moonshot [Mon, 4 Apr 2011 18:46:29 +0000 (14:46 -0400)]
Hack: force complete to be true
The version of the mech glue we're using requires complete for gss_userok.
That's a bug but it is easier to work around that here than to fix in the mechglue
Sam Hartman [Tue, 10 May 2011 00:22:08 +0000 (20:22 -0400)]
Don't cast get_provider to const when not ssigning to a const variable
Sam Hartman [Tue, 10 May 2011 00:21:49 +0000 (20:21 -0400)]
Remove inappropriate const from cast
Sam Hartman [Wed, 4 May 2011 23:58:40 +0000 (19:58 -0400)]
debian libeap: pull in patch to enable tls
Sam Hartman [Thu, 5 May 2011 00:00:44 +0000 (20:00 -0400)]
debian: autoreconf
Sam Hartman [Wed, 4 May 2011 22:42:45 +0000 (18:42 -0400)]
Enable TLS in libeap
* Enable TLS in libeap
* Force mutual authentication
Sam Hartman [Wed, 4 May 2011 22:41:02 +0000 (18:41 -0400)]
libeap: enable TLS internal client and server
moonshot [Mon, 4 Apr 2011 18:47:27 +0000 (14:47 -0400)]
hack: force mutual to be true
Force mutual to be true for the vm-integ brach so ssh works
Sam Hartman [Wed, 27 Apr 2011 18:37:54 +0000 (14:37 -0400)]
Depend on libfreeradius-dev
Sam Hartman [Wed, 27 Apr 2011 17:48:28 +0000 (13:48 -0400)]
Merge remote branch 'origin/master' into debian
Conflicts:
libradsec
moonshot/libeap
source_packages
Sam Hartman [Wed, 27 Apr 2011 17:47:40 +0000 (13:47 -0400)]
Include makefile.in for debian
Sam Hartman [Wed, 27 Apr 2011 17:41:58 +0000 (13:41 -0400)]
Depend on libjansson-dev
Luke Howard [Wed, 27 Apr 2011 16:59:22 +0000 (18:59 +0200)]
reinstate -DEAP_XXX defines for now
Luke Howard [Wed, 27 Apr 2011 15:44:38 +0000 (17:44 +0200)]
cleanup autogen.sh
Luke Howard [Wed, 27 Apr 2011 15:13:13 +0000 (17:13 +0200)]
fix mech_eap build on OS X
Luke Howard [Wed, 27 Apr 2011 15:12:58 +0000 (17:12 +0200)]
include missing objects for functioning libeap.a
Luke Howard [Wed, 27 Apr 2011 15:01:32 +0000 (17:01 +0200)]
update libeap for CONFIG_FIPS fix
Luke Howard [Wed, 27 Apr 2011 14:57:15 +0000 (16:57 +0200)]
remove CONFIG_FIPS substitutions when building md5-non-fips.c
Luke Howard [Wed, 27 Apr 2011 14:45:14 +0000 (16:45 +0200)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Wed, 27 Apr 2011 14:44:29 +0000 (16:44 +0200)]
export gssspi_authorize_localname
Luke Howard [Wed, 27 Apr 2011 14:42:16 +0000 (16:42 +0200)]
remove @EAP_LDFLAGS@, no longer exists
Sam Hartman [Wed, 27 Apr 2011 14:23:16 +0000 (10:23 -0400)]
Update libeap
Luke Howard [Wed, 27 Apr 2011 14:11:21 +0000 (16:11 +0200)]
include gssspi_authorize_localname
Luke Howard [Wed, 27 Apr 2011 14:11:05 +0000 (16:11 +0200)]
silent-rules unknown with my version of automake
Luke Howard [Wed, 27 Apr 2011 14:10:49 +0000 (16:10 +0200)]
move autogen.sh to top level
Luke Howard [Wed, 27 Apr 2011 14:10:05 +0000 (16:10 +0200)]
add gssspi_authorize_localname() stub
Sam Hartman [Wed, 27 Apr 2011 13:51:43 +0000 (09:51 -0400)]
Merge branch 'master' of ssh://moonshot.suchdamage.org/srv/git/moonshot
Sam Hartman [Wed, 27 Apr 2011 13:42:28 +0000 (09:42 -0400)]
autoreconf
Sam Hartman [Wed, 27 Apr 2011 13:41:24 +0000 (09:41 -0400)]
debian directory
Sam Hartman [Tue, 26 Apr 2011 20:53:34 +0000 (16:53 -0400)]
Merge branch 'master' into debian
Conflicts:
libeap
Sam Hartman [Tue, 26 Apr 2011 18:20:10 +0000 (14:20 -0400)]
Rearrange moonshot to have libeap as a subproject
Pull in libeap and build against a libtool convenience library for it.
Sam Hartman [Tue, 26 Apr 2011 15:27:45 +0000 (11:27 -0400)]
automake build system
Provide an automake build system to generate an libeap convenience
library for moonshot
Sam Hartman [Mon, 25 Apr 2011 17:33:27 +0000 (13:33 -0400)]
Merge remote-tracking branch 'origin/master' into debian
Conflicts:
.gitmodules
shibboleth/opensaml2
shibboleth/sp
shibboleth/xmltooling
source_packages
Luke Howard [Fri, 22 Apr 2011 10:58:20 +0000 (12:58 +0200)]
Change krbCred member to reauthCred to better clarify purpose
Luke Howard [Fri, 22 Apr 2011 06:13:15 +0000 (08:13 +0200)]
libeap is now C++ clean, remove workaround
Luke Howard [Thu, 21 Apr 2011 18:21:19 +0000 (20:21 +0200)]
s/kerberosCtx/reauthCtx/g
Luke Howard [Tue, 19 Apr 2011 18:49:28 +0000 (20:49 +0200)]
send a composite name token instead of a sec context to shib
Luke Howard [Tue, 19 Apr 2011 16:58:38 +0000 (18:58 +0200)]
Allow composite names in GSS_C_NT_EXPORT_NAME
Luke Howard [Thu, 7 Apr 2011 14:55:52 +0000 (00:55 +1000)]
properly account for other package directories when building AD plugin
Luke Howard [Tue, 5 Apr 2011 01:22:13 +0000 (11:22 +1000)]
don't allow setting of binary SAML attribute values, for now
Luke Howard [Mon, 4 Apr 2011 23:49:27 +0000 (09:49 +1000)]
check syntax before decoding base64 encoded SAML attributes
Luke Howard [Mon, 4 Apr 2011 15:50:12 +0000 (01:50 +1000)]
don't return GSS_S_CREDENTIALS_EXPIRED if no expiry time
Luke Howard [Mon, 4 Apr 2011 15:41:18 +0000 (01:41 +1000)]
return GSS_S_CREDENTIALS_EXPIRED if credentials expired
Luke Howard [Mon, 4 Apr 2011 15:20:22 +0000 (01:20 +1000)]
Luke Howard [Sun, 3 Apr 2011 09:14:42 +0000 (19:14 +1000)]
automatically decode base64 encoded SAML values
Luke Howard [Sun, 3 Apr 2011 09:07:14 +0000 (19:07 +1000)]
refactor unknown attribute syntax detection
Luke Howard [Sun, 3 Apr 2011 08:32:44 +0000 (18:32 +1000)]
try to guard against multiple shibboleth library initializations
Luke Howard [Sun, 3 Apr 2011 07:57:09 +0000 (17:57 +1000)]
Don't crash if there are zero valued attributes
Luke Howard [Sat, 2 Apr 2011 01:05:31 +0000 (12:05 +1100)]
XML string memory management cleanups
Luke Howard [Sat, 2 Apr 2011 13:06:33 +0000 (00:06 +1100)]
return assertion also in display_value; do not assume value
and display_value parameters are non-NULL
Luke Howard [Fri, 1 Apr 2011 02:24:44 +0000 (13:24 +1100)]
fix incorrect usage of XMLString::transcode, assumes strings NUL termianted
Luke Howard [Fri, 1 Apr 2011 01:15:08 +0000 (12:15 +1100)]
set name type to GSS_C_NT_USER_NAME if NAI
This allows us to canonicalize the name easily to another mechanism, so it
can be used for protocol transition.
Luke Howard [Thu, 31 Mar 2011 07:55:25 +0000 (18:55 +1100)]
If RADIUS returns a present but empty PW_USER_NAME, treat as anonymous.
Luke Howard [Thu, 31 Mar 2011 07:54:20 +0000 (18:54 +1100)]
set GSS_C_NT_ANONYMOUS only for completely anonymous
Luke Howard [Thu, 31 Mar 2011 07:47:09 +0000 (18:47 +1100)]
indentation fix
Luke Howard [Thu, 31 Mar 2011 07:30:26 +0000 (18:30 +1100)]
Use empty name for anonymous name
Luke Howard [Wed, 30 Mar 2011 04:36:02 +0000 (15:36 +1100)]
exception handling-related cleanup
Luke Howard [Wed, 30 Mar 2011 04:30:37 +0000 (15:30 +1100)]
fix shib reentrancy regression in recent commit
Luke Howard [Wed, 30 Mar 2011 04:03:11 +0000 (15:03 +1100)]
allow gssEapSaveStatusInfo to reset status to NULL
Luke Howard [Wed, 30 Mar 2011 04:01:43 +0000 (15:01 +1100)]
save Shibboleth exception code in GSS per-thread status
Luke Howard [Wed, 30 Mar 2011 04:01:11 +0000 (15:01 +1100)]
refactory: s/initFrom/initWith/g
Luke Howard [Wed, 30 Mar 2011 04:00:04 +0000 (15:00 +1100)]
fix exception to GSS error code mapping
Luke Howard [Wed, 30 Mar 2011 00:18:39 +0000 (11:18 +1100)]
fix an incorrect assertion in unknown RADIUS attribute handling
Luke Howard [Tue, 29 Mar 2011 15:57:48 +0000 (02:57 +1100)]
fix uninitialized variable major
Luke Howard [Tue, 29 Mar 2011 15:52:13 +0000 (02:52 +1100)]
reorder variables in shib client
Luke Howard [Tue, 29 Mar 2011 15:51:08 +0000 (02:51 +1100)]
mark all Shib attributes as authenticated
Luke Howard [Tue, 29 Mar 2011 15:41:15 +0000 (02:41 +1100)]
allow unknown attributes to be binary or string
Luke Howard [Tue, 29 Mar 2011 15:28:47 +0000 (02:28 +1100)]
add better JSON type checking to RADIUS decoder
Luke Howard [Tue, 29 Mar 2011 14:58:32 +0000 (01:58 +1100)]
fix various bugs in DDF/JSON bridge
Luke Howard [Tue, 29 Mar 2011 14:01:38 +0000 (01:01 +1100)]
persist RADIUS attr provider authentication status exported context
Luke Howard [Tue, 29 Mar 2011 13:53:35 +0000 (00:53 +1100)]
tag security context token with mechanism OID for feeding to mechglue
Luke Howard [Tue, 29 Mar 2011 13:49:59 +0000 (00:49 +1100)]
allow complete/authenticated params to be NULL
Luke Howard [Tue, 29 Mar 2011 02:18:53 +0000 (13:18 +1100)]
better propagation of bad name token errors
Luke Howard [Tue, 29 Mar 2011 01:01:18 +0000 (12:01 +1100)]
cleanup shib attr provider a little
Luke Howard [Tue, 29 Mar 2011 00:25:32 +0000 (11:25 +1100)]
Allow Shibboleth initialization failure to be non-fatal
Luke Howard [Mon, 28 Mar 2011 23:01:18 +0000 (10:01 +1100)]
correct importing of partial attribute contexts
Conflicts:
mech_eap/import_sec_context.c
Luke Howard [Mon, 28 Mar 2011 22:06:48 +0000 (09:06 +1100)]
Refactor export reentrancy fix to be less intrusive
Luke Howard [Mon, 28 Mar 2011 15:26:52 +0000 (02:26 +1100)]
don't assert !CTX_FLAG_KRB_REAUTH when exporting partial contexts,
we may need this path for local attribute provider reentrancy
Luke Howard [Mon, 28 Mar 2011 15:10:42 +0000 (02:10 +1100)]
send exported GSS context token to shibresolver
Luke Howard [Mon, 28 Mar 2011 14:58:03 +0000 (01:58 +1100)]
add export_sec_context variant that does not reenter local attribute path
Luke Howard [Mon, 28 Mar 2011 14:32:38 +0000 (01:32 +1100)]
use gss_eap_util namespace for utility functions until we
put everything in its own namespace
Luke Howard [Mon, 28 Mar 2011 06:18:22 +0000 (17:18 +1100)]
comment out dumping code
Luke Howard [Mon, 28 Mar 2011 06:15:15 +0000 (17:15 +1100)]
DDF bridging not entirely toll free
Luke Howard [Mon, 28 Mar 2011 06:14:15 +0000 (17:14 +1100)]
cleanup
Luke Howard [Mon, 28 Mar 2011 06:12:51 +0000 (17:12 +1100)]
cleanup
Luke Howard [Mon, 28 Mar 2011 06:07:43 +0000 (17:07 +1100)]
add JSON utility class
Luke Howard [Sun, 27 Mar 2011 23:51:43 +0000 (10:51 +1100)]
remove ROKEN_LIB_FUNCTION
Luke Howard [Sun, 27 Mar 2011 15:21:27 +0000 (02:21 +1100)]
use JSON instead of DDF marshalling
use our own base64 routines
Luke Howard [Sat, 26 Mar 2011 15:16:40 +0000 (02:16 +1100)]
in progress use DDF to serialise names
get DDF marshalling working
remove debugging statement
Luke Howard [Sun, 27 Mar 2011 22:47:48 +0000 (09:47 +1100)]
make attribute prefix a class method
Luke Howard [Sun, 27 Mar 2011 01:52:43 +0000 (12:52 +1100)]
check provider enabled before non-marshalled initializing
Luke Howard [Sat, 26 Mar 2011 15:17:39 +0000 (02:17 +1100)]
fix missing return statement in importing attributes
Luke Howard [Sat, 26 Mar 2011 03:53:57 +0000 (14:53 +1100)]
cleanup, fix uninitialized variable warning
Luke Howard [Sat, 26 Mar 2011 03:27:51 +0000 (14:27 +1100)]
comments on attribute context import
Luke Howard [Sat, 26 Mar 2011 03:19:07 +0000 (14:19 +1100)]
Include locally resolved attributes in composite name token
Luke Howard [Sat, 26 Mar 2011 00:01:07 +0000 (11:01 +1100)]
don't use C++ comments
Scott Cantor [Fri, 25 Mar 2011 13:50:38 +0000 (14:50 +0100)]
Stop setting appID to the acceptor name, adjust handling of resolver object.
Scott Cantor [Fri, 25 Mar 2011 14:06:14 +0000 (15:06 +0100)]
Use serialized values out of resolver instead of raw string values.
Luke Howard [Fri, 25 Mar 2011 12:32:15 +0000 (23:32 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Luke Howard [Fri, 25 Mar 2011 12:31:20 +0000 (23:31 +1100)]
Treat missing attribute name format as UNSPECIFIED
Patch from Scott Cantor
projects / mech_eap.orig / log