Luke Howard [Tue, 8 Mar 2011 07:11:46 +0000 (18:11 +1100)]
for state transitions through gssEapSmTransition
Luke Howard [Tue, 8 Mar 2011 07:05:32 +0000 (18:05 +1100)]
more cleanup on TLV
Luke Howard [Tue, 8 Mar 2011 07:02:55 +0000 (18:02 +1100)]
cleanup TLV code
Luke Howard [Tue, 8 Mar 2011 06:41:24 +0000 (17:41 +1100)]
cleanup, refactor TLV code
Luke Howard [Tue, 8 Mar 2011 06:24:09 +0000 (17:24 +1100)]
get GSS-EAP working again with TLV
Luke Howard [Tue, 8 Mar 2011 02:50:46 +0000 (13:50 +1100)]
make state transition explicit rather than side-effect of GSS status code
Luke Howard [Tue, 8 Mar 2011 02:32:56 +0000 (13:32 +1100)]
initial TLV refactor
Sam Hartman [Tue, 8 Mar 2011 02:36:17 +0000 (21:36 -0500)]
Minimal build system for eap library
force -fPIC
Sam Hartman [Tue, 8 Mar 2011 02:35:46 +0000 (21:35 -0500)]
Try building with eap from source tree
Sam Hartman [Tue, 8 Mar 2011 02:08:46 +0000 (21:08 -0500)]
mark *_err.c as built sources
Sam Hartman [Tue, 8 Mar 2011 01:46:45 +0000 (20:46 -0500)]
Look for mech_eap dependencies in
Luke Howard [Fri, 4 Mar 2011 11:38:24 +0000 (22:38 +1100)]
always sent User-Name and GSS-* attributes
Luke Howard [Fri, 4 Mar 2011 11:38:04 +0000 (22:38 +1100)]
update for latest radsec
Luke Howard [Thu, 3 Mar 2011 01:25:22 +0000 (12:25 +1100)]
Cleanup readme
Luke Howard [Wed, 2 Mar 2011 05:46:08 +0000 (16:46 +1100)]
Sent @REALM in EAP identity response
Luke Howard [Wed, 2 Mar 2011 02:43:16 +0000 (13:43 +1100)]
Some additional README notes
Luke Howard [Wed, 2 Mar 2011 02:42:34 +0000 (13:42 +1100)]
Use anonymous name if we have not initiator identity
Luke Howard [Tue, 1 Mar 2011 23:59:39 +0000 (10:59 +1100)]
Use libeap API for constructing EAP identity request packet
Luke Howard [Tue, 1 Mar 2011 23:53:18 +0000 (10:53 +1100)]
Forward EAP identity response as RADIUS user name
Luke Howard [Tue, 1 Mar 2011 23:31:54 +0000 (10:31 +1100)]
Add dictionary file with UKERNA attributes
Luke Howard [Mon, 28 Feb 2011 23:16:24 +0000 (10:16 +1100)]
Don't leak packet if request object creation fails
Luke Howard [Mon, 28 Feb 2011 23:16:07 +0000 (10:16 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Conflicts:
mech_eap/accept_sec_context.c
Luke Howard [Mon, 28 Feb 2011 22:54:45 +0000 (09:54 +1100)]
Fix a couple of crashers in case of invalid radsec configuration
Luke Howard [Mon, 28 Feb 2011 22:48:15 +0000 (09:48 +1100)]
Update for libradsec changes
Sam Hartman [Mon, 28 Feb 2011 22:04:12 +0000 (17:04 -0500)]
display_status: fix logic error
transposition of next and p
Sam Hartman [Mon, 28 Feb 2011 21:37:24 +0000 (16:37 -0500)]
accept_sec_context: only destroy request if it is populated
Sam Hartman [Mon, 28 Feb 2011 16:22:44 +0000 (11:22 -0500)]
Fix com_err build targets
Make didn't have rules for building gsseap_err.c or radsec_err.c.
Sam Hartman [Sat, 26 Feb 2011 21:24:27 +0000 (16:24 -0500)]
Don't depend on log4shib
Shibboleth can be built with log4shib or log4cpp. We don't need to
make an explicit dependency; shared library search will do that for
us on most common platforms and I believe all we care about.
Luke Howard [Sat, 22 Jan 2011 00:18:18 +0000 (11:18 +1100)]
Update copyrights for 2011
Luke Howard [Sat, 22 Jan 2011 00:10:12 +0000 (11:10 +1100)]
Note that /etc/gss/mech is not implementation-specific
Luke Howard [Fri, 21 Jan 2011 23:41:46 +0000 (10:41 +1100)]
update for libradsec API change
rs_packet_create_acc_request is now rs_packet_create_auth_request
Luke Howard [Sun, 9 Jan 2011 08:58:12 +0000 (19:58 +1100)]
fix typo, update
Luke Howard [Mon, 3 Jan 2011 11:55:01 +0000 (22:55 +1100)]
Remove some Heimdal compatibility macros, now have patches for Heimdal
Luke Howard [Mon, 3 Jan 2011 06:16:44 +0000 (17:16 +1100)]
remove gss_any_t definition, will patch this into Heimdal
Luke Howard [Mon, 3 Jan 2011 01:11:01 +0000 (12:11 +1100)]
remove @TARGET_LIBS@, they don't exist
Luke Howard [Mon, 3 Jan 2011 00:55:44 +0000 (11:55 +1100)]
reorder shibresolver/shibsp link
Luke Howard [Sun, 2 Jan 2011 09:43:10 +0000 (20:43 +1100)]
Cleanup
Luke Howard [Sun, 2 Jan 2011 09:20:07 +0000 (20:20 +1100)]
correctly construct KRB-CRED for Heimdal reauth
Luke Howard [Sun, 2 Jan 2011 08:57:19 +0000 (19:57 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Reauth fixes
Conflicts:
shibboleth/opensaml2
shibboleth/sp
Luke Howard [Sun, 2 Jan 2011 07:45:54 +0000 (18:45 +1100)]
Get default credentials for acceptor context too
Luke Howard [Sun, 2 Jan 2011 07:33:38 +0000 (18:33 +1100)]
Allow zero length but non-NULL tokens on init_sec_context
Luke Howard [Sun, 2 Jan 2011 04:25:55 +0000 (15:25 +1100)]
Add GSSEAP_MISSING_PASSWORD minor status code
Luke Howard [Sat, 1 Jan 2011 12:39:37 +0000 (23:39 +1100)]
update for current EAP draft
Luke Howard [Sat, 1 Jan 2011 12:38:10 +0000 (23:38 +1100)]
update Lucid code for Heimdal
Luke Howard [Sat, 1 Jan 2011 12:18:18 +0000 (23:18 +1100)]
More Heimdal portability cleanups
Luke Howard [Sat, 1 Jan 2011 12:16:20 +0000 (23:16 +1100)]
Heimdal portability cleanups
Luke Howard [Sat, 1 Jan 2011 11:11:30 +0000 (22:11 +1100)]
update notes
Luke Howard [Sat, 1 Jan 2011 11:07:43 +0000 (22:07 +1100)]
MIT build fixes
Luke Howard [Sat, 1 Jan 2011 11:05:34 +0000 (22:05 +1100)]
More Heimdal reauth portability
Luke Howard [Sat, 1 Jan 2011 10:04:41 +0000 (21:04 +1100)]
Fix some warnings
Luke Howard [Sat, 1 Jan 2011 10:01:20 +0000 (21:01 +1100)]
Partial build of reauth code against Heimdal
Luke Howard [Fri, 31 Dec 2010 08:45:03 +0000 (19:45 +1100)]
Heimdal portability fixes (except for reauth)
Luke Howard [Sat, 4 Dec 2010 01:52:16 +0000 (12:52 +1100)]
Ensure checksum type is keyed
Luke Howard [Sun, 21 Nov 2010 14:19:30 +0000 (01:19 +1100)]
When processing error tokens at the initiator, verify minor status
code is valid wire error with new IS_WIRE_ERROR macro
Luke Howard [Thu, 11 Nov 2010 03:37:05 +0000 (14:37 +1100)]
fix incorrect OID in sample documentation
Luke Howard [Thu, 11 Nov 2010 03:36:16 +0000 (14:36 +1100)]
note sample radsec.conf
Sam Hartman [Sun, 31 Oct 2010 21:38:26 +0000 (17:38 -0400)]
Merge branch 'master' into debian
Conflicts:
shibboleth/opensaml2
shibboleth/xmltooling
Luke Howard [Tue, 26 Oct 2010 23:22:36 +0000 (10:22 +1100)]
gssEapCreateAttrContext should not mutate context fields directly
Luke Howard [Tue, 26 Oct 2010 22:00:42 +0000 (09:00 +1100)]
Set *conf_state on successful return from
gss_krb5int_make_seal_token_v3_iov, fixing a case where it wasn't
always set by gss_wrap_iov. Patch from aberry@likewise.com.
Luke Howard [Mon, 25 Oct 2010 22:42:50 +0000 (09:42 +1100)]
cleanup
Luke Howard [Mon, 25 Oct 2010 22:35:20 +0000 (09:35 +1100)]
Enable libeap debugging iff GSSEAP_DEBUG defined
Luke Howard [Mon, 25 Oct 2010 21:34:42 +0000 (08:34 +1100)]
If we can't make reauth creds, return GSS_S_UNAVAILABLE
Luke Howard [Mon, 25 Oct 2010 21:12:37 +0000 (08:12 +1100)]
export gssspi_set_cred_option
Luke Howard [Mon, 25 Oct 2010 12:06:23 +0000 (23:06 +1100)]
remove unnecessary namespace qualification
Luke Howard [Mon, 25 Oct 2010 11:45:21 +0000 (22:45 +1100)]
set cred->flags from usage before testing
Luke Howard [Mon, 25 Oct 2010 11:40:47 +0000 (22:40 +1100)]
remove some XXX markers
Luke Howard [Mon, 25 Oct 2010 06:59:40 +0000 (17:59 +1100)]
Cleanup
Luke Howard [Mon, 25 Oct 2010 06:59:14 +0000 (17:59 +1100)]
Set GSS_S_CALL_INACCESSIBLE_READ for NULL params
Luke Howard [Fri, 22 Oct 2010 01:14:41 +0000 (12:14 +1100)]
document state constants
Luke Howard [Fri, 22 Oct 2010 01:11:53 +0000 (12:11 +1100)]
cleanup some symbolic constants
Luke Howard [Thu, 21 Oct 2010 23:18:08 +0000 (10:18 +1100)]
cleanup
Luke Howard [Thu, 21 Oct 2010 23:05:37 +0000 (10:05 +1100)]
Enable rs_conn_select_server code
Luke Howard [Thu, 21 Oct 2010 13:39:27 +0000 (00:39 +1100)]
cleanup
Luke Howard [Thu, 21 Oct 2010 13:36:25 +0000 (00:36 +1100)]
map Shibboleth/OpenSAML exceptions to mech errors
Luke Howard [Thu, 21 Oct 2010 12:47:43 +0000 (23:47 +1100)]
better error code propagation when creating attr contexts
Luke Howard [Thu, 21 Oct 2010 12:17:31 +0000 (23:17 +1100)]
Return an error if attribute context initialisation fails
Luke Howard [Thu, 21 Oct 2010 04:45:51 +0000 (15:45 +1100)]
catch resolver exceptions
Luke Howard [Thu, 21 Oct 2010 04:45:48 +0000 (15:45 +1100)]
cleanup
Luke Howard [Thu, 21 Oct 2010 04:36:47 +0000 (15:36 +1100)]
fix some build issues with current resolver
Luke Howard [Tue, 19 Oct 2010 13:08:02 +0000 (00:08 +1100)]
Build with new C++ clean libeap
Luke Howard [Tue, 19 Oct 2010 13:06:12 +0000 (00:06 +1100)]
Make peer headers build with C++ sources
Luke Howard [Tue, 19 Oct 2010 12:08:57 +0000 (23:08 +1100)]
Merge branch 'master' of ssh://moonshot.suchdamage.org:822/srv/git/moonshot
Conflicts:
shibboleth/opensaml2
shibboleth/xmltooling
Luke Howard [Mon, 18 Oct 2010 22:04:59 +0000 (09:04 +1100)]
fix uninitialised return code in encodeExtensions
Jouni Malinen [Sun, 17 Oct 2010 18:36:04 +0000 (21:36 +0300)]
WPS: Do not drop subscriptions based on max queue length
UPnP event subscriptions are not supposed to be dropped based on
whether events can be delivered quickly enough. Leave dropping to
happen only based on failed deliveries to avoid issues with a burst
of events kicking out still active subscribers.
Jouni Malinen [Sun, 17 Oct 2010 18:30:25 +0000 (21:30 +0300)]
WPS UPnP: Add more priority for queuing EAP events
Jouni Malinen [Sun, 17 Oct 2010 18:24:12 +0000 (21:24 +0300)]
WPS UPnP: Throttle WLANEvent notifications to 5 per second
Do not send more than five Probe Request WLANEvent notifications
per second. Even though the limit should in theory apply to all
WLANEvents, it is better not to drop EAP notifications because
of Probe Request frames and really, the only real reason for
event bursts is Probe Request frames.
Jouni Malinen [Sun, 17 Oct 2010 17:58:58 +0000 (20:58 +0300)]
WPS: Limit Probe Request event queuing if subscriber may have left
Instead of queuing all events for a subscriber, only queue more
important events if delivery of event notifications starts failing.
This allows more time for the subscriber to recover since the maximum
queue length if not reached because of Probe Request frames only.
Jouni Malinen [Sun, 17 Oct 2010 17:57:11 +0000 (20:57 +0300)]
WPS: Schedule sending of pending events after failure
There is no point leaving these pending events waiting for something
new to trigger us to continue.
Jouni Malinen [Sun, 17 Oct 2010 17:29:28 +0000 (20:29 +0300)]
WPS: Separate local error from max queue length reached
Drop subscription only if the max queue length has been reached;
not based on any error.
Jouni Malinen [Sun, 17 Oct 2010 17:26:03 +0000 (20:26 +0300)]
WPS UPnP: Improved event notification failure processing
Instead of dropping the subscription on first failure, allow up to
10 failures before dropping. In addition, drop the callback URLs
one by one instead of full subscription if only one URL is failing.
Jouni Malinen [Sun, 17 Oct 2010 17:23:51 +0000 (20:23 +0300)]
WPS: Convert assert() to error return
Jouni Malinen [Sun, 17 Oct 2010 17:22:03 +0000 (20:22 +0300)]
WPS UPnP: Fix memory leak on retry case
The event entry needs to be freed when giving up on retries.
Jouni Malinen [Sun, 17 Oct 2010 17:20:28 +0000 (20:20 +0300)]
WPS: Add more debug info for UPnP operations
Jouni Malinen [Sun, 17 Oct 2010 17:15:08 +0000 (20:15 +0300)]
WPS: Remove unused define
This timeout value was moved to now separate HTTP client implementation.
Jouni Malinen [Sun, 17 Oct 2010 17:12:54 +0000 (20:12 +0300)]
WPS: Cleaned up URL parser not to modify const buffer
There is no need to use '\0' termination here in string parsing,
so we may as well clean this up to follow the const declaration.
Jouni Malinen [Sun, 17 Oct 2010 17:11:03 +0000 (20:11 +0300)]
WPS: Drop subscription if it does not have any valid callback address
Jouni Malinen [Sun, 17 Oct 2010 17:10:09 +0000 (20:10 +0300)]
WPS: Remove unused error path code
Jouni Malinen [Sun, 17 Oct 2010 17:07:33 +0000 (20:07 +0300)]
WPS UPnP: Fix HTTP client timeout event code
The define here was overriding the event code enum value and that
resulted in incorrect code being used and WPS UPnP code ignoring the
timeout events.
Luke Howard [Sat, 16 Oct 2010 21:06:55 +0000 (08:06 +1100)]
remove reflect error
Jouni Malinen [Sat, 16 Oct 2010 09:57:47 +0000 (12:57 +0300)]
WPS: Add virtual flags in Config Methods for WPS 2.0 if needed
This is a workaround for incorrect configuration (missing
virtual/physical identifier for config methods) for WPS 2.0 to
allow unmodified configuration from WPS 1.0 to be used while
enforcing compliant WPS 2.0 values.