSHOT
AC_CONFIG_FILES([Makefile libeap/Makefile mech_eap/Makefile])
AC_OUTPUT
-I$(srcdir)/../libeap/src/utils \
-DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL
+if GSSEAP_ENABLE_ACCEPTOR
+GSSEAP_EXPORTS = mech_eap.exports
+else
+GSSEAP_EXPORTS = mech_eap-noacceptor.exports
+endif
+
gssdir = $(libdir)/gss
gss_LTLIBRARIES = mech_eap.la
@OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \
@TARGET_CFLAGS@ $(EAP_CFLAGS)
mech_eap_la_LDFLAGS = -avoid-version -module \
- -export-symbols mech_eap.exports -no-undefined \
+ -export-symbols $(GSSEAP_EXPORTS) -no-undefined \
@RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
@OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@
mech_eap_la_SOURCES = \
- accept_sec_context.c \
acquire_cred.c \
acquire_cred_with_password.c \
add_cred.c \
canonicalize_name.c \
compare_name.c \
context_time.c \
- delete_name_attribute.c \
delete_sec_context.c \
display_name.c \
display_name_ext.c \
duplicate_name.c \
eap_mech.c \
export_name.c \
- export_name_composite.c \
export_sec_context.c \
get_mic.c \
- get_name_attribute.c \
gsseap_err.c \
import_name.c \
import_sec_context.c \
inquire_cred_by_oid.c \
inquire_mech_for_saslname.c \
inquire_mechs_for_name.c \
- inquire_name.c \
inquire_names_for_mech.c \
inquire_saslname_for_mech.c \
inquire_sec_context_by_oid.c \
- map_name_to_any.c \
process_context_token.c \
pseudo_random.c \
radsec_err.c \
- release_any_name_mapping.c \
release_cred.c \
release_name.c \
release_oid.c \
- set_name_attribute.c \
set_cred_option.c \
set_sec_context_option.c \
store_cred.c \
unwrap.c \
unwrap_iov.c \
- util_attr.cpp \
util_base64.c \
util_buffer.c \
util_context.c \
util_cksum.c \
util_cred.c \
util_crypt.c \
- util_json.cpp \
util_krb.c \
util_lucid.c \
util_mech.c \
util_name.c \
util_oid.c \
util_ordering.c \
- util_radius.cpp \
util_sm.c \
util_token.c \
verify_mic.c \
wrap_iov_length.c \
wrap_size_limit.c
+if GSSEAP_ENABLE_ACCEPTOR
+
+mech_eap_la_SOURCES += \
+ accept_sec_context.c \
+ delete_name_attribute.c \
+ export_name_composite.c \
+ get_name_attribute.c \
+ map_name_to_any.c \
+ release_any_name_mapping.c \
+ set_name_attribute.c \
+ util_attr.cpp \
+ util_json.cpp \
+ util_radius.cpp
+
if OPENSAML
mech_eap_la_SOURCES += util_saml.cpp
endif
mech_eap_la_SOURCES += util_shib.cpp
endif
+endif
+
BUILT_SOURCES = gsseap_err.c radsec_err.c
if GSSEAP_ENABLE_REAUTH
mech_eap_la_SOURCES += util_reauth.c
-
-
if !HEIMDAL
krb5pluginsdir = $(libdir)/krb5/plugins/authdata
krb5plugins_LTLIBRARIES = radius_ad.la
static void
gssEapFinalize(void)
{
+#ifdef GSSEAP_ENABLE_ACCEPTOR
OM_uint32 minor;
gssEapAttrProvidersFinalize(&minor);
+#endif
eap_peer_unregister_methods();
}
#include "gssapiP_eap.h"
+#ifdef GSSEAP_ENABLE_ACCEPTOR
static OM_uint32
gssEapExportPartialContext(OM_uint32 *minor,
gss_ctx_id_t ctx,
return major;
}
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
OM_uint32
gssEapExportSecContext(OM_uint32 *minor,
goto cleanup;
}
+#ifdef GSSEAP_ENABLE_ACCEPTOR
/*
* The partial context is only transmitted for unestablished acceptor
* contexts.
if (GSS_ERROR(major))
goto cleanup;
}
+#endif
length = 16; /* version, state, flags, */
length += 4 + ctx->mechanismUsed->length; /* mechanismUsed */
OM_uint32 flags;
gss_OID mechanismUsed; /* this is immutable */
krb5_principal krbPrincipal; /* this is immutable */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
struct gss_eap_attr_ctx *attrCtx;
+#endif
};
#define CRED_FLAG_INITIATE 0x00010000
--- /dev/null
+gss_acquire_cred
+gss_add_cred
+gss_add_cred_with_password
+gss_canonicalize_name
+gss_compare_name
+gss_context_time
+gss_delete_sec_context
+gss_display_name
+gss_display_name_ext
+gss_display_status
+gss_duplicate_name
+gss_export_name
+gss_export_sec_context
+gss_get_mic
+gss_import_name
+gss_import_sec_context
+gss_indicate_mechs
+gss_init_sec_context
+gss_inquire_attrs_for_mech
+gss_inquire_context
+gss_inquire_cred
+gss_inquire_cred_by_mech
+gss_inquire_cred_by_oid
+gss_inquire_mechs_for_name
+gss_inquire_mech_for_saslname
+gss_inquire_name
+gss_inquire_names_for_mech
+gss_inquire_saslname_for_mech
+gss_inquire_sec_context_by_oid
+gss_process_context_token
+gss_pseudo_random
+gss_release_cred
+gss_release_name
+gss_internal_release_oid
+gss_set_sec_context_option
+gss_store_cred
+gss_unwrap
+gss_unwrap_iov
+gss_verify_mic
+gss_wrap
+gss_wrap_iov
+gss_wrap_iov_length
+gss_wrap_size_limit
+GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_NT_EAP_NAME
+GSS_EAP_CRED_SET_CRED_FLAG
+GSS_EAP_CRED_SET_CRED_PASSWORD
+GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE
+GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA
+gssspi_acquire_cred_with_password
+gssspi_authorize_localname
+gssspi_set_cred_option
gss_canonicalize_name
gss_compare_name
gss_context_time
+gss_delete_name_attribute
gss_delete_sec_context
gss_display_name
gss_display_name_ext
gss_inquire_cred_by_oid
gss_inquire_mechs_for_name
gss_inquire_mech_for_saslname
-gss_inquire_name
gss_inquire_names_for_mech
gss_inquire_saslname_for_mech
gss_inquire_sec_context_by_oid
eap_peer_sm_deinit(ctx->eap);
}
+#ifdef GSSEAP_ENABLE_ACCEPTOR
static void
releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
{
if (ctx->vps != NULL)
gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
}
+#endif
OM_uint32
gssEapReleaseContext(OM_uint32 *minor,
#endif
if (CTX_IS_INITIATOR(ctx)) {
releaseInitiatorContext(&ctx->initiatorCtx);
- } else {
+ }
+#ifdef GSSEAP_ENABLE_ACCEPTOR
+ else {
releaseAcceptorContext(&ctx->acceptorCtx);
}
+#endif
krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
krb5_free_principal(krbContext, name->krbPrincipal);
gssEapReleaseOid(&tmpMinor, &name->mechanismUsed);
+#ifdef GSSEAP_ENABLE_ACCEPTOR
gssEapReleaseAttrContext(&tmpMinor, name);
+#endif
GSSEAP_MUTEX_DESTROY(&name->mutex);
GSSEAP_FREE(name);
name->mechanismUsed = mechanismUsed;
mechanismUsed = GSS_C_NO_OID;
+#ifdef GSSEAP_ENABLE_ACCEPTOR
if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
gss_buffer_desc buf;
if (GSS_ERROR(major))
goto cleanup;
}
+#endif
major = GSS_S_COMPLETE;
*minor = 0;
exportedNameLen += 6 + mech->length;
}
exportedNameLen += 4 + nameBuf.length;
+#ifdef GSSEAP_ENABLE_ACCEPTOR
if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
major = gssEapExportAttrContext(minor, name, &attrs);
if (GSS_ERROR(major))
goto cleanup;
exportedNameLen += attrs.length;
}
+#endif
exportedName->value = GSSEAP_MALLOC(exportedNameLen);
if (exportedName->value == NULL) {
goto cleanup;
}
+#ifdef GSSEAP_ENABLE_ACCEPTOR
if (input_name->attrCtx != NULL) {
major = gssEapDuplicateAttrContext(minor, input_name, name);
if (GSS_ERROR(major))
goto cleanup;
}
+#endif
*dest_name = name;