Sam Hartman [Mon, 19 Dec 2016 14:04:59 +0000 (09:04 -0500)]
Build depend against openssl 1.0, Closes: #828440
Sam Hartman [Tue, 23 Aug 2016 02:27:58 +0000 (22:27 -0400)]
Use unique_ptr not auto_ptr
Sam Hartman [Tue, 23 Aug 2016 01:38:42 +0000 (21:38 -0400)]
Fix FTBFS with gcc-6: auto_ptr is deprecated. First, -Wdeprecated should not cause an error for package builds. Second, use unique_ptr, Closes: #831187
* Fix FTBFS with gcc-6: auto_ptr is deprecated. First, -Wdeprecated
should not cause an error for package builds. Second, use unique_ptr,
Closes: #831187
* Upgrade standards version to 3.9.8 (no changes needed)
Sam Hartman [Tue, 14 Jul 2015 20:13:35 +0000 (16:13 -0400)]
New upstream release including better error messages when GSSEAP_TRACE is set
Sam Hartman [Tue, 14 Jul 2015 20:11:32 +0000 (16:11 -0400)]
Merge tag 'upstream/0.9.5' into debian
Sam Hartman [Tue, 14 Jul 2015 20:10:24 +0000 (16:10 -0400)]
Import moonshot-gss-eap_0.9.5.orig.tar.gz
Sam Hartman [Mon, 13 Jul 2015 19:22:14 +0000 (15:22 -0400)]
Perform release
Luke Howard [Fri, 15 May 2015 12:16:18 +0000 (14:16 +0200)]
gss_inquire_context lifetime calculation was inverted
Sam Hartman [Mon, 6 Apr 2015 20:17:30 +0000 (16:17 -0400)]
GSSEAP_TRACE prints returns from major entry points
Especially with SPNEGO, it's often the case that the caller does not
always make the GSSEAP errors available. So, when GSSEAP_TRACE is
set, print the results of init_sec_context, acquire_cred and
accept_sec_context.
Introduce gssEapTrace for additional tracing/debugging.
Sam Hartman [Wed, 25 Mar 2015 16:44:18 +0000 (12:44 -0400)]
Changelog for new version
Sam Hartman [Wed, 25 Mar 2015 16:43:14 +0000 (12:43 -0400)]
Merge branch 'master' into debian
Merge in 0.9.4
Sam Hartman [Wed, 25 Mar 2015 16:42:55 +0000 (12:42 -0400)]
Version 0.9.4<
Sam Hartman [Wed, 25 Mar 2015 16:36:07 +0000 (12:36 -0400)]
Fix spacing of error table
Kevin Wasserman [Wed, 25 Mar 2015 16:07:13 +0000 (12:07 -0400)]
Allow whitespace in cacerts
Makes base64Decode generally more tolerant of whitespace
Sam Hartman [Wed, 25 Mar 2015 05:18:20 +0000 (01:18 -0400)]
Rebuild for error tables
Sam Hartman [Thu, 12 Mar 2015 16:45:41 +0000 (12:45 -0400)]
0.9.3 pre-release
Sam Hartman [Thu, 12 Mar 2015 16:44:56 +0000 (12:44 -0400)]
Merge branch 'master' into debian
0.9.3 most of the changes
Sam Hartman [Thu, 12 Mar 2015 16:38:34 +0000 (12:38 -0400)]
Increase version
Sam Hartman [Thu, 12 Mar 2015 14:58:37 +0000 (10:58 -0400)]
Squash internal errors to no minor
Previously, we would send no error token in the case where the minor
status is not a wire error. Instead, turn this into a 0 minor status.
Permit 0 minor status to be received.
Sam Hartman [Thu, 12 Mar 2015 14:46:51 +0000 (10:46 -0400)]
libeap: don't shut down openssl
we're a library. It's antisocial to close down openssl application
wide just because one eap state machine is ending.
Sam Hartman [Wed, 4 Mar 2015 12:28:48 +0000 (07:28 -0500)]
Expose RADIUS errors to Acceptor
* Parse the Reply-Message attribute and include in error messages
* Add mechanism to handle RADIUS Error-Cause attribute
* Map Error-Cause 501 and 502 to GSSEAP errors
Note that we do not currently return these error cause codes to the
client. That requires IANA registration and adding support for
splitting the FCFS space from the standards space within the same
error table.
Sam Hartman [Thu, 23 Oct 2014 16:06:01 +0000 (12:06 -0400)]
Review security of libeap/wpa_supplicant and send mail to security team explaining why I believe moonshot-gss-eap is supportable, Closes: #766476
Sam Hartman [Wed, 22 Oct 2014 19:13:36 +0000 (15:13 -0400)]
Install correct /etc/gss/mech.d file
Sam Hartman [Wed, 22 Oct 2014 19:09:36 +0000 (15:09 -0400)]
Merge branch 'master' into debian
* Pull in change for GSSEAP_TRACE
* pull in segfault fix
Sam Hartman [Wed, 22 Oct 2014 18:20:37 +0000 (14:20 -0400)]
Use C++ destructors not finalizers
Rather than calling the attribute finalizer from a library level finalizer, do so from a C++ destructor.
Hopefully this addresses a segfault on process termination (LP: #1201939)
Sam Hartman [Wed, 22 Oct 2014 18:18:09 +0000 (14:18 -0400)]
Mech_eap: only output debugging when GSSEAP_TRACE is set
Previously we only output informational messages from libeap.
However, we also output them all the time to stdout, which is bad
because it disrupts the output of the program. Now, only output
debugging when the GSSEAP_TRACE environment variable is set. In that
case output all the libeap debugging, not just informational messages.
In addition, use secure_getenv if it is available to avoid introducing yet more issues if run in a raised privilege situation.
Sam Hartman [Tue, 16 Sep 2014 12:39:13 +0000 (08:39 -0400)]
Document changes
Sam Hartman [Tue, 16 Sep 2014 12:36:33 +0000 (08:36 -0400)]
todo file
Sam Hartman [Tue, 16 Sep 2014 12:22:10 +0000 (08:22 -0400)]
remove bogus bug number; fix email address
Sam Hartman [Tue, 16 Sep 2014 12:21:51 +0000 (08:21 -0400)]
Fix dependencies for debugging package
Sam Hartman [Tue, 16 Sep 2014 12:21:41 +0000 (08:21 -0400)]
Fix syntax error
Sam Hartman [Tue, 16 Sep 2014 12:21:30 +0000 (08:21 -0400)]
Don't install la files
Sam Hartman [Tue, 16 Sep 2014 11:55:03 +0000 (07:55 -0400)]
Install /usr/etc/gss/mech if required
Sam Hartman [Tue, 16 Sep 2014 11:31:41 +0000 (07:31 -0400)]
Add /etc/gss/mech.d support
Sam Hartman [Tue, 16 Sep 2014 11:25:32 +0000 (07:25 -0400)]
Now we're using upstream tarballs.
Sam Hartman [Tue, 16 Sep 2014 11:12:26 +0000 (07:12 -0400)]
Merge tag 'upstream/0.9.2' into debian
Conflicts:
.gitignore
Makefile.in
build-aux/config.guess
build-aux/config.sub
build-aux/depcomp
build-aux/install-sh
build-aux/ltmain.sh
build-aux/missing
configure
libeap/Makefile.in
m4/libtool.m4
mech_eap/.gitignore
mech_eap/Makefile.in
Sam Hartman [Tue, 16 Sep 2014 11:09:18 +0000 (07:09 -0400)]
Import moonshot-gss-eap_0.9.2.orig.tar.gz
Sam Hartman [Tue, 16 Sep 2014 11:05:49 +0000 (07:05 -0400)]
Distribute extra files
Sam Hartman [Mon, 15 Sep 2014 21:49:41 +0000 (17:49 -0400)]
New upstream version
Sam Hartman [Mon, 15 Sep 2014 21:49:13 +0000 (17:49 -0400)]
Merge branch 'master' into debian
Merge in 0.9.2
Sam Hartman [Mon, 15 Sep 2014 20:06:13 +0000 (16:06 -0400)]
Prefer correct form of shibboleth resolver library
Sam Hartman [Mon, 15 Sep 2014 19:07:52 +0000 (15:07 -0400)]
Include dh-autoreconf, dh 9
Sam Hartman [Mon, 15 Sep 2014 19:03:57 +0000 (15:03 -0400)]
Version 0.9.2
Sam Hartman [Mon, 15 Sep 2014 19:02:41 +0000 (19:02 +0000)]
Only permit ttls
Sam Hartman [Mon, 15 Sep 2014 17:46:01 +0000 (13:46 -0400)]
Include legal notices in distribution
Sam Hartman [Mon, 15 Sep 2014 17:45:31 +0000 (13:45 -0400)]
fix build dependency
Sam Hartman [Fri, 12 Sep 2014 17:59:02 +0000 (13:59 -0400)]
Update mech_eap copyright
Sam Hartman [Thu, 31 Jul 2014 20:38:43 +0000 (16:38 -0400)]
autoreconf
Sam Hartman [Thu, 31 Jul 2014 20:34:58 +0000 (16:34 -0400)]
new upstream release
* new upstream release
- Includes support for CA certificates.
Sam Hartman [Thu, 31 Jul 2014 20:31:25 +0000 (16:31 -0400)]
Merge branch 'master' into debian
Merge in 0.9.1
Sam Hartman [Thu, 31 Jul 2014 18:15:42 +0000 (14:15 -0400)]
fix typo
Sam Hartman [Thu, 31 Jul 2014 14:38:14 +0000 (10:38 -0400)]
Register new RADIUS attributes
Sam Hartman [Wed, 30 Jul 2014 22:02:37 +0000 (18:02 -0400)]
Version 0.9.1
Kevin Wasserman [Thu, 12 Jun 2014 15:09:55 +0000 (11:09 -0400)]
Treat caCertificate as base64-encoded DER rather than PEM
Openssl's pem parser is very picky and requires newlines.
Moonshot-webp eats newlines from the raw xml, requiring
hand-placed ' ' for successful parsing, which is
undersirable. So instead use mech_eap's base64Decode() to
convert caCertificate to DER.
Kevin Wasserman [Tue, 10 Jun 2014 22:11:59 +0000 (18:11 -0400)]
Avoid double-free of bio. Better error code for ca cert parsing failure.
Kevin Wasserman [Tue, 10 Jun 2014 22:05:49 +0000 (18:05 -0400)]
Correctly handle "ca-cert" in peerGetConfigBlob
Kevin Wasserman [Fri, 6 Jun 2014 12:11:03 +0000 (08:11 -0400)]
Treat caCertificate as pem contents rather than pem filename
Luke Howard [Mon, 2 Dec 2013 06:10:56 +0000 (17:10 +1100)]
take length of display_value, not value
Luke Howard [Mon, 2 Dec 2013 06:10:07 +0000 (17:10 +1100)]
gssHeaderLength redundantly initialized
Luke Howard [Mon, 2 Dec 2013 06:09:43 +0000 (17:09 +1100)]
assert name non-NULL before dereferencing
Luke Howard [Mon, 2 Dec 2013 06:09:24 +0000 (17:09 +1100)]
gss_trailerlen = 0 not used
Luke Howard [Mon, 2 Dec 2013 06:09:03 +0000 (17:09 +1100)]
zeroAndReleasePassword must be called with non-NULL buffer
Luke Howard [Mon, 2 Dec 2013 06:07:19 +0000 (17:07 +1100)]
don't set major = GSS_S_FAILURE twice
Luke Howard [Mon, 2 Dec 2013 06:04:51 +0000 (17:04 +1100)]
do not ignore sequenceCheck() return value
Luke Howard [Mon, 2 Dec 2013 06:03:50 +0000 (17:03 +1100)]
check gssEapRadiusAddAttr(REALM_NAME) return code
Luke Howard [Mon, 2 Dec 2013 06:03:36 +0000 (17:03 +1100)]
tok_type can never be -1
Sam Hartman [Wed, 27 Nov 2013 05:14:43 +0000 (00:14 -0500)]
Bump release to turn on sha256
Sam Hartman [Wed, 20 Nov 2013 14:06:52 +0000 (09:06 -0500)]
libeap: enable sha256
Sam Hartman [Tue, 26 Nov 2013 13:08:03 +0000 (08:08 -0500)]
Ignore TLS errors before TLS calls are made
Sam Hartman [Tue, 26 Nov 2013 13:07:22 +0000 (08:07 -0500)]
Merge branch 'master' into debian
Pull in change to ignore TLS errors
Sam Hartman [Tue, 26 Nov 2013 13:07:10 +0000 (08:07 -0500)]
Bump specfile version
Sam Hartman [Tue, 26 Nov 2013 13:05:37 +0000 (08:05 -0500)]
libeap: ignore TLS errors before any TLS calls
Ignore any errors that take place before the packet is started.
Sam Hartman [Mon, 25 Nov 2013 14:23:40 +0000 (09:23 -0500)]
bump release
Sam Hartman [Thu, 21 Nov 2013 18:27:52 +0000 (13:27 -0500)]
util:name: 1 component principals can be services too
accept_sec_context.c: Only add hostname if we have one
Sam Hartman [Thu, 21 Nov 2013 19:05:19 +0000 (14:05 -0500)]
fix assert failure
Sam Hartman [Thu, 21 Nov 2013 19:04:51 +0000 (14:04 -0500)]
Only add hostname if we have one
Sam Hartman [Thu, 21 Nov 2013 18:28:46 +0000 (13:28 -0500)]
Permit 1-component service names
Sam Hartman [Thu, 21 Nov 2013 18:27:52 +0000 (13:27 -0500)]
util:name: 1 component principals can be services too
Sam Hartman [Wed, 20 Nov 2013 14:08:02 +0000 (09:08 -0500)]
Enable sha256 in libeap
Sam Hartman [Wed, 20 Nov 2013 14:07:28 +0000 (09:07 -0500)]
autoreconf
Sam Hartman [Wed, 20 Nov 2013 14:06:52 +0000 (09:06 -0500)]
libeap: enable sha256
Sam Hartman [Thu, 14 Nov 2013 03:31:28 +0000 (22:31 -0500)]
Update from upstream to fix segfault on no hostname
Sam Hartman [Thu, 14 Nov 2013 03:30:49 +0000 (22:30 -0500)]
Merge branch 'master' of ssh://moonshot.suchdamage.org/srv/git/mech_eap into debian
Sam Hartman [Mon, 11 Nov 2013 19:52:11 +0000 (14:52 -0500)]
specfile: new release
Kevin Wasserman [Mon, 11 Nov 2013 12:09:39 +0000 (07:09 -0500)]
Fix logic for parsing princ components (LP 1249863)
Avoid segfault when missing acceptor realm.
Sam Hartman [Tue, 29 Oct 2013 14:42:49 +0000 (10:42 -0400)]
Send flags token with mutual authentication forced
Sam Hartman [Mon, 28 Oct 2013 18:16:59 +0000 (14:16 -0400)]
specfile: %post handles /etc/gss/mech
Sam Hartman [Mon, 28 Oct 2013 17:31:54 +0000 (13:31 -0400)]
Temporary: set mutual in flags token
Force mutual flag on the context prior to sending the flags token until channel binding is better deployed.
Sam Hartman [Mon, 28 Oct 2013 17:21:25 +0000 (13:21 -0400)]
setting flags in verify MIC too late
We've been force setting mutual authentication in the verify mic SM callback. We need to set mutual authentication prior to sending the flags token.
Sam Hartman [Fri, 11 Oct 2013 14:03:40 +0000 (10:03 -0400)]
Update for another libradsec
Sam Hartman [Fri, 11 Oct 2013 12:41:32 +0000 (08:41 -0400)]
Force rebuild for rpm to pick up libmoonshot1
Sam Hartman [Thu, 10 Oct 2013 16:17:09 +0000 (12:17 -0400)]
new release
Sam Hartman [Thu, 10 Oct 2013 16:17:09 +0000 (12:17 -0400)]
new release
Sam Hartman [Thu, 10 Oct 2013 14:23:41 +0000 (10:23 -0400)]
autoreconf
Sam Hartman [Thu, 10 Oct 2013 14:23:19 +0000 (10:23 -0400)]
Fix segfault (LP: #1237981 )
Sam Hartman [Thu, 10 Oct 2013 14:22:04 +0000 (10:22 -0400)]
Merge remote-tracking branch 'origin/master' into debian
Fix segfault LP: 1237981
Sam Hartman [Thu, 10 Oct 2013 14:13:48 +0000 (10:13 -0400)]
Don't free parts of the principal in channel bindings (LP: #1237981 )
Sam Hartman [Thu, 10 Oct 2013 13:44:53 +0000 (09:44 -0400)]
Create moonshot-gss-eap-dbg
Sam Hartman [Wed, 9 Oct 2013 22:50:25 +0000 (23:50 +0100)]
make dist cleanups
Sam Hartman [Wed, 9 Oct 2013 20:15:19 +0000 (16:15 -0400)]
Make dist cleanup