Luke Howard [Wed, 14 Sep 2011 06:11:37 +0000 (16:11 +1000)]
Merge branch 'windows'
Conflicts:
moonshot/configure.ac
moonshot/mech_eap/Makefile.am
moonshot/mech_eap/accept_sec_context.c
moonshot/mech_eap/acquire_cred.c
moonshot/mech_eap/add_cred.c
moonshot/mech_eap/add_cred_with_password.c
moonshot/mech_eap/canonicalize_name.c
moonshot/mech_eap/compare_name.c
moonshot/mech_eap/context_time.c
moonshot/mech_eap/delete_name_attribute.c
moonshot/mech_eap/delete_sec_context.c
moonshot/mech_eap/display_name.c
moonshot/mech_eap/display_name_ext.c
moonshot/mech_eap/display_status.c
moonshot/mech_eap/duplicate_name.c
moonshot/mech_eap/eap_mech.c
moonshot/mech_eap/export_name.c
moonshot/mech_eap/export_name_composite.c
moonshot/mech_eap/export_sec_context.c
moonshot/mech_eap/get_mic.c
moonshot/mech_eap/get_name_attribute.c
moonshot/mech_eap/gssapiP_eap.h
moonshot/mech_eap/import_name.c
moonshot/mech_eap/import_sec_context.c
moonshot/mech_eap/indicate_mechs.c
moonshot/mech_eap/init_sec_context.c
moonshot/mech_eap/inquire_attrs_for_mech.c
moonshot/mech_eap/inquire_context.c
moonshot/mech_eap/inquire_cred.c
moonshot/mech_eap/inquire_cred_by_oid.c
moonshot/mech_eap/inquire_mech_for_saslname.c
moonshot/mech_eap/inquire_mechs_for_name.c
moonshot/mech_eap/inquire_name.c
moonshot/mech_eap/inquire_names_for_mech.c
moonshot/mech_eap/inquire_saslname_for_mech.c
moonshot/mech_eap/inquire_sec_context_by_oid.c
moonshot/mech_eap/map_name_to_any.c
moonshot/mech_eap/process_context_token.c
moonshot/mech_eap/pseudo_random.c
moonshot/mech_eap/release_any_name_mapping.c
moonshot/mech_eap/release_cred.c
moonshot/mech_eap/release_name.c
moonshot/mech_eap/set_name_attribute.c
moonshot/mech_eap/set_sec_context_option.c
moonshot/mech_eap/store_cred.c
moonshot/mech_eap/unwrap.c
moonshot/mech_eap/unwrap_iov.c
moonshot/mech_eap/util.h
moonshot/mech_eap/util_context.c
moonshot/mech_eap/util_cred.c
moonshot/mech_eap/util_krb.c
moonshot/mech_eap/util_name.c
moonshot/mech_eap/util_tld.c
moonshot/mech_eap/verify_mic.c
moonshot/mech_eap/wrap.c
moonshot/mech_eap/wrap_iov.c
moonshot/mech_eap/wrap_iov_length.c
moonshot/mech_eap/wrap_size_limit.c
Luke Howard [Wed, 14 Sep 2011 05:16:24 +0000 (15:16 +1000)]
implement gssEapSetCredService
Luke Howard [Tue, 13 Sep 2011 07:16:39 +0000 (17:16 +1000)]
avoid too many reallocs when parsing tokens
Luke Howard [Tue, 13 Sep 2011 07:01:56 +0000 (17:01 +1000)]
restore inquire_name, regressed in earlier commit
Luke Howard [Tue, 13 Sep 2011 06:39:22 +0000 (16:39 +1000)]
separate gss_display_status into inner/outer APIs
Luke Howard [Tue, 13 Sep 2011 06:37:15 +0000 (16:37 +1000)]
no vasprintf() on Win32
Luke Howard [Tue, 13 Sep 2011 06:28:51 +0000 (16:28 +1000)]
call eap_mech constructors from DllMain
Luke Howard [Tue, 13 Sep 2011 06:27:28 +0000 (16:27 +1000)]
fix signedness on krb5_data data member
(at least for MIT)
Luke Howard [Tue, 13 Sep 2011 05:29:19 +0000 (15:29 +1000)]
add GET_LAST_ERROR macro
Luke Howard [Tue, 13 Sep 2011 05:08:02 +0000 (15:08 +1000)]
cast to match signedness
Luke Howard [Tue, 13 Sep 2011 05:11:51 +0000 (15:11 +1000)]
cast void * to unsigned char * for Heimdal compat
Luke Howard [Tue, 13 Sep 2011 05:22:38 +0000 (15:22 +1000)]
more build fixes for Windows
Luke Howard [Tue, 13 Sep 2011 05:14:27 +0000 (15:14 +1000)]
merge static credentials file locator from windows branch
Luke Howard [Tue, 13 Sep 2011 05:02:41 +0000 (15:02 +1000)]
Merge TLD code from Windows port, after cleanup
Luke Howard [Tue, 13 Sep 2011 04:16:17 +0000 (14:16 +1000)]
build without RADIUS-related headers if no acceptor
Luke Howard [Mon, 12 Sep 2011 22:42:07 +0000 (08:42 +1000)]
make it possible to build without acceptor
Luke Howard [Mon, 12 Sep 2011 12:07:17 +0000 (22:07 +1000)]
make possible build without OpenSAML and/or Shib
Luke Howard [Mon, 12 Sep 2011 03:32:34 +0000 (13:32 +1000)]
merge a few Win32 build fixes
Luke Howard [Sat, 10 Sep 2011 21:30:35 +0000 (22:30 +0100)]
separate {init,accept}_sec_context into gss_/gssEap pattern
Luke Howard [Sat, 10 Sep 2011 19:12:08 +0000 (20:12 +0100)]
add GSS_EAP_CRED_SET_CRED_PASSWORD cred option
Luke Howard [Sat, 10 Sep 2011 17:49:27 +0000 (18:49 +0100)]
add GSSEAP_CONSTRUCTOR/DESTRUCTOR macro
Luke Howard [Sat, 10 Sep 2011 17:45:48 +0000 (18:45 +0100)]
use GSSAPI_CALLCONV for exported SPIs
Luke Howard [Sat, 10 Sep 2011 09:31:20 +0000 (10:31 +0100)]
update TODO
Luke Howard [Fri, 9 Sep 2011 22:51:04 +0000 (23:51 +0100)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Luke Howard [Fri, 9 Sep 2011 22:44:04 +0000 (23:44 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Wed, 7 Sep 2011 13:33:19 +0000 (14:33 +0100)]
support for libmoonshot identity selector
Luke Howard [Fri, 9 Sep 2011 21:17:56 +0000 (22:17 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Fri, 9 Sep 2011 21:16:45 +0000 (22:16 +0100)]
remove unused toktype2 variable
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Fri, 9 Sep 2011 21:14:19 +0000 (22:14 +0100)]
remove unused EAP state machine variable
Luke Howard [Fri, 9 Sep 2011 21:12:48 +0000 (22:12 +0100)]
Check error return from vasprintf: string is undefined on error
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Tue, 6 Sep 2011 10:23:56 +0000 (11:23 +0100)]
Update assert to reflect protected subtoken length
Luke Howard [Sat, 16 Jul 2011 11:59:31 +0000 (11:59 +0000)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Conflicts:
moonshot/mech_eap/util_context.c
Luke Howard [Sat, 16 Jul 2011 11:56:54 +0000 (11:56 +0000)]
integrity protect subtoken length
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Sat, 16 Jul 2011 11:46:34 +0000 (11:46 +0000)]
remove getFeatures() hack when initialising Shib
Shibboleth now supports multiple initializations
Sam Hartman [Fri, 1 Jul 2011 10:46:41 +0000 (06:46 -0400)]
test use = not == for string compare
Sam Hartman [Fri, 1 Jul 2011 10:46:23 +0000 (06:46 -0400)]
Depend on libtool 2.4 so Windows build works
Kevin Wasserman [Thu, 30 Jun 2011 16:15:46 +0000 (12:15 -0400)]
Changes to Autoconf/Automake configuration files for windows port.
Added AX_CHECK_WINDOWS macro to specify TARGET_WINDOWS when windows.h exists.
Special handling for krb5: hard-code include and lib paths relative
to the --with-krb5 directory.
Add -Zi compile flag and -debug link flags on windows;
remove -Werror -Wall -Wunused-paramater; I should find and add msvc equivalents
use -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO instead of myriad -DEAP_FOO.
Kevin Wasserman [Thu, 30 Jun 2011 15:27:10 +0000 (11:27 -0400)]
va_copy() fix for vasprintf
memcpy, not memcmp; but don't even bother since assignment is sufficient.
Added comment explaining usage of va_copy and the extremely unlikely
scenario that could cause this code to fail.
Kevin Wasserman [Thu, 30 Jun 2011 13:48:10 +0000 (09:48 -0400)]
Consolidate thread-local data.
Also add windows versions of MUTEX macros.
Together, these changes eliminate dependency on pthread for windows and
centralize the platform-specific code to deal with thread-local storage.
Kevin Wasserman [Tue, 28 Jun 2011 18:32:42 +0000 (14:32 -0400)]
Add #include <includes.h> to gssapiP_eap.h.
Kevin Wasserman [Tue, 28 Jun 2011 18:30:01 +0000 (14:30 -0400)]
for VS2010, need to include Shlobj.h instead of ShFolder.h
Kevin Wasserman [Tue, 28 Jun 2011 18:28:13 +0000 (14:28 -0400)]
Fix unreferenced parameter warnings.
...in the functions in inquire_cred_by_oid.c and set_sec_context_option.c
that used to throw zero-sized array errors under msvc
Kevin Wasserman [Tue, 28 Jun 2011 18:06:45 +0000 (14:06 -0400)]
call gssEapInquireName() only when --enable-acceptor=yes
Kevin Wasserman [Tue, 28 Jun 2011 18:04:50 +0000 (14:04 -0400)]
Only call gssEapMapNameToAny()/gssEapReleaseAnyNameMapping() when --enable-acceptor=yes.
Kevin Wasserman [Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)]
Don't check IS_RADIUS_ERROR() unless --enable-acceptor=yes.
Eliminates radius dependency from windows port.
Kevin Wasserman [Tue, 28 Jun 2011 17:07:27 +0000 (13:07 -0400)]
Added vasprintf.c
For systems (e.g. windows) lacking native vasprintf. Cribbed from krb5 with minor modification.
Kevin Wasserman [Tue, 28 Jun 2011 16:55:11 +0000 (12:55 -0400)]
remove unnecessary win32/config.h and win32/et/come_err.h
Kevin Wasserman [Tue, 21 Jun 2011 14:00:06 +0000 (10:00 -0400)]
Other Windows changes and debug comments
This patch is fixing remaining compilation errors. It also emphasizes
other things that need fixing on Windows.
Kevin Wasserman [Tue, 21 Jun 2011 13:25:31 +0000 (09:25 -0400)]
Define __attribute__ macro as nothing on Windows
__attribute__((constructor)), __attribute__((destructor)) and
__attribute__((unused)) are now expanded to nothing on Windows,
so that the code can compile
Alexey Melnikov [Mon, 13 Jun 2011 17:41:10 +0000 (18:41 +0100)]
Windows VC doesn't like empty arrays
This causes compilation error, so the code is ifdefed out on Windows
Alexey Melnikov [Mon, 13 Jun 2011 17:41:02 +0000 (18:41 +0100)]
Use SHGetFolderPath(APPDATA) on Windows to correctly find out location of the config file
Alexey Melnikov [Mon, 13 Jun 2011 17:40:54 +0000 (18:40 +0100)]
Fixed an incorrect call to gssEapWrapOrGetMIC in gss_delete_sec_context()
The 4th parameter is a pointer to int and not an int. This was reported
as a warning by VC on Windows.
Alexey Melnikov [Mon, 13 Jun 2011 17:40:47 +0000 (18:40 +0100)]
Fixed calling convention for functions exported from gssapi.h
On Windows all functions exported from gssapi.h have KRB5_CALLCONV
calling convention. This is needed in order to compile correctly on Windows.
Kevin Wasserman [Mon, 20 Jun 2011 23:42:14 +0000 (19:42 -0400)]
Changes testing for WIN32 to HAVE_*_H macros, changed how inline is defined on Windows
Also added the Windows version of config.h and a copy of et/com_err.h
(from Linux) to be used by files generated with compile_et.
DO NOT COMMIT
Alexey Melnikov [Fri, 10 Jun 2011 11:46:59 +0000 (12:46 +0100)]
Some initial Windows portability fixes in include files
Kevin Wasserman [Mon, 20 Jun 2011 20:11:05 +0000 (16:11 -0400)]
Mixed changes to configure.ac
some good, some bad
Kevin Wasserman [Wed, 15 Jun 2011 15:13:05 +0000 (11:13 -0400)]
Conditionalized Acceptor codepaths and modules.
Acceptor code is enabled by default; use configure --enable-acceptor=no to disable.
When disabled, Acceptor functions are stubbed out and return GSS_S_UNAVAILABLE.
util_attr,util_json,util_radius,util_saml are removed to eliminate dependencies on saml, radius, shibboleth, and json.
Kevin Wasserman [Tue, 14 Jun 2011 13:26:14 +0000 (09:26 -0400)]
Explicitly include stdio.h in util_cred.c
stdio.h is required for BUFSIZ. It is implicitly included by gssapiP_eap.h via freeradius but that dependency will be removed for windows.
Kevin Wasserman [Mon, 13 Jun 2011 20:23:26 +0000 (16:23 -0400)]
move AC_GNU_SOURCE before its use, add AC_USE_SYSTEM_EXTENSIONS to fix warnings, and add MAINTAINER_MODE support
Kevin Wasserman [Fri, 10 Jun 2011 20:52:46 +0000 (16:52 -0400)]
Fix mech_eap_la_LDFLAGS to use $(srcdir) for mech_eap.exports
Luke Howard [Sat, 11 Jun 2011 20:24:56 +0000 (20:24 +0000)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Sat, 11 Jun 2011 20:23:57 +0000 (20:23 +0000)]
update TODO list
Luke Howard [Mon, 23 May 2011 20:18:48 +0000 (16:18 -0400)]
ScopedAttribute/SimpleAttribute are displayable
Luke Howard [Mon, 23 May 2011 17:48:36 +0000 (13:48 -0400)]
support BinaryAttribute subclasses
Luke Howard [Mon, 23 May 2011 15:05:30 +0000 (11:05 -0400)]
Upgrade Shibboleth for binary attribute support
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Fri, 20 May 2011 11:08:42 +0000 (13:08 +0200)]
Revert "implement gss_acquire_cred_ext"
This reverts commit
57135a1070518a0c1228a29ed9fcf726357856a1.
Luke Howard [Fri, 20 May 2011 11:08:34 +0000 (13:08 +0200)]
Revert "remove acquire_cred_ext until it is standardized"
This reverts commit
0620dfff7eeebfec8279f4a7ee8e60e75161a856.
Luke Howard [Fri, 20 May 2011 08:04:22 +0000 (10:04 +0200)]
reauth-specific hack should be conditional on reauth being enabled
Luke Howard [Fri, 20 May 2011 07:52:45 +0000 (09:52 +0200)]
remove acquire_cred_ext until it is standardized
Luke Howard [Thu, 19 May 2011 14:11:06 +0000 (16:11 +0200)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Thu, 19 May 2011 14:09:27 +0000 (16:09 +0200)]
update TODO
moonshot [Mon, 4 Apr 2011 18:47:27 +0000 (14:47 -0400)]
hack: force mutual to be true
Force mutual to be true for the vm-integ brach so ssh works
Luke Howard [Mon, 16 May 2011 22:49:11 +0000 (00:49 +0200)]
fool gssapi symbol tests into working with Heimdal and MIT
Luke Howard [Mon, 16 May 2011 22:46:40 +0000 (00:46 +0200)]
move gss_const_OID compat to gssapiP_eap.h
Luke Howard [Mon, 16 May 2011 13:49:02 +0000 (15:49 +0200)]
don't set display_value for binary RADIUS attributes
Luke Howard [Mon, 16 May 2011 12:26:44 +0000 (14:26 +0200)]
update with location of samba patches
Luke Howard [Mon, 16 May 2011 11:44:37 +0000 (13:44 +0200)]
update README
Luke Howard [Mon, 16 May 2011 08:58:53 +0000 (10:58 +0200)]
Add readme for Samba
Luke Howard [Mon, 16 May 2011 08:20:34 +0000 (10:20 +0200)]
cleanup getFragmentedAttribute
Luke Howard [Mon, 16 May 2011 08:05:20 +0000 (10:05 +0200)]
catch exceptions initialising Shibboleth
Luke Howard [Mon, 16 May 2011 07:59:03 +0000 (09:59 +0200)]
remove attempt to autdetect base64, it's broken
instead, put a special hack for urn:mspac: until Shibboleth is fixed
Luke Howard [Mon, 16 May 2011 07:56:46 +0000 (09:56 +0200)]
allow newlines in base64Valid check
Luke Howard [Mon, 16 May 2011 07:48:43 +0000 (09:48 +0200)]
note that treating all base64 values as binary is bad
Luke Howard [Sun, 15 May 2011 23:17:20 +0000 (01:17 +0200)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Sun, 15 May 2011 23:16:41 +0000 (01:16 +0200)]
allow binary resolved attributes
Luke Howard [Sun, 15 May 2011 23:15:03 +0000 (01:15 +0200)]
Treat non-internal UKERNA attributes as fragmented, for PAC
Luke Howard [Sun, 15 May 2011 23:10:20 +0000 (01:10 +0200)]
always set complete for local attributes
Luke Howard [Sun, 15 May 2011 23:03:46 +0000 (01:03 +0200)]
add MS-Windows-Auth-Data attribute
Luke Howard [Sun, 15 May 2011 22:52:02 +0000 (00:52 +0200)]
ignore embedded newlines in base64
Luke Howard [Sat, 14 May 2011 23:18:02 +0000 (01:18 +0200)]
implement gss_acquire_cred_ext
Luke Howard [Sat, 14 May 2011 14:01:04 +0000 (16:01 +0200)]
implement gss_inquire_cred_by_mech
Luke Howard [Thu, 12 May 2011 21:24:45 +0000 (23:24 +0200)]
allow pCtx to be NULL for Heimdal compat
Luke Howard [Thu, 12 May 2011 21:05:06 +0000 (23:05 +0200)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Conflicts:
moonshot/mech_eap/util_saml.cpp
Luke Howard [Thu, 12 May 2011 20:33:22 +0000 (22:33 +0200)]
don't release mech OID on Heimdal