Sam hartman [Fri, 16 Sep 2011 18:43:04 +0000 (19:43 +0100)]
Fix unused variable in non-acceptor mode
Sam hartman [Fri, 16 Sep 2011 18:41:51 +0000 (19:41 +0100)]
make dist: distribute sources
Distribute headers so that make dist works
Include headers in built sources to fix dependencies for parallel builds
Distribute exports files and require that the resulting library depend on them
Sam hartman [Fri, 16 Sep 2011 15:17:53 +0000 (16:17 +0100)]
Makefile: build fixes
mech_eap_la_CFLAGS was multiply defined.
Also, disable-acceptor sources were set incorrectly.
Sam hartman [Fri, 16 Sep 2011 15:16:28 +0000 (16:16 +0100)]
configure: GNU_SOURCE is redundant
You only want either use_extensions or gnu_source. use_extensions is
the modern preferred way to enable gnu_source.
This commit fixes a lot of useless warnings at autoreconf time.
Sam Hartman [Fri, 16 Sep 2011 15:13:03 +0000 (16:13 +0100)]
configure: support krb5 --with-system-et
If the system et and compile_et are used, then compile_et may not be
in the krb5 directory; support this.
Luke Howard [Fri, 16 Sep 2011 14:02:34 +0000 (00:02 +1000)]
More careful matching of alloc/free functions
Luke Howard [Fri, 16 Sep 2011 06:14:48 +0000 (16:14 +1000)]
use GSSEAP_ASSERT macro instead of assert
Luke Howard [Fri, 16 Sep 2011 05:37:50 +0000 (15:37 +1000)]
don't release TLS data in DLL_PROCESS_DETACH
Luke Howard [Fri, 16 Sep 2011 05:02:31 +0000 (15:02 +1000)]
Don't assert fail on Windows if mech does not init
Luke Howard [Thu, 15 Sep 2011 09:19:35 +0000 (19:19 +1000)]
include Windows-specific GSS flags in flags token
Luke Howard [Wed, 14 Sep 2011 15:23:42 +0000 (01:23 +1000)]
Windows acceptor build fixes
Windows will require C++ clean FreeRADIUS headers
another Windows acceptor-side fix
Conflicts:
moonshot/mech_eap/util.h
Luke Howard [Wed, 14 Sep 2011 07:30:06 +0000 (17:30 +1000)]
make gssEapImportContext un-static for other internal consumers
Luke Howard [Wed, 14 Sep 2011 06:38:55 +0000 (16:38 +1000)]
add gssEapPseudoRandom for internal consumers
Luke Howard [Wed, 14 Sep 2011 06:12:34 +0000 (16:12 +1000)]
Merge remote-tracking branch 'origin/windows'
Luke Howard [Wed, 14 Sep 2011 06:11:37 +0000 (16:11 +1000)]
Merge branch 'windows'
Conflicts:
moonshot/configure.ac
moonshot/mech_eap/Makefile.am
moonshot/mech_eap/accept_sec_context.c
moonshot/mech_eap/acquire_cred.c
moonshot/mech_eap/add_cred.c
moonshot/mech_eap/add_cred_with_password.c
moonshot/mech_eap/canonicalize_name.c
moonshot/mech_eap/compare_name.c
moonshot/mech_eap/context_time.c
moonshot/mech_eap/delete_name_attribute.c
moonshot/mech_eap/delete_sec_context.c
moonshot/mech_eap/display_name.c
moonshot/mech_eap/display_name_ext.c
moonshot/mech_eap/display_status.c
moonshot/mech_eap/duplicate_name.c
moonshot/mech_eap/eap_mech.c
moonshot/mech_eap/export_name.c
moonshot/mech_eap/export_name_composite.c
moonshot/mech_eap/export_sec_context.c
moonshot/mech_eap/get_mic.c
moonshot/mech_eap/get_name_attribute.c
moonshot/mech_eap/gssapiP_eap.h
moonshot/mech_eap/import_name.c
moonshot/mech_eap/import_sec_context.c
moonshot/mech_eap/indicate_mechs.c
moonshot/mech_eap/init_sec_context.c
moonshot/mech_eap/inquire_attrs_for_mech.c
moonshot/mech_eap/inquire_context.c
moonshot/mech_eap/inquire_cred.c
moonshot/mech_eap/inquire_cred_by_oid.c
moonshot/mech_eap/inquire_mech_for_saslname.c
moonshot/mech_eap/inquire_mechs_for_name.c
moonshot/mech_eap/inquire_name.c
moonshot/mech_eap/inquire_names_for_mech.c
moonshot/mech_eap/inquire_saslname_for_mech.c
moonshot/mech_eap/inquire_sec_context_by_oid.c
moonshot/mech_eap/map_name_to_any.c
moonshot/mech_eap/process_context_token.c
moonshot/mech_eap/pseudo_random.c
moonshot/mech_eap/release_any_name_mapping.c
moonshot/mech_eap/release_cred.c
moonshot/mech_eap/release_name.c
moonshot/mech_eap/set_name_attribute.c
moonshot/mech_eap/set_sec_context_option.c
moonshot/mech_eap/store_cred.c
moonshot/mech_eap/unwrap.c
moonshot/mech_eap/unwrap_iov.c
moonshot/mech_eap/util.h
moonshot/mech_eap/util_context.c
moonshot/mech_eap/util_cred.c
moonshot/mech_eap/util_krb.c
moonshot/mech_eap/util_name.c
moonshot/mech_eap/util_tld.c
moonshot/mech_eap/verify_mic.c
moonshot/mech_eap/wrap.c
moonshot/mech_eap/wrap_iov.c
moonshot/mech_eap/wrap_iov_length.c
moonshot/mech_eap/wrap_size_limit.c
Luke Howard [Wed, 14 Sep 2011 05:16:24 +0000 (15:16 +1000)]
implement gssEapSetCredService
Sam Hartman [Wed, 14 Sep 2011 00:26:03 +0000 (20:26 -0400)]
Build fixes for non-Windows
Luke Howard [Tue, 13 Sep 2011 07:16:39 +0000 (17:16 +1000)]
avoid too many reallocs when parsing tokens
Luke Howard [Tue, 13 Sep 2011 07:01:56 +0000 (17:01 +1000)]
restore inquire_name, regressed in earlier commit
Luke Howard [Tue, 13 Sep 2011 06:39:22 +0000 (16:39 +1000)]
separate gss_display_status into inner/outer APIs
Luke Howard [Tue, 13 Sep 2011 06:37:15 +0000 (16:37 +1000)]
no vasprintf() on Win32
Luke Howard [Tue, 13 Sep 2011 06:28:51 +0000 (16:28 +1000)]
call eap_mech constructors from DllMain
Luke Howard [Tue, 13 Sep 2011 06:27:28 +0000 (16:27 +1000)]
fix signedness on krb5_data data member
(at least for MIT)
Luke Howard [Tue, 13 Sep 2011 05:29:19 +0000 (15:29 +1000)]
add GET_LAST_ERROR macro
Luke Howard [Tue, 13 Sep 2011 05:08:02 +0000 (15:08 +1000)]
cast to match signedness
Luke Howard [Tue, 13 Sep 2011 05:11:51 +0000 (15:11 +1000)]
cast void * to unsigned char * for Heimdal compat
Luke Howard [Tue, 13 Sep 2011 05:22:38 +0000 (15:22 +1000)]
more build fixes for Windows
Luke Howard [Tue, 13 Sep 2011 05:14:27 +0000 (15:14 +1000)]
merge static credentials file locator from windows branch
Luke Howard [Tue, 13 Sep 2011 05:02:41 +0000 (15:02 +1000)]
Merge TLD code from Windows port, after cleanup
Luke Howard [Tue, 13 Sep 2011 04:16:17 +0000 (14:16 +1000)]
build without RADIUS-related headers if no acceptor
Luke Howard [Mon, 12 Sep 2011 22:42:07 +0000 (08:42 +1000)]
make it possible to build without acceptor
Luke Howard [Mon, 12 Sep 2011 12:07:17 +0000 (22:07 +1000)]
make possible build without OpenSAML and/or Shib
Luke Howard [Mon, 12 Sep 2011 03:32:34 +0000 (13:32 +1000)]
merge a few Win32 build fixes
Luke Howard [Sat, 10 Sep 2011 21:30:35 +0000 (22:30 +0100)]
separate {init,accept}_sec_context into gss_/gssEap pattern
Luke Howard [Sat, 10 Sep 2011 19:12:08 +0000 (20:12 +0100)]
add GSS_EAP_CRED_SET_CRED_PASSWORD cred option
Luke Howard [Sat, 10 Sep 2011 17:49:27 +0000 (18:49 +0100)]
add GSSEAP_CONSTRUCTOR/DESTRUCTOR macro
Luke Howard [Sat, 10 Sep 2011 17:45:48 +0000 (18:45 +0100)]
use GSSAPI_CALLCONV for exported SPIs
Luke Howard [Sat, 10 Sep 2011 09:31:20 +0000 (10:31 +0100)]
update TODO
Luke Howard [Fri, 9 Sep 2011 22:51:04 +0000 (23:51 +0100)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Luke Howard [Fri, 9 Sep 2011 22:44:04 +0000 (23:44 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Wed, 7 Sep 2011 13:33:19 +0000 (14:33 +0100)]
support for libmoonshot identity selector
Luke Howard [Fri, 9 Sep 2011 21:17:56 +0000 (22:17 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Fri, 9 Sep 2011 21:16:45 +0000 (22:16 +0100)]
remove unused toktype2 variable
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Fri, 9 Sep 2011 21:14:19 +0000 (22:14 +0100)]
remove unused EAP state machine variable
Luke Howard [Fri, 9 Sep 2011 21:12:48 +0000 (22:12 +0100)]
Check error return from vasprintf: string is undefined on error
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Tue, 6 Sep 2011 10:23:56 +0000 (11:23 +0100)]
Update assert to reflect protected subtoken length
Luke Howard [Sat, 16 Jul 2011 11:59:31 +0000 (11:59 +0000)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Conflicts:
moonshot/mech_eap/util_context.c
Luke Howard [Sat, 16 Jul 2011 11:56:54 +0000 (11:56 +0000)]
integrity protect subtoken length
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Sat, 16 Jul 2011 11:46:34 +0000 (11:46 +0000)]
remove getFeatures() hack when initialising Shib
Shibboleth now supports multiple initializations
Sam Hartman [Fri, 1 Jul 2011 10:46:41 +0000 (06:46 -0400)]
test use = not == for string compare
Sam Hartman [Fri, 1 Jul 2011 10:46:23 +0000 (06:46 -0400)]
Depend on libtool 2.4 so Windows build works
Kevin Wasserman [Thu, 30 Jun 2011 16:15:46 +0000 (12:15 -0400)]
Changes to Autoconf/Automake configuration files for windows port.
Added AX_CHECK_WINDOWS macro to specify TARGET_WINDOWS when windows.h exists.
Special handling for krb5: hard-code include and lib paths relative
to the --with-krb5 directory.
Add -Zi compile flag and -debug link flags on windows;
remove -Werror -Wall -Wunused-paramater; I should find and add msvc equivalents
use -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO instead of myriad -DEAP_FOO.
Kevin Wasserman [Thu, 30 Jun 2011 15:27:10 +0000 (11:27 -0400)]
va_copy() fix for vasprintf
memcpy, not memcmp; but don't even bother since assignment is sufficient.
Added comment explaining usage of va_copy and the extremely unlikely
scenario that could cause this code to fail.
Kevin Wasserman [Thu, 30 Jun 2011 13:48:10 +0000 (09:48 -0400)]
Consolidate thread-local data.
Also add windows versions of MUTEX macros.
Together, these changes eliminate dependency on pthread for windows and
centralize the platform-specific code to deal with thread-local storage.
Kevin Wasserman [Tue, 28 Jun 2011 18:32:42 +0000 (14:32 -0400)]
Add #include <includes.h> to gssapiP_eap.h.
Kevin Wasserman [Tue, 28 Jun 2011 18:30:01 +0000 (14:30 -0400)]
for VS2010, need to include Shlobj.h instead of ShFolder.h
Kevin Wasserman [Tue, 28 Jun 2011 18:28:13 +0000 (14:28 -0400)]
Fix unreferenced parameter warnings.
...in the functions in inquire_cred_by_oid.c and set_sec_context_option.c
that used to throw zero-sized array errors under msvc
Kevin Wasserman [Tue, 28 Jun 2011 18:06:45 +0000 (14:06 -0400)]
call gssEapInquireName() only when --enable-acceptor=yes
Kevin Wasserman [Tue, 28 Jun 2011 18:04:50 +0000 (14:04 -0400)]
Only call gssEapMapNameToAny()/gssEapReleaseAnyNameMapping() when --enable-acceptor=yes.
Kevin Wasserman [Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)]
Don't check IS_RADIUS_ERROR() unless --enable-acceptor=yes.
Eliminates radius dependency from windows port.
Kevin Wasserman [Tue, 28 Jun 2011 17:07:27 +0000 (13:07 -0400)]
Added vasprintf.c
For systems (e.g. windows) lacking native vasprintf. Cribbed from krb5 with minor modification.
Kevin Wasserman [Tue, 28 Jun 2011 16:55:11 +0000 (12:55 -0400)]
remove unnecessary win32/config.h and win32/et/come_err.h
Kevin Wasserman [Tue, 21 Jun 2011 14:00:06 +0000 (10:00 -0400)]
Other Windows changes and debug comments
This patch is fixing remaining compilation errors. It also emphasizes
other things that need fixing on Windows.
Kevin Wasserman [Tue, 21 Jun 2011 13:25:31 +0000 (09:25 -0400)]
Define __attribute__ macro as nothing on Windows
__attribute__((constructor)), __attribute__((destructor)) and
__attribute__((unused)) are now expanded to nothing on Windows,
so that the code can compile
Alexey Melnikov [Mon, 13 Jun 2011 17:41:10 +0000 (18:41 +0100)]
Windows VC doesn't like empty arrays
This causes compilation error, so the code is ifdefed out on Windows
Alexey Melnikov [Mon, 13 Jun 2011 17:41:02 +0000 (18:41 +0100)]
Use SHGetFolderPath(APPDATA) on Windows to correctly find out location of the config file
Alexey Melnikov [Mon, 13 Jun 2011 17:40:54 +0000 (18:40 +0100)]
Fixed an incorrect call to gssEapWrapOrGetMIC in gss_delete_sec_context()
The 4th parameter is a pointer to int and not an int. This was reported
as a warning by VC on Windows.
Alexey Melnikov [Mon, 13 Jun 2011 17:40:47 +0000 (18:40 +0100)]
Fixed calling convention for functions exported from gssapi.h
On Windows all functions exported from gssapi.h have KRB5_CALLCONV
calling convention. This is needed in order to compile correctly on Windows.
Kevin Wasserman [Mon, 20 Jun 2011 23:42:14 +0000 (19:42 -0400)]
Changes testing for WIN32 to HAVE_*_H macros, changed how inline is defined on Windows
Also added the Windows version of config.h and a copy of et/com_err.h
(from Linux) to be used by files generated with compile_et.
DO NOT COMMIT
Alexey Melnikov [Fri, 10 Jun 2011 11:46:59 +0000 (12:46 +0100)]
Some initial Windows portability fixes in include files
Kevin Wasserman [Mon, 20 Jun 2011 20:11:05 +0000 (16:11 -0400)]
Mixed changes to configure.ac
some good, some bad
Kevin Wasserman [Wed, 15 Jun 2011 15:13:05 +0000 (11:13 -0400)]
Conditionalized Acceptor codepaths and modules.
Acceptor code is enabled by default; use configure --enable-acceptor=no to disable.
When disabled, Acceptor functions are stubbed out and return GSS_S_UNAVAILABLE.
util_attr,util_json,util_radius,util_saml are removed to eliminate dependencies on saml, radius, shibboleth, and json.
Kevin Wasserman [Tue, 14 Jun 2011 13:26:14 +0000 (09:26 -0400)]
Explicitly include stdio.h in util_cred.c
stdio.h is required for BUFSIZ. It is implicitly included by gssapiP_eap.h via freeradius but that dependency will be removed for windows.
Kevin Wasserman [Mon, 13 Jun 2011 20:23:26 +0000 (16:23 -0400)]
move AC_GNU_SOURCE before its use, add AC_USE_SYSTEM_EXTENSIONS to fix warnings, and add MAINTAINER_MODE support
Kevin Wasserman [Fri, 10 Jun 2011 20:52:46 +0000 (16:52 -0400)]
Fix mech_eap_la_LDFLAGS to use $(srcdir) for mech_eap.exports
Luke Howard [Sat, 11 Jun 2011 20:24:56 +0000 (20:24 +0000)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Sat, 11 Jun 2011 20:23:57 +0000 (20:23 +0000)]
update TODO list
Luke Howard [Mon, 23 May 2011 20:18:48 +0000 (16:18 -0400)]
ScopedAttribute/SimpleAttribute are displayable
Luke Howard [Mon, 23 May 2011 17:48:36 +0000 (13:48 -0400)]
support BinaryAttribute subclasses
Luke Howard [Mon, 23 May 2011 15:05:30 +0000 (11:05 -0400)]
Upgrade Shibboleth for binary attribute support
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Fri, 20 May 2011 11:08:42 +0000 (13:08 +0200)]
Revert "implement gss_acquire_cred_ext"
This reverts commit
57135a1070518a0c1228a29ed9fcf726357856a1.
Luke Howard [Fri, 20 May 2011 11:08:34 +0000 (13:08 +0200)]
Revert "remove acquire_cred_ext until it is standardized"
This reverts commit
0620dfff7eeebfec8279f4a7ee8e60e75161a856.
Luke Howard [Fri, 20 May 2011 08:04:22 +0000 (10:04 +0200)]
reauth-specific hack should be conditional on reauth being enabled
Luke Howard [Fri, 20 May 2011 07:52:45 +0000 (09:52 +0200)]
remove acquire_cred_ext until it is standardized
Luke Howard [Thu, 19 May 2011 14:11:06 +0000 (16:11 +0200)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Thu, 19 May 2011 14:09:27 +0000 (16:09 +0200)]
update TODO
moonshot [Mon, 4 Apr 2011 18:47:27 +0000 (14:47 -0400)]
hack: force mutual to be true
Force mutual to be true for the vm-integ brach so ssh works
Luke Howard [Mon, 16 May 2011 22:49:11 +0000 (00:49 +0200)]
fool gssapi symbol tests into working with Heimdal and MIT
Luke Howard [Mon, 16 May 2011 22:46:40 +0000 (00:46 +0200)]
move gss_const_OID compat to gssapiP_eap.h
Luke Howard [Mon, 16 May 2011 13:49:02 +0000 (15:49 +0200)]
don't set display_value for binary RADIUS attributes
Luke Howard [Mon, 16 May 2011 12:26:44 +0000 (14:26 +0200)]
update with location of samba patches
Luke Howard [Mon, 16 May 2011 11:44:37 +0000 (13:44 +0200)]
update README
Luke Howard [Mon, 16 May 2011 08:58:53 +0000 (10:58 +0200)]
Add readme for Samba
Luke Howard [Mon, 16 May 2011 08:20:34 +0000 (10:20 +0200)]
cleanup getFragmentedAttribute