Sam hartman [Fri, 26 Apr 2013 21:26:29 +0000 (22:26 +0100)]
Update spec for mech_eap
Luke Howard [Thu, 18 Apr 2013 22:55:24 +0000 (18:55 -0400)]
fix build without OpenSAML
Luke Howard [Thu, 18 Apr 2013 22:45:10 +0000 (18:45 -0400)]
Reindent
Luke Howard [Thu, 18 Apr 2013 22:41:59 +0000 (18:41 -0400)]
Reindent
Sam Hartman [Thu, 4 Apr 2013 16:25:17 +0000 (12:25 -0400)]
textual identities to UI
The call to moonshot_get_identity included exported name tokens; the
interface expected C strings. Use gssEapDisplayName instead.
Sam Hartman [Thu, 20 Sep 2012 00:26:58 +0000 (20:26 -0400)]
Clarify where else comes from for code clarity
Luke Howard [Thu, 13 Dec 2012 19:14:15 +0000 (20:14 +0100)]
krb5_free_unparsed_name deprecated by Heimdal
use krb5_xfree
Luke Howard [Thu, 13 Dec 2012 19:09:42 +0000 (20:09 +0100)]
krb5_free_data_contents deprecated by Heimdal
Use krb5_data_free instead
Luke Howard [Thu, 13 Dec 2012 02:27:39 +0000 (13:27 +1100)]
indentation fix
Sam Hartman [Fri, 16 Nov 2012 02:38:27 +0000 (21:38 -0500)]
Return WRONG_ACCEPTOR_NAME
Create a new error for incorrect acceptor name received from acceptor
to aid in debugging.
Luke Howard [Tue, 13 Nov 2012 05:25:20 +0000 (16:25 +1100)]
allow empty acceptor names
Luke Howard [Wed, 26 Sep 2012 07:25:22 +0000 (17:25 +1000)]
indentation fix
Luke Howard [Fri, 21 Sep 2012 19:34:11 +0000 (05:34 +1000)]
Ignore empty realms comparing acceptor name hint
Conflicts:
mech_eap/util_name.c
Luke Howard [Wed, 19 Sep 2012 12:32:42 +0000 (22:32 +1000)]
Call gssEapReleaseName not gss_release_name
we have a mech name not a union name so use the local mechanism.
Luke Howard [Wed, 19 Sep 2012 12:09:11 +0000 (22:09 +1000)]
indentation fix
Luke Howard [Wed, 19 Sep 2012 12:06:02 +0000 (22:06 +1000)]
fix indentation
Sam Hartman [Wed, 19 Sep 2012 00:45:25 +0000 (20:45 -0400)]
Call gssEapCompareName not gss_compare_name
we have a mech name not a union name so use the local mechanism.
Luke Howard [Sun, 16 Sep 2012 04:11:31 +0000 (14:11 +1000)]
remove references to PADL mechanism OIDs
Luke Howard [Sun, 16 Sep 2012 04:07:44 +0000 (14:07 +1000)]
neglected gss-eap-v1 arc in OID comment table
Luke Howard [Sun, 16 Sep 2012 03:00:04 +0000 (13:00 +1000)]
Coding style conform
Sam Hartman [Fri, 14 Sep 2012 17:18:08 +0000 (13:18 -0400)]
Update to use IETF RADIUS attributes
draft-ietf-abfab-gss-eap is approved and IANA has assigned
standardized RADIUS attributes, so these are no longer vendor
specific.
Update dictionary file to change the names of the existing attributes.
Sam Hartman [Fri, 14 Sep 2012 17:53:34 +0000 (13:53 -0400)]
Update name OIDs
Add comment on where OIDs come from and update oid for EAP name type.
Kevin Wasserman [Wed, 12 Sep 2012 15:52:05 +0000 (11:52 -0400)]
Update mech oid to conform to draft-ietf-abfab-gss-eap-09
Sam Hartman [Wed, 12 Sep 2012 20:29:21 +0000 (16:29 -0400)]
Update gitignore
Sam Hartman [Wed, 12 Sep 2012 20:28:58 +0000 (16:28 -0400)]
Fix gcc 4.7 warnings
Sam Hartman [Tue, 11 Sep 2012 19:50:30 +0000 (15:50 -0400)]
Send acceptor name and verify
In extensions state, send the acceptor name.
When the acceptor name is sent, verify if we already have a name hint.
Sam Hartman [Tue, 11 Sep 2012 18:52:17 +0000 (14:52 -0400)]
Update to gss-eap-naming-04
Update attribute prefixes used to draft-ietf-abfab-gss-eap-naming-04.
Sam Hartman [Tue, 11 Sep 2012 18:15:49 +0000 (14:15 -0400)]
Merge remote-tracking branch 'origin/radius-new-client-pkcs12'
Sam Hartman [Tue, 11 Sep 2012 18:13:12 +0000 (14:13 -0400)]
Merge remote-tracking branch 'origin/rfc3961-mic'
Luke Howard [Sat, 8 Sep 2012 23:47:33 +0000 (09:47 +1000)]
fix ISCBO for gssEapPseudoRandom signature change
Luke Howard [Sat, 8 Sep 2012 02:28:30 +0000 (12:28 +1000)]
corresponding header change for gssEapPseudoRandom
Luke Howard [Fri, 7 Sep 2012 03:25:09 +0000 (13:25 +1000)]
Cleanup gssEapPseudoRandom()
Luke Howard [Wed, 5 Sep 2012 01:38:53 +0000 (11:38 +1000)]
Don't define inline if compiling C++ on Win32
Luke Howard [Sat, 11 Aug 2012 04:30:56 +0000 (14:30 +1000)]
Handle NULL sequence state in exported partial contexts
This could be further improved by not encoding the sequence state
if it is zero.
Luke Howard [Sat, 11 Aug 2012 04:23:05 +0000 (14:23 +1000)]
Don't expect OID for imported initiator name
Luke Howard [Tue, 19 Jun 2012 15:45:38 +0000 (01:45 +1000)]
allow GSS_C_NO_CREDENTIAL to gssEapPrimaryMechForCred
Luke Howard [Sat, 11 Aug 2012 00:54:38 +0000 (10:54 +1000)]
preserve name mechanism on imported contexts
Luke Howard [Tue, 19 Jun 2012 15:45:38 +0000 (01:45 +1000)]
allow GSS_C_NO_CREDENTIAL to gssEapPrimaryMechForCred
Luke Howard [Thu, 2 Feb 2012 21:04:00 +0000 (08:04 +1100)]
Merge branch 'master' into radius-new-client-pkcs12
Sam Hartman [Tue, 24 Jan 2012 17:39:42 +0000 (12:39 -0500)]
Bump spec version
Sam Hartman [Tue, 3 Jan 2012 20:41:17 +0000 (15:41 -0500)]
Initializeshib resolver before opensaml so catalog path is set
Sam Hartman [Tue, 24 Jan 2012 17:38:03 +0000 (12:38 -0500)]
util_moonshot.c: Handle empty strings in trust anchor arguments.
Sam Hartman [Wed, 18 Jan 2012 00:27:48 +0000 (19:27 -0500)]
Treat empty cert hash as NULL (LP: #917956)
Luke Howard [Wed, 11 Jan 2012 05:56:39 +0000 (16:56 +1100)]
fix order of operations merge regression
Luke Howard [Mon, 14 Nov 2011 07:54:59 +0000 (18:54 +1100)]
use rs_attr_display_name/rs_attr_parse_name
Luke Howard [Mon, 14 Nov 2011 07:23:49 +0000 (18:23 +1100)]
use "26" as prefix for vendor attributes
Luke Howard [Mon, 14 Nov 2011 06:36:59 +0000 (17:36 +1100)]
use urn:ietf:params:gssapi:aaa-radius prefix
Luke Howard [Mon, 14 Nov 2011 06:06:21 +0000 (17:06 +1100)]
remove dictionary param from sample radsec config
Luke Howard [Mon, 14 Nov 2011 03:41:11 +0000 (14:41 +1100)]
check rs_attr_find return code correctly
Luke Howard [Mon, 14 Nov 2011 01:44:01 +0000 (12:44 +1100)]
remove rs_context_init_freeradius_dict
Luke Howard [Mon, 14 Nov 2011 00:54:07 +0000 (11:54 +1100)]
port to new RADIUS client library
Sam Hartman [Tue, 3 Jan 2012 16:56:17 +0000 (11:56 -0500)]
Merge remote-tracking branch 'origin/master'
Pete Fotheringham [Mon, 2 Jan 2012 18:33:40 +0000 (18:33 +0000)]
Automated builds and creation fo installer package and disk image works
Luke Howard [Mon, 12 Dec 2011 09:30:38 +0000 (20:30 +1100)]
Revert "InitOnceExecuteOnce not present on XP"
This reverts commit
061ae16ba14ef7a70bdb4741a1e04ced4d5d7b09.
There is still a race in this lockless one-time initialization which
could cause an assertion failure. Until we decide whether XP support
for the acceptor is required, back this out.
Luke Howard [Sat, 10 Dec 2011 09:39:17 +0000 (20:39 +1100)]
InitOnceExecuteOnce not present on XP
Luke Howard [Sat, 10 Dec 2011 23:57:48 +0000 (10:57 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Thu, 1 Dec 2011 03:19:18 +0000 (14:19 +1100)]
add MS-Windows-Group-Sid
Pete Fotheringham [Wed, 30 Nov 2011 18:33:33 +0000 (18:33 +0000)]
Merge branch 'master' of project-moonshot.org/git/moonshot
Conflicts:
moonshot/mech_eap/Makefile.am
Pete Fotheringham [Wed, 30 Nov 2011 17:31:26 +0000 (17:31 +0000)]
Link against the Kerberos library in /usr/local instead of the version in /usr
Luke Howard [Mon, 28 Nov 2011 15:01:39 +0000 (02:01 +1100)]
Revert "Support EAP-TLS in Moonshot (requires OpenSSL)"
This reverts commit
2ef42df0ecea8745a678fe26ff9b16072b93586b.
Luke Howard [Mon, 28 Nov 2011 15:01:34 +0000 (02:01 +1100)]
Revert "remember to duplicate clientCertificate"
This reverts commit
0bde9b2ad5a4a36f745f1c91e9155edb337922b8.
Luke Howard [Mon, 28 Nov 2011 15:01:28 +0000 (02:01 +1100)]
Revert "Allow certificate/private key to contain binary data"
This reverts commit
6196f93aaca970f23276407af0812179c51a29ea.
Luke Howard [Thu, 17 Nov 2011 11:15:47 +0000 (22:15 +1100)]
NFSv4 patch from Daniel Kouril
Luke Howard [Thu, 17 Nov 2011 09:34:12 +0000 (20:34 +1100)]
Allow certificate/private key to contain binary data
Luke Howard [Thu, 17 Nov 2011 09:04:08 +0000 (20:04 +1100)]
remember to duplicate clientCertificate
Luke Howard [Thu, 17 Nov 2011 08:33:22 +0000 (19:33 +1100)]
Support EAP-TLS in Moonshot (requires OpenSSL)
Luke Howard [Thu, 17 Nov 2011 08:32:47 +0000 (19:32 +1100)]
Merge branch 'moonshot' of ssh://moonshot.suchdamage.org:822/srv/git/libeap into moonshot
Conflicts:
Makefile.am
Luke Howard [Thu, 17 Nov 2011 05:37:06 +0000 (16:37 +1100)]
link against OpenSSL backend
Luke Howard [Sat, 22 Oct 2011 02:38:51 +0000 (13:38 +1100)]
wrap gssQueryMechanismInfo
Luke Howard [Fri, 21 Oct 2011 03:51:09 +0000 (14:51 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Fri, 21 Oct 2011 03:50:05 +0000 (14:50 +1100)]
Fix for building without acceptor
Luke Howard [Wed, 5 Oct 2011 22:44:51 +0000 (09:44 +1100)]
use RFC3961 checksums for CB/exts MIC
Sam Hartman [Thu, 13 Oct 2011 13:55:00 +0000 (09:55 -0400)]
Fix merge conflict
Sam hartman [Mon, 10 Oct 2011 13:46:46 +0000 (14:46 +0100)]
Add freeradius to rpath; disable ui integration from spec for now
Sam hartman [Sat, 8 Oct 2011 14:54:59 +0000 (15:54 +0100)]
Spec file update
Sam hartman [Fri, 16 Sep 2011 18:56:38 +0000 (19:56 +0100)]
Update libeap to include make dist
Sam hartman [Fri, 16 Sep 2011 18:41:51 +0000 (19:41 +0100)]
make dist: distribute sources
Distribute headers so that make dist works
Include headers in built sources to fix dependencies for parallel builds
Distribute exports files and require that the resulting library depend on them
Luke Howard [Fri, 7 Oct 2011 14:39:32 +0000 (01:39 +1100)]
Don't fail if password supplied by caller
If the libmoonshot or static (file-based) identity resolver fails, and
the caller provided a password via gss_acquire_cred_with_password(), then
resolving the credential should not fail.
Luke Howard [Fri, 7 Oct 2011 07:06:57 +0000 (18:06 +1100)]
fix incorrect reauth cred assert check
Luke Howard [Thu, 6 Oct 2011 10:34:10 +0000 (21:34 +1100)]
note about whether initiator cred lock is required
Luke Howard [Thu, 6 Oct 2011 10:29:55 +0000 (21:29 +1100)]
remove unnecessary cred lock in acceptor
Luke Howard [Wed, 5 Oct 2011 07:47:39 +0000 (18:47 +1100)]
allow building without libmoonshot
Luke Howard [Wed, 5 Oct 2011 02:22:38 +0000 (13:22 +1100)]
poke buildbot
Luke Howard [Wed, 5 Oct 2011 02:07:47 +0000 (13:07 +1100)]
initialize major in gss_query_meta_data
Luke Howard [Wed, 5 Oct 2011 01:56:19 +0000 (12:56 +1100)]
Merge branch 'master' into negoex
Luke Howard [Mon, 3 Oct 2011 23:22:14 +0000 (10:22 +1100)]
NegoEx SPIs
Luke Howard [Thu, 22 Sep 2011 09:24:09 +0000 (19:24 +1000)]
check radsec config when acquiring acceptor cred
Luke Howard [Tue, 20 Sep 2011 13:44:28 +0000 (23:44 +1000)]
note gssEapAcquireCred should validate RADIUS config
Luke Howard [Tue, 20 Sep 2011 02:21:43 +0000 (12:21 +1000)]
Fix regression where error tokens were not being sent
Luke Howard [Mon, 19 Sep 2011 12:49:16 +0000 (22:49 +1000)]
Add GSSEAP_NO_LOCAL_MAPPING error
Luke Howard [Mon, 19 Sep 2011 08:58:52 +0000 (18:58 +1000)]
use krb5_auth_con_setlocalsubkey on Heimdal
Luke Howard [Sun, 18 Sep 2011 03:39:51 +0000 (13:39 +1000)]
Add CRED_FLAG_TARGET
Set a flag indicating whether the credential has been bound to a service
Luke Howard [Sat, 17 Sep 2011 09:25:16 +0000 (19:25 +1000)]
Simplify verify_mic path
Allow verify_mic, wrapped on top of the IOV routines, to pass in a single
HEADER buffer rather than needing to understand the underlying split between
header and trailer.
Luke Howard [Sat, 17 Sep 2011 07:47:01 +0000 (17:47 +1000)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Sat, 17 Sep 2011 07:32:28 +0000 (17:32 +1000)]
make sure imported sec context keys correctly allocated
Luke Howard [Sat, 17 Sep 2011 06:24:53 +0000 (16:24 +1000)]
PRF/random_to_key allocation fix
MIT and Heimdal uses different allocation strategies
(caller-allocates, callee-allocates) for the same functions,
unfortunately.
Conflicts:
moonshot/mech_eap/util.h
Luke Howard [Fri, 16 Sep 2011 23:46:06 +0000 (09:46 +1000)]
use calloc to match with Heimdal (heim_alloc not exported)
Luke Howard [Sat, 17 Sep 2011 06:17:57 +0000 (16:17 +1000)]
create TLD on-demand for threads started pre-DLL load
Conflicts:
moonshot/mech_eap/util_tld.c
Luke Howard [Fri, 16 Sep 2011 22:10:21 +0000 (08:10 +1000)]
more cleanup of TLD
Luke Howard [Fri, 16 Sep 2011 21:49:44 +0000 (07:49 +1000)]
general cleanup of TLD init