Luke Howard [Wed, 5 Oct 2011 22:44:51 +0000 (09:44 +1100)]
use RFC3961 checksums for CB/exts MIC
Sam Hartman [Thu, 13 Oct 2011 13:55:00 +0000 (09:55 -0400)]
Fix merge conflict
Sam hartman [Mon, 10 Oct 2011 13:46:46 +0000 (14:46 +0100)]
Add freeradius to rpath; disable ui integration from spec for now
Sam hartman [Sat, 8 Oct 2011 14:54:59 +0000 (15:54 +0100)]
Spec file update
Sam hartman [Fri, 16 Sep 2011 18:56:38 +0000 (19:56 +0100)]
Update libeap to include make dist
Sam hartman [Fri, 16 Sep 2011 18:41:51 +0000 (19:41 +0100)]
make dist: distribute sources
Distribute headers so that make dist works
Include headers in built sources to fix dependencies for parallel builds
Distribute exports files and require that the resulting library depend on them
Luke Howard [Fri, 7 Oct 2011 14:39:32 +0000 (01:39 +1100)]
Don't fail if password supplied by caller
If the libmoonshot or static (file-based) identity resolver fails, and
the caller provided a password via gss_acquire_cred_with_password(), then
resolving the credential should not fail.
Luke Howard [Fri, 7 Oct 2011 07:06:57 +0000 (18:06 +1100)]
fix incorrect reauth cred assert check
Luke Howard [Thu, 6 Oct 2011 10:34:10 +0000 (21:34 +1100)]
note about whether initiator cred lock is required
Luke Howard [Thu, 6 Oct 2011 10:29:55 +0000 (21:29 +1100)]
remove unnecessary cred lock in acceptor
Luke Howard [Wed, 5 Oct 2011 07:47:39 +0000 (18:47 +1100)]
allow building without libmoonshot
Luke Howard [Wed, 5 Oct 2011 02:22:38 +0000 (13:22 +1100)]
poke buildbot
Luke Howard [Wed, 5 Oct 2011 02:07:47 +0000 (13:07 +1100)]
initialize major in gss_query_meta_data
Luke Howard [Wed, 5 Oct 2011 01:56:19 +0000 (12:56 +1100)]
Merge branch 'master' into negoex
Luke Howard [Mon, 3 Oct 2011 23:22:14 +0000 (10:22 +1100)]
NegoEx SPIs
Luke Howard [Thu, 22 Sep 2011 09:24:09 +0000 (19:24 +1000)]
check radsec config when acquiring acceptor cred
Luke Howard [Tue, 20 Sep 2011 13:44:28 +0000 (23:44 +1000)]
note gssEapAcquireCred should validate RADIUS config
Luke Howard [Tue, 20 Sep 2011 02:21:43 +0000 (12:21 +1000)]
Fix regression where error tokens were not being sent
Luke Howard [Mon, 19 Sep 2011 12:49:16 +0000 (22:49 +1000)]
Add GSSEAP_NO_LOCAL_MAPPING error
Luke Howard [Mon, 19 Sep 2011 08:58:52 +0000 (18:58 +1000)]
use krb5_auth_con_setlocalsubkey on Heimdal
Luke Howard [Sun, 18 Sep 2011 03:39:51 +0000 (13:39 +1000)]
Add CRED_FLAG_TARGET
Set a flag indicating whether the credential has been bound to a service
Luke Howard [Sat, 17 Sep 2011 09:25:16 +0000 (19:25 +1000)]
Simplify verify_mic path
Allow verify_mic, wrapped on top of the IOV routines, to pass in a single
HEADER buffer rather than needing to understand the underlying split between
header and trailer.
Luke Howard [Sat, 17 Sep 2011 07:47:01 +0000 (17:47 +1000)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Sat, 17 Sep 2011 07:32:28 +0000 (17:32 +1000)]
make sure imported sec context keys correctly allocated
Luke Howard [Sat, 17 Sep 2011 06:24:53 +0000 (16:24 +1000)]
PRF/random_to_key allocation fix
MIT and Heimdal uses different allocation strategies
(caller-allocates, callee-allocates) for the same functions,
unfortunately.
Conflicts:
moonshot/mech_eap/util.h
Luke Howard [Fri, 16 Sep 2011 23:46:06 +0000 (09:46 +1000)]
use calloc to match with Heimdal (heim_alloc not exported)
Luke Howard [Sat, 17 Sep 2011 06:17:57 +0000 (16:17 +1000)]
create TLD on-demand for threads started pre-DLL load
Conflicts:
moonshot/mech_eap/util_tld.c
Luke Howard [Fri, 16 Sep 2011 22:10:21 +0000 (08:10 +1000)]
more cleanup of TLD
Luke Howard [Fri, 16 Sep 2011 21:49:44 +0000 (07:49 +1000)]
general cleanup of TLD init
Sam hartman [Fri, 16 Sep 2011 18:56:45 +0000 (19:56 +0100)]
mech_eap.spec: new redhat packaging
Add build infrastructure to generate spec file.
Sam hartman [Fri, 16 Sep 2011 18:56:38 +0000 (19:56 +0100)]
Update libeap to include make dist
Sam hartman [Fri, 16 Sep 2011 18:43:04 +0000 (19:43 +0100)]
Fix unused variable in non-acceptor mode
Sam hartman [Fri, 16 Sep 2011 18:41:51 +0000 (19:41 +0100)]
make dist: distribute sources
Distribute headers so that make dist works
Include headers in built sources to fix dependencies for parallel builds
Distribute exports files and require that the resulting library depend on them
Sam hartman [Fri, 16 Sep 2011 18:40:41 +0000 (19:40 +0100)]
make dist: distribute sources
Distribute enough sources that a tar includes a set sufficient to build
Sam hartman [Fri, 16 Sep 2011 15:17:53 +0000 (16:17 +0100)]
Makefile: build fixes
mech_eap_la_CFLAGS was multiply defined.
Also, disable-acceptor sources were set incorrectly.
Sam hartman [Fri, 16 Sep 2011 15:16:28 +0000 (16:16 +0100)]
configure: GNU_SOURCE is redundant
You only want either use_extensions or gnu_source. use_extensions is
the modern preferred way to enable gnu_source.
This commit fixes a lot of useless warnings at autoreconf time.
Sam Hartman [Fri, 16 Sep 2011 15:13:03 +0000 (16:13 +0100)]
configure: support krb5 --with-system-et
If the system et and compile_et are used, then compile_et may not be
in the krb5 directory; support this.
Luke Howard [Fri, 16 Sep 2011 14:02:34 +0000 (00:02 +1000)]
More careful matching of alloc/free functions
Luke Howard [Fri, 16 Sep 2011 06:14:48 +0000 (16:14 +1000)]
use GSSEAP_ASSERT macro instead of assert
Luke Howard [Fri, 16 Sep 2011 05:37:50 +0000 (15:37 +1000)]
don't release TLS data in DLL_PROCESS_DETACH
Luke Howard [Fri, 16 Sep 2011 05:02:31 +0000 (15:02 +1000)]
Don't assert fail on Windows if mech does not init
Luke Howard [Thu, 15 Sep 2011 09:19:35 +0000 (19:19 +1000)]
include Windows-specific GSS flags in flags token
Luke Howard [Wed, 14 Sep 2011 15:23:42 +0000 (01:23 +1000)]
Windows acceptor build fixes
Windows will require C++ clean FreeRADIUS headers
another Windows acceptor-side fix
Conflicts:
moonshot/mech_eap/util.h
Luke Howard [Wed, 14 Sep 2011 07:30:06 +0000 (17:30 +1000)]
make gssEapImportContext un-static for other internal consumers
Luke Howard [Wed, 14 Sep 2011 06:38:55 +0000 (16:38 +1000)]
add gssEapPseudoRandom for internal consumers
Luke Howard [Wed, 14 Sep 2011 06:12:34 +0000 (16:12 +1000)]
Merge remote-tracking branch 'origin/windows'
Luke Howard [Wed, 14 Sep 2011 06:11:37 +0000 (16:11 +1000)]
Merge branch 'windows'
Conflicts:
moonshot/configure.ac
moonshot/mech_eap/Makefile.am
moonshot/mech_eap/accept_sec_context.c
moonshot/mech_eap/acquire_cred.c
moonshot/mech_eap/add_cred.c
moonshot/mech_eap/add_cred_with_password.c
moonshot/mech_eap/canonicalize_name.c
moonshot/mech_eap/compare_name.c
moonshot/mech_eap/context_time.c
moonshot/mech_eap/delete_name_attribute.c
moonshot/mech_eap/delete_sec_context.c
moonshot/mech_eap/display_name.c
moonshot/mech_eap/display_name_ext.c
moonshot/mech_eap/display_status.c
moonshot/mech_eap/duplicate_name.c
moonshot/mech_eap/eap_mech.c
moonshot/mech_eap/export_name.c
moonshot/mech_eap/export_name_composite.c
moonshot/mech_eap/export_sec_context.c
moonshot/mech_eap/get_mic.c
moonshot/mech_eap/get_name_attribute.c
moonshot/mech_eap/gssapiP_eap.h
moonshot/mech_eap/import_name.c
moonshot/mech_eap/import_sec_context.c
moonshot/mech_eap/indicate_mechs.c
moonshot/mech_eap/init_sec_context.c
moonshot/mech_eap/inquire_attrs_for_mech.c
moonshot/mech_eap/inquire_context.c
moonshot/mech_eap/inquire_cred.c
moonshot/mech_eap/inquire_cred_by_oid.c
moonshot/mech_eap/inquire_mech_for_saslname.c
moonshot/mech_eap/inquire_mechs_for_name.c
moonshot/mech_eap/inquire_name.c
moonshot/mech_eap/inquire_names_for_mech.c
moonshot/mech_eap/inquire_saslname_for_mech.c
moonshot/mech_eap/inquire_sec_context_by_oid.c
moonshot/mech_eap/map_name_to_any.c
moonshot/mech_eap/process_context_token.c
moonshot/mech_eap/pseudo_random.c
moonshot/mech_eap/release_any_name_mapping.c
moonshot/mech_eap/release_cred.c
moonshot/mech_eap/release_name.c
moonshot/mech_eap/set_name_attribute.c
moonshot/mech_eap/set_sec_context_option.c
moonshot/mech_eap/store_cred.c
moonshot/mech_eap/unwrap.c
moonshot/mech_eap/unwrap_iov.c
moonshot/mech_eap/util.h
moonshot/mech_eap/util_context.c
moonshot/mech_eap/util_cred.c
moonshot/mech_eap/util_krb.c
moonshot/mech_eap/util_name.c
moonshot/mech_eap/util_tld.c
moonshot/mech_eap/verify_mic.c
moonshot/mech_eap/wrap.c
moonshot/mech_eap/wrap_iov.c
moonshot/mech_eap/wrap_iov_length.c
moonshot/mech_eap/wrap_size_limit.c
Luke Howard [Wed, 14 Sep 2011 05:16:24 +0000 (15:16 +1000)]
implement gssEapSetCredService
Sam Hartman [Wed, 14 Sep 2011 00:26:03 +0000 (20:26 -0400)]
Build fixes for non-Windows
Luke Howard [Tue, 13 Sep 2011 07:16:39 +0000 (17:16 +1000)]
avoid too many reallocs when parsing tokens
Luke Howard [Tue, 13 Sep 2011 07:01:56 +0000 (17:01 +1000)]
restore inquire_name, regressed in earlier commit
Luke Howard [Tue, 13 Sep 2011 06:39:22 +0000 (16:39 +1000)]
separate gss_display_status into inner/outer APIs
Luke Howard [Tue, 13 Sep 2011 06:37:15 +0000 (16:37 +1000)]
no vasprintf() on Win32
Luke Howard [Tue, 13 Sep 2011 06:28:51 +0000 (16:28 +1000)]
call eap_mech constructors from DllMain
Luke Howard [Tue, 13 Sep 2011 06:27:28 +0000 (16:27 +1000)]
fix signedness on krb5_data data member
(at least for MIT)
Luke Howard [Tue, 13 Sep 2011 05:29:19 +0000 (15:29 +1000)]
add GET_LAST_ERROR macro
Luke Howard [Tue, 13 Sep 2011 05:08:02 +0000 (15:08 +1000)]
cast to match signedness
Luke Howard [Tue, 13 Sep 2011 05:11:51 +0000 (15:11 +1000)]
cast void * to unsigned char * for Heimdal compat
Luke Howard [Tue, 13 Sep 2011 05:22:38 +0000 (15:22 +1000)]
more build fixes for Windows
Luke Howard [Tue, 13 Sep 2011 05:14:27 +0000 (15:14 +1000)]
merge static credentials file locator from windows branch
Luke Howard [Tue, 13 Sep 2011 05:02:41 +0000 (15:02 +1000)]
Merge TLD code from Windows port, after cleanup
Luke Howard [Tue, 13 Sep 2011 04:16:17 +0000 (14:16 +1000)]
build without RADIUS-related headers if no acceptor
Luke Howard [Mon, 12 Sep 2011 22:42:07 +0000 (08:42 +1000)]
make it possible to build without acceptor
Luke Howard [Mon, 12 Sep 2011 12:07:17 +0000 (22:07 +1000)]
make possible build without OpenSAML and/or Shib
Luke Howard [Mon, 12 Sep 2011 03:32:34 +0000 (13:32 +1000)]
merge a few Win32 build fixes
Luke Howard [Sat, 10 Sep 2011 21:30:35 +0000 (22:30 +0100)]
separate {init,accept}_sec_context into gss_/gssEap pattern
Luke Howard [Sat, 10 Sep 2011 19:12:08 +0000 (20:12 +0100)]
add GSS_EAP_CRED_SET_CRED_PASSWORD cred option
Luke Howard [Sat, 10 Sep 2011 17:49:27 +0000 (18:49 +0100)]
add GSSEAP_CONSTRUCTOR/DESTRUCTOR macro
Luke Howard [Sat, 10 Sep 2011 17:45:48 +0000 (18:45 +0100)]
use GSSAPI_CALLCONV for exported SPIs
Luke Howard [Sat, 10 Sep 2011 09:31:20 +0000 (10:31 +0100)]
update TODO
Luke Howard [Fri, 9 Sep 2011 22:51:04 +0000 (23:51 +0100)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Luke Howard [Fri, 9 Sep 2011 22:44:04 +0000 (23:44 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Wed, 7 Sep 2011 13:33:19 +0000 (14:33 +0100)]
support for libmoonshot identity selector
Luke Howard [Fri, 9 Sep 2011 21:17:56 +0000 (22:17 +0100)]
Merge branch 'master' into ext-mic
Luke Howard [Fri, 9 Sep 2011 21:16:45 +0000 (22:16 +0100)]
remove unused toktype2 variable
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Fri, 9 Sep 2011 21:14:19 +0000 (22:14 +0100)]
remove unused EAP state machine variable
Luke Howard [Fri, 9 Sep 2011 21:12:48 +0000 (22:12 +0100)]
Check error return from vasprintf: string is undefined on error
From: Sam Hartman <hartmans@painless-security.com>
Luke Howard [Tue, 6 Sep 2011 10:23:56 +0000 (11:23 +0100)]
Update assert to reflect protected subtoken length
Luke Howard [Sat, 16 Jul 2011 11:59:31 +0000 (11:59 +0000)]
Merge branch 'ext-mic' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot into ext-mic
Conflicts:
moonshot/mech_eap/util_context.c
Luke Howard [Sat, 16 Jul 2011 11:56:54 +0000 (11:56 +0000)]
integrity protect subtoken length
Luke Howard [Thu, 19 May 2011 15:14:48 +0000 (17:14 +0200)]
integrity protect extension token exchange
Luke Howard [Thu, 19 May 2011 15:02:25 +0000 (17:02 +0200)]
send GSS flags
Luke Howard [Sat, 16 Jul 2011 11:46:34 +0000 (11:46 +0000)]
remove getFeatures() hack when initialising Shib
Shibboleth now supports multiple initializations
Sam Hartman [Fri, 1 Jul 2011 10:46:41 +0000 (06:46 -0400)]
test use = not == for string compare
Sam Hartman [Fri, 1 Jul 2011 10:46:23 +0000 (06:46 -0400)]
Depend on libtool 2.4 so Windows build works
Kevin Wasserman [Thu, 30 Jun 2011 16:15:46 +0000 (12:15 -0400)]
Changes to Autoconf/Automake configuration files for windows port.
Added AX_CHECK_WINDOWS macro to specify TARGET_WINDOWS when windows.h exists.
Special handling for krb5: hard-code include and lib paths relative
to the --with-krb5 directory.
Add -Zi compile flag and -debug link flags on windows;
remove -Werror -Wall -Wunused-paramater; I should find and add msvc equivalents
use -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO instead of myriad -DEAP_FOO.
Kevin Wasserman [Thu, 30 Jun 2011 15:27:10 +0000 (11:27 -0400)]
va_copy() fix for vasprintf
memcpy, not memcmp; but don't even bother since assignment is sufficient.
Added comment explaining usage of va_copy and the extremely unlikely
scenario that could cause this code to fail.
Kevin Wasserman [Thu, 30 Jun 2011 13:48:10 +0000 (09:48 -0400)]
Consolidate thread-local data.
Also add windows versions of MUTEX macros.
Together, these changes eliminate dependency on pthread for windows and
centralize the platform-specific code to deal with thread-local storage.
Kevin Wasserman [Tue, 28 Jun 2011 18:32:42 +0000 (14:32 -0400)]
Add #include <includes.h> to gssapiP_eap.h.
Kevin Wasserman [Tue, 28 Jun 2011 18:30:01 +0000 (14:30 -0400)]
for VS2010, need to include Shlobj.h instead of ShFolder.h
Kevin Wasserman [Tue, 28 Jun 2011 18:28:13 +0000 (14:28 -0400)]
Fix unreferenced parameter warnings.
...in the functions in inquire_cred_by_oid.c and set_sec_context_option.c
that used to throw zero-sized array errors under msvc
Kevin Wasserman [Tue, 28 Jun 2011 18:06:45 +0000 (14:06 -0400)]
call gssEapInquireName() only when --enable-acceptor=yes
Kevin Wasserman [Tue, 28 Jun 2011 18:04:50 +0000 (14:04 -0400)]
Only call gssEapMapNameToAny()/gssEapReleaseAnyNameMapping() when --enable-acceptor=yes.
Kevin Wasserman [Tue, 28 Jun 2011 17:17:10 +0000 (13:17 -0400)]
Don't check IS_RADIUS_ERROR() unless --enable-acceptor=yes.
Eliminates radius dependency from windows port.
Kevin Wasserman [Tue, 28 Jun 2011 17:07:27 +0000 (13:07 -0400)]
Added vasprintf.c
For systems (e.g. windows) lacking native vasprintf. Cribbed from krb5 with minor modification.
Kevin Wasserman [Tue, 28 Jun 2011 16:55:11 +0000 (12:55 -0400)]
remove unnecessary win32/config.h and win32/et/come_err.h
Kevin Wasserman [Tue, 21 Jun 2011 14:00:06 +0000 (10:00 -0400)]
Other Windows changes and debug comments
This patch is fixing remaining compilation errors. It also emphasizes
other things that need fixing on Windows.
Kevin Wasserman [Tue, 21 Jun 2011 13:25:31 +0000 (09:25 -0400)]
Define __attribute__ macro as nothing on Windows
__attribute__((constructor)), __attribute__((destructor)) and
__attribute__((unused)) are now expanded to nothing on Windows,
so that the code can compile
Alexey Melnikov [Mon, 13 Jun 2011 17:41:10 +0000 (18:41 +0100)]
Windows VC doesn't like empty arrays
This causes compilation error, so the code is ifdefed out on Windows
Alexey Melnikov [Mon, 13 Jun 2011 17:41:02 +0000 (18:41 +0100)]
Use SHGetFolderPath(APPDATA) on Windows to correctly find out location of the config file