make it possible to build without acceptor

diff --git a/acinclude.m4 b/acinclude.m4
index c1c2224..8ecdd9c 100644 (file)
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -188,7 +188,6 @@ else
        AC_DEFINE_UNQUOTED([HAVE_SHIBRESOLVER], 1, [Define is Shibboleth resolver is available])
 fi
 fi
-AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
 ])dnl
 
 AC_DEFUN([AX_CHECK_OPENSAML],
@@ -232,7 +231,6 @@ else
        AC_DEFINE_UNQUOTED([HAVE_OPENSAML], 1, [Define is OpenSAML is available])
 fi
 fi
-AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
 ])dnl
 
 AC_DEFUN([AX_CHECK_RADSEC],

diff --git a/configure.ac b/configure.ac
index 957a5bf..b70e29e 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -47,17 +47,40 @@ if test "x$reauth" = "xyes" ; then
 fi
 AM_CONDITIONAL(GSSEAP_ENABLE_REAUTH, test "x$reauth" != "xno")
 
+acceptor=yes
+AC_ARG_ENABLE(acceptor,
+  [  --enable-acceptor whether to enable acceptor codepaths: yes/no; default yes ],
+  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
+      acceptor=$enableval
+    else
+      echo "--enable-acceptor argument must be yes or no"
+      exit -1
+    fi
+  ])
+
+if test "x$acceptor" = "xyes" ; then
+  echo "acceptor enabled"
+  TARGET_CFLAGS="$TARGET_CFLAGS -DGSSEAP_ENABLE_ACCEPTOR"
+fi
+AM_CONDITIONAL(GSSEAP_ENABLE_ACCEPTOR, test "x$acceptor" != "xno")
+
 AC_SUBST(TARGET_CFLAGS)
 AC_SUBST(TARGET_LDFLAGS)
 AX_CHECK_KRB5
-dnl AX_CHECK_EAP
 AX_CHECK_OPENSAML
+AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
+
 AX_CHECK_SHIBRESOLVER
+AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
 if test x_$found_shibresolver = x_yes; then
   AX_CHECK_SHIBSP
 fi
-AX_CHECK_RADSEC
-AX_CHECK_JANSSON
+
+if test "x$acceptor" = "xyes" ; then
+  AX_CHECK_RADSEC
+  AX_CHECK_JANSSON
+fi
+
 AX_CHECK_LIBMOONSHOT
 AC_CONFIG_FILES([Makefile libeap/Makefile mech_eap/Makefile])
 AC_OUTPUT

diff --git a/mech_eap/Makefile.am b/mech_eap/Makefile.am
index b3a951d..0214ca0 100644 (file)
--- a/mech_eap/Makefile.am
+++ b/mech_eap/Makefile.am
@@ -7,6 +7,12 @@ EAP_CFLAGS = -I$(srcdir)/../libeap/src -I$(srcdir)/../libeap/src/common -I$(srcd
        -I$(srcdir)/../libeap/src/utils \
        -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL
 
+if GSSEAP_ENABLE_ACCEPTOR
+GSSEAP_EXPORTS = mech_eap.exports
+else
+GSSEAP_EXPORTS = mech_eap-noacceptor.exports
+endif
+
 gssdir = $(libdir)/gss
 gss_LTLIBRARIES = mech_eap.la
 
@@ -18,13 +24,12 @@ mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter \
                        @OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \
                        @TARGET_CFLAGS@ $(EAP_CFLAGS)
 mech_eap_la_LDFLAGS  = -avoid-version -module \
-                       -export-symbols mech_eap.exports -no-undefined \
+                       -export-symbols $(GSSEAP_EXPORTS) -no-undefined \
                        @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
 mech_eap_la_LIBADD   = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
                       @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@
 
 mech_eap_la_SOURCES =                          \
-       accept_sec_context.c                    \
        acquire_cred.c                          \
        acquire_cred_with_password.c            \
        add_cred.c                              \
@@ -33,7 +38,6 @@ mech_eap_la_SOURCES =                         \
        canonicalize_name.c                     \
        compare_name.c                          \
        context_time.c                          \
-       delete_name_attribute.c                 \
        delete_sec_context.c                    \
        display_name.c                          \
        display_name_ext.c                      \
@@ -41,10 +45,8 @@ mech_eap_la_SOURCES =                        \
        duplicate_name.c                        \
        eap_mech.c                              \
        export_name.c                           \
-       export_name_composite.c                 \
        export_sec_context.c                    \
        get_mic.c                               \
-       get_name_attribute.c                    \
        gsseap_err.c                            \
        import_name.c                           \
        import_sec_context.c                    \
@@ -57,32 +59,26 @@ mech_eap_la_SOURCES =                       \
        inquire_cred_by_oid.c                   \
        inquire_mech_for_saslname.c             \
        inquire_mechs_for_name.c                \
-       inquire_name.c                          \
        inquire_names_for_mech.c                \
        inquire_saslname_for_mech.c             \
        inquire_sec_context_by_oid.c            \
-       map_name_to_any.c                       \
        process_context_token.c                 \
        pseudo_random.c                         \
        radsec_err.c                            \
-       release_any_name_mapping.c              \
        release_cred.c                          \
        release_name.c                          \
        release_oid.c                           \
-       set_name_attribute.c                    \
        set_cred_option.c                       \
        set_sec_context_option.c                \
        store_cred.c                            \
        unwrap.c                                \
        unwrap_iov.c                            \
-       util_attr.cpp                           \
        util_base64.c                           \
        util_buffer.c                           \
        util_context.c                          \
        util_cksum.c                            \
        util_cred.c                             \
        util_crypt.c                            \
-       util_json.cpp                           \
        util_krb.c                              \
        util_lucid.c                            \
        util_mech.c                             \
@@ -90,7 +86,6 @@ mech_eap_la_SOURCES =                         \
        util_name.c                             \
        util_oid.c                              \
        util_ordering.c                         \
-       util_radius.cpp                         \
        util_sm.c                               \
        util_token.c                            \
        verify_mic.c                            \
@@ -99,6 +94,20 @@ mech_eap_la_SOURCES =                        \
        wrap_iov_length.c                       \
        wrap_size_limit.c
 
+if GSSEAP_ENABLE_ACCEPTOR
+
+mech_eap_la_SOURCES +=                         \
+       accept_sec_context.c                    \
+       delete_name_attribute.c                 \
+       export_name_composite.c                 \
+       get_name_attribute.c                    \
+       map_name_to_any.c                       \
+       release_any_name_mapping.c              \
+       set_name_attribute.c                    \
+       util_attr.cpp                           \
+       util_json.cpp                           \
+       util_radius.cpp
+
 if OPENSAML
 mech_eap_la_SOURCES += util_saml.cpp
 endif
@@ -107,13 +116,13 @@ if SHIBRESOLVER
 mech_eap_la_SOURCES += util_shib.cpp
 endif
 
+endif
+
 BUILT_SOURCES = gsseap_err.c radsec_err.c
 
 if GSSEAP_ENABLE_REAUTH
 mech_eap_la_SOURCES += util_reauth.c
 
-
-
 if !HEIMDAL
 krb5pluginsdir = $(libdir)/krb5/plugins/authdata
 krb5plugins_LTLIBRARIES = radius_ad.la

diff --git a/mech_eap/eap_mech.c b/mech_eap/eap_mech.c
index 995a8ee..630dd0e 100644 (file)
--- a/mech_eap/eap_mech.c
+++ b/mech_eap/eap_mech.c
@@ -191,8 +191,10 @@ gssEapInitiatorInit(void)
 static void
 gssEapFinalize(void)
 {
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     OM_uint32 minor;
 
     gssEapAttrProvidersFinalize(&minor);
+#endif
     eap_peer_unregister_methods();
 }

diff --git a/mech_eap/export_sec_context.c b/mech_eap/export_sec_context.c
index 8695bf6..5f89903 100644 (file)
--- a/mech_eap/export_sec_context.c
+++ b/mech_eap/export_sec_context.c
@@ -37,6 +37,7 @@
 
 #include "gssapiP_eap.h"
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
 static OM_uint32
 gssEapExportPartialContext(OM_uint32 *minor,
                            gss_ctx_id_t ctx,
@@ -98,6 +99,7 @@ cleanup:
 
     return major;
 }
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
 
 OM_uint32
 gssEapExportSecContext(OM_uint32 *minor,
@@ -137,6 +139,7 @@ gssEapExportSecContext(OM_uint32 *minor,
             goto cleanup;
     }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     /*
      * The partial context is only transmitted for unestablished acceptor
      * contexts.
@@ -147,6 +150,7 @@ gssEapExportSecContext(OM_uint32 *minor,
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     length  = 16;                               /* version, state, flags, */
     length += 4 + ctx->mechanismUsed->length;   /* mechanismUsed */

diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h
index 4eaa664..fcd4bab 100644 (file)
--- a/mech_eap/gssapiP_eap.h
+++ b/mech_eap/gssapiP_eap.h
@@ -122,7 +122,9 @@ struct gss_name_struct
     OM_uint32 flags;
     gss_OID mechanismUsed; /* this is immutable */
     krb5_principal krbPrincipal; /* this is immutable */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     struct gss_eap_attr_ctx *attrCtx;
+#endif
 };
 
 #define CRED_FLAG_INITIATE                  0x00010000

diff --git a/mech_eap/mech_eap-noacceptor.exports b/mech_eap/mech_eap-noacceptor.exports
new file mode 100644 (file)
index 0000000..ee2bdd0
--- /dev/null
+++ b/mech_eap/mech_eap-noacceptor.exports
@@ -0,0 +1,53 @@
+gss_acquire_cred
+gss_add_cred
+gss_add_cred_with_password
+gss_canonicalize_name
+gss_compare_name
+gss_context_time
+gss_delete_sec_context
+gss_display_name
+gss_display_name_ext
+gss_display_status
+gss_duplicate_name
+gss_export_name
+gss_export_sec_context
+gss_get_mic
+gss_import_name
+gss_import_sec_context
+gss_indicate_mechs
+gss_init_sec_context
+gss_inquire_attrs_for_mech
+gss_inquire_context
+gss_inquire_cred
+gss_inquire_cred_by_mech
+gss_inquire_cred_by_oid
+gss_inquire_mechs_for_name
+gss_inquire_mech_for_saslname
+gss_inquire_name
+gss_inquire_names_for_mech
+gss_inquire_saslname_for_mech
+gss_inquire_sec_context_by_oid
+gss_process_context_token
+gss_pseudo_random
+gss_release_cred
+gss_release_name
+gss_internal_release_oid
+gss_set_sec_context_option
+gss_store_cred
+gss_unwrap
+gss_unwrap_iov
+gss_verify_mic
+gss_wrap
+gss_wrap_iov
+gss_wrap_iov_length
+gss_wrap_size_limit
+GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_NT_EAP_NAME
+GSS_EAP_CRED_SET_CRED_FLAG
+GSS_EAP_CRED_SET_CRED_PASSWORD
+GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE
+GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA
+gssspi_acquire_cred_with_password
+gssspi_authorize_localname
+gssspi_set_cred_option

diff --git a/mech_eap/mech_eap.exports b/mech_eap/mech_eap.exports
index 34a26bf..954bbbd 100644 (file)
--- a/mech_eap/mech_eap.exports
+++ b/mech_eap/mech_eap.exports
@@ -5,6 +5,7 @@ gss_add_cred_with_password
 gss_canonicalize_name
 gss_compare_name
 gss_context_time
+gss_delete_name_attribute
 gss_delete_sec_context
 gss_display_name
 gss_display_name_ext
@@ -26,7 +27,6 @@ gss_inquire_cred_by_mech
 gss_inquire_cred_by_oid
 gss_inquire_mechs_for_name
 gss_inquire_mech_for_saslname
-gss_inquire_name
 gss_inquire_names_for_mech
 gss_inquire_saslname_for_mech
 gss_inquire_sec_context_by_oid

diff --git a/mech_eap/util_context.c b/mech_eap/util_context.c
index 32ca195..80324bf 100644 (file)
--- a/mech_eap/util_context.c
+++ b/mech_eap/util_context.c
@@ -84,6 +84,7 @@ releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
     eap_peer_sm_deinit(ctx->eap);
 }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
 static void
 releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
 {
@@ -99,6 +100,7 @@ releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
     if (ctx->vps != NULL)
         gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
 }
+#endif
 
 OM_uint32
 gssEapReleaseContext(OM_uint32 *minor,
@@ -121,9 +123,12 @@ gssEapReleaseContext(OM_uint32 *minor,
 #endif
     if (CTX_IS_INITIATOR(ctx)) {
         releaseInitiatorContext(&ctx->initiatorCtx);
-    } else {
+    }
+#ifdef GSSEAP_ENABLE_ACCEPTOR
+    else {
         releaseAcceptorContext(&ctx->acceptorCtx);
     }
+#endif
 
     krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);

diff --git a/mech_eap/util_name.c b/mech_eap/util_name.c
index fbd4b8a..e20dffd 100644 (file)
--- a/mech_eap/util_name.c
+++ b/mech_eap/util_name.c
@@ -113,7 +113,9 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName)
     krb5_free_principal(krbContext, name->krbPrincipal);
     gssEapReleaseOid(&tmpMinor, &name->mechanismUsed);
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     gssEapReleaseAttrContext(&tmpMinor, name);
+#endif
 
     GSSEAP_MUTEX_DESTROY(&name->mutex);
     GSSEAP_FREE(name);
@@ -426,6 +428,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
     name->mechanismUsed = mechanismUsed;
     mechanismUsed = GSS_C_NO_OID;
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
         gss_buffer_desc buf;
 
@@ -436,6 +439,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     major = GSS_S_COMPLETE;
     *minor = 0;
@@ -565,12 +569,14 @@ gssEapExportNameInternal(OM_uint32 *minor,
         exportedNameLen += 6 + mech->length;
     }
     exportedNameLen += 4 + nameBuf.length;
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
         major = gssEapExportAttrContext(minor, name, &attrs);
         if (GSS_ERROR(major))
             goto cleanup;
         exportedNameLen += attrs.length;
     }
+#endif
 
     exportedName->value = GSSEAP_MALLOC(exportedNameLen);
     if (exportedName->value == NULL) {
@@ -670,11 +676,13 @@ gssEapCanonicalizeName(OM_uint32 *minor,
         goto cleanup;
     }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (input_name->attrCtx != NULL) {
         major = gssEapDuplicateAttrContext(minor, input_name, name);
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     *dest_name = name;