Margaret Wasserman [Fri, 5 Sep 2014 10:54:05 +0000 (06:54 -0400)]
Merge branch 'gssweb-apache' of moonshot.suchdamage.org:/srv/git/mod_auth_kerb into gssweb-apache
Margaret Wasserman [Fri, 5 Sep 2014 10:52:29 +0000 (06:52 -0400)]
Update the protocol description to match current code and include additonal detaisl about encoding, etc.
Sam Hartman [Fri, 5 Sep 2014 10:07:24 +0000 (06:07 -0400)]
Don't include newlines in base64 encodings
Sam Hartman [Wed, 3 Sep 2014 20:35:30 +0000 (16:35 -0400)]
Include connection keep-alive
Margaret Wasserman [Wed, 3 Sep 2014 20:34:13 +0000 (16:34 -0400)]
Break gss_get_conn_ctx() into two functions, on that retrieves a context, and one that creates a new one. Make corresponding changes in both modules.
Sam Hartman [Wed, 3 Sep 2014 13:51:51 +0000 (09:51 -0400)]
Don't use output_token after free
Margaret Wasserman [Wed, 3 Sep 2014 13:46:54 +0000 (09:46 -0400)]
Base64 encode application data, instead of escaping. Fix typo in protocol. Add debug statement to test code.
Sam Hartman [Tue, 2 Sep 2014 17:44:40 +0000 (13:44 -0400)]
Fix client to continue
Margaret Wasserman [Tue, 2 Sep 2014 15:21:13 +0000 (11:21 -0400)]
Fix bugs with code to escape quotes.
Margaret Wasserman [Tue, 2 Sep 2014 12:02:12 +0000 (08:02 -0400)]
Updates/fixes to gssweb filter code.
Margaret Wasserman [Wed, 20 Aug 2014 13:31:09 +0000 (09:31 -0400)]
Filter is successfully called, still needs to do job properly.
Margaret Wasserman [Wed, 13 Aug 2014 20:47:34 +0000 (16:47 -0400)]
Removed backup file.
Margaret Wasserman [Wed, 13 Aug 2014 20:43:36 +0000 (16:43 -0400)]
Apache auth hook appears to work, but filter still not registered properly. Added test client.
Margaret Wasserman [Wed, 6 Aug 2014 19:30:09 +0000 (15:30 -0400)]
Add code for output filter.
Margaret Wasserman [Wed, 9 Jul 2014 21:32:28 +0000 (17:32 -0400)]
Code for gssweb module check_user hook.
Margaret Wasserman [Wed, 2 Jul 2014 11:53:54 +0000 (07:53 -0400)]
Editorial changs to protocol description.
Margaret Wasserman [Wed, 2 Jul 2014 11:42:18 +0000 (07:42 -0400)]
Added protocol description for GSS Web authentication.
Margaret Wasserman [Sun, 29 Jun 2014 11:31:08 +0000 (07:31 -0400)]
Cleanly separate gssapi (negotiate) auth code from (future) gssweb auth code.
Margaret Wasserman [Sun, 29 Jun 2014 11:10:30 +0000 (07:10 -0400)]
Remove static qualifier from non-static funtions, finish .h reorg.
Margaret Wasserman [Sun, 29 Jun 2014 11:03:52 +0000 (07:03 -0400)]
Update include files to match code refactoring for two modules.
Margaret Wasserman [Sun, 29 Jun 2014 10:15:53 +0000 (06:15 -0400)]
Add gssweb sources
Margaret Wasserman [Sun, 29 Jun 2014 10:12:29 +0000 (06:12 -0400)]
Add auth_gssweb module to makefile
Margaret Wasserman [Wed, 18 Jun 2014 19:30:26 +0000 (15:30 -0400)]
Refactor existing mod_auth_gssapi code to support addition of gssweb module.
Margaret Wasserman [Tue, 3 Jun 2014 19:40:52 +0000 (15:40 -0400)]
Add install-sh to mod-auth-kerb directory
Sam Hartman [Mon, 3 Feb 2014 10:08:56 +0000 (05:08 -0500)]
Merge branch 'moonshot-negotiate' of file:///srv/git/mod_auth_kerb
Luke Howard [Sun, 25 Sep 2011 13:40:47 +0000 (23:40 +1000)]
use "Negotiate" mechanism
Sam Hartman [Mon, 9 May 2011 21:07:23 +0000 (17:07 -0400)]
Build fixes to support DESTDIR
kouril [Fri, 6 May 2011 09:47:25 +0000 (09:47 +0000)]
license and copyright statements
kouril [Fri, 1 Apr 2011 10:45:06 +0000 (10:45 +0000)]
Return even last token on GSS errors
kouril [Mon, 28 Mar 2011 20:21:23 +0000 (20:21 +0000)]
Adding testing CLI client (based off the Heimdal testing sample)
kouril [Mon, 28 Mar 2011 20:12:22 +0000 (20:12 +0000)]
Improved building
kouril [Mon, 28 Mar 2011 19:13:37 +0000 (19:13 +0000)]
Fixed building with gss libs (by Sam Hartman)
kouril [Wed, 15 Dec 2010 13:25:05 +0000 (13:25 +0000)]
importing current version of mod_auth_gssapi
kouril [Wed, 15 Dec 2010 13:24:09 +0000 (13:24 +0000)]
removed "legacy" of mod_auth_kerb
kouril [Wed, 15 Dec 2010 13:18:18 +0000 (13:18 +0000)]
removed unnecessary files
kouril [Thu, 22 Jul 2010 09:13:54 +0000 (09:13 +0000)]
Better r.e. to prevent from substituing empty strings on some platforms
kouril [Tue, 11 Aug 2009 07:37:27 +0000 (07:37 +0000)]
remove some cc warnings (thanks to Joe Orton)
kouril [Tue, 11 Aug 2009 07:26:14 +0000 (07:26 +0000)]
- own up Kerberos in the resulting mechanism id
- return an error when the client wants multiple iterations of GSSAPI authN
baalberith [Tue, 5 May 2009 12:39:52 +0000 (12:39 +0000)]
tweaked Basic provider support
baalberith [Fri, 17 Apr 2009 09:38:23 +0000 (09:38 +0000)]
documented KrbLocalUserMapping directive
baalberith [Thu, 16 Apr 2009 17:26:02 +0000 (17:26 +0000)]
ticket [2421120], added krb5-config command locating
baalberith [Mon, 9 Mar 2009 19:52:17 +0000 (19:52 +0000)]
fixed return value when using basic provider to pass the auth to other modules (in case of fail).
baalberith [Thu, 5 Mar 2009 17:30:45 +0000 (17:30 +0000)]
forgot something
baalberith [Thu, 5 Mar 2009 17:06:20 +0000 (17:06 +0000)]
code reorganization caused by last update
baalberith [Fri, 27 Feb 2009 00:07:08 +0000 (00:07 +0000)]
added password verification invocation vie the AuthBasicProvider with krb value
baalberith [Thu, 4 Dec 2008 10:14:03 +0000 (10:14 +0000)]
increased version number
baalberith [Thu, 4 Dec 2008 10:11:35 +0000 (10:11 +0000)]
changelog
baalberith [Thu, 4 Dec 2008 09:48:00 +0000 (09:48 +0000)]
added changelog
baalberith [Tue, 2 Dec 2008 15:17:17 +0000 (15:17 +0000)]
removed compilation warnings
baalberith [Tue, 2 Dec 2008 15:01:17 +0000 (15:01 +0000)]
reverted to 1.146, this will be part of another commit
baalberith [Tue, 2 Dec 2008 14:49:13 +0000 (14:49 +0000)]
moved sed command to its own script(for BSD with non-GNU make users) + improved configure script to correctly handle with --with-krb5=yes
baalberith [Sun, 19 Oct 2008 19:25:44 +0000 (19:25 +0000)]
tickets [ 1427467 ], [ 1399384 ], [ 1169067 ], [ 1289096 ] implemented KrbServiceName Any for password auth
baalberith [Tue, 14 Oct 2008 19:00:50 +0000 (19:00 +0000)]
fixed bug [1323202] Configure script doesnt correctly handle "--with-krb5"
baalberith [Tue, 14 Oct 2008 10:59:19 +0000 (10:59 +0000)]
accepted ticket [1859455]: <sys/types.h> should be included explicitly
baalberith [Sat, 11 Oct 2008 23:09:00 +0000 (23:09 +0000)]
accepted ticket [1707336]: Include valid options when calling krb5_get_init_creds_passw
baalberith [Wed, 8 Oct 2008 20:12:10 +0000 (20:12 +0000)]
rewriten already_succeeded function, tickets [ 1774288 ], [ 1891230 ]
baalberith [Sat, 4 Oct 2008 08:51:17 +0000 (08:51 +0000)]
fixed threading issues as described in ticket [ 1971514 ]
baalberith [Thu, 2 Oct 2008 11:01:01 +0000 (11:01 +0000)]
minor update "HTTP" -> default SERVICE_NAME
baalberith [Wed, 17 Sep 2008 14:01:55 +0000 (14:01 +0000)]
accepted patch [ 1809998 ] "Accept any incoming credential in keytab" with some minor changes
baalberith [Tue, 19 Aug 2008 12:29:45 +0000 (12:29 +0000)]
rewritten whole an to ln name mapping
baalberith [Wed, 13 Aug 2008 01:05:52 +0000 (01:05 +0000)]
minor update, some debugging info + better memory management
baalberith [Fri, 8 Aug 2008 11:56:55 +0000 (11:56 +0000)]
added auth name to local name mapping. Tickets [1957143], [1303627], [2013838 ], [1809803], [1373783], [1611526]
baalberith [Fri, 25 Jul 2008 22:22:03 +0000 (22:22 +0000)]
fixed [1851056] problem with password beginning with ':'
kouril [Tue, 24 Jun 2008 12:59:53 +0000 (12:59 +0000)]
Merge from the 5.3 branch (security fix). Tagged as merge_53_src, merge_53_dst, merge_53_dst_after.
kouril [Wed, 22 Nov 2006 11:11:16 +0000 (11:11 +0000)]
Logged a debug message saying if or not the client delegated his/her credential
kouril [Wed, 22 Nov 2006 10:53:53 +0000 (10:53 +0000)]
Pass the get_gss_error() call with a full request struct so it could log a debug message with the GSSAPI codes
kouril [Thu, 16 Nov 2006 08:39:36 +0000 (08:39 +0000)]
Improved displying of error messages
kouril [Mon, 6 Nov 2006 17:33:53 +0000 (17:33 +0000)]
Increased version numbers
kouril [Mon, 6 Nov 2006 15:48:45 +0000 (15:48 +0000)]
Added definition of KRB5_LIB_FUNCTION (taken from MIT), which seems not to be
included sometimes (MIT 1.5.1).
kouril [Mon, 6 Nov 2006 15:36:08 +0000 (15:36 +0000)]
The shell functions supported by BSD make:s doesn't do what we are used to from
GNU make. Added a comment with two lines which provide the same functionality
also on BSD platforms. It'd be greate if they were wrapped with a if
statetement.
kouril [Sat, 9 Sep 2006 08:01:03 +0000 (08:01 +0000)]
Use krb5_rc_resolve_full() to detect the "none" rcache type. The previous code was based on an internal function using non-public data structure.
kouril [Mon, 4 Sep 2006 10:44:17 +0000 (10:44 +0000)]
Changes in krb4 code
- switch to apr 1.x
- allow the client to specify the realm
kouril [Fri, 1 Sep 2006 11:36:19 +0000 (11:36 +0000)]
increased versions to 5.1
kouril [Fri, 1 Sep 2006 09:32:34 +0000 (09:32 +0000)]
Defined GSS_KRB5_NT_PRINCIPAL_NAME as gss_nt_krb5_name to make it work with older MITs (eg. from RH ES3)
kouril [Wed, 30 Aug 2006 06:41:51 +0000 (06:41 +0000)]
Switched to use APR 1.x
- apr 1.0 stopped shipping the compat headers defining old ap_* calls
kouril [Wed, 30 Aug 2006 06:38:14 +0000 (06:38 +0000)]
changed type to unsigned to be consistent with prototype
kouril [Thu, 24 Aug 2006 11:43:07 +0000 (11:43 +0000)]
Added context declaration
kouril [Thu, 24 Aug 2006 10:50:32 +0000 (10:50 +0000)]
Better check if SPNEGO is supported by the kerberos implementation. Patch accepted from https://sourceforge.net/tracker/?func=detail&atid=464526&aid=1533173&group_id=51775
kouril [Thu, 24 Aug 2006 10:48:38 +0000 (10:48 +0000)]
Detect if the "none" replay cache type is supported before enforcing its use
kouril [Tue, 15 Aug 2006 13:35:53 +0000 (13:35 +0000)]
Bumbed version
kouril [Tue, 15 Aug 2006 13:14:27 +0000 (13:14 +0000)]
typo in error message
kouril [Tue, 15 Aug 2006 12:58:01 +0000 (12:58 +0000)]
Better solution to the "array type has incomplete element type" problem
kouril [Tue, 15 Aug 2006 12:48:26 +0000 (12:48 +0000)]
Compatibilizing define's are pulled out from apr_compat.h and apu_compat.h
kouril [Tue, 15 Aug 2006 12:42:03 +0000 (12:42 +0000)]
The KRB5RCACHETYPE variable is set in initialization calls. Its parameter is allocated using strdup().
kouril [Tue, 15 Aug 2006 11:34:49 +0000 (11:34 +0000)]
Some calls declared static to make gcc stop complainig about non existing prototypes
kouril [Tue, 15 Aug 2006 11:31:52 +0000 (11:31 +0000)]
Ignore .libs
kouril [Tue, 15 Aug 2006 11:08:19 +0000 (11:08 +0000)]
Ignore *.lo, *.slo
kouril [Tue, 15 Aug 2006 10:34:28 +0000 (10:34 +0000)]
Commented out ContextFlags_units, which makes problem on SuSE 10
kouril [Tue, 15 Aug 2006 10:21:46 +0000 (10:21 +0000)]
Try also locating apxs2 binary if apxs isn't found
kouril [Sat, 22 Apr 2006 12:46:53 +0000 (12:46 +0000)]
- Use the KRB5RCACHETYPE variable to disable the replay attacks checks in
MIT 1.4
- Make the 1.3 hack more robust, it tryies to verify it works with 1.3 libs
(it crashes with 1.4)
(patches submited from Russ Allbery and Jari Ahonen)
kouril [Tue, 28 Feb 2006 23:01:44 +0000 (23:01 +0000)]
Bumped version
kouril [Mon, 20 Feb 2006 21:46:35 +0000 (21:46 +0000)]
Wrap compiler and linker options passed via apxs
kouril [Mon, 20 Feb 2006 21:38:28 +0000 (21:38 +0000)]
#ifdef 0 doesn't work
kouril [Sun, 19 Feb 2006 21:45:05 +0000 (21:45 +0000)]
Bumped years in Licenses and similar stuff
kouril [Sun, 19 Feb 2006 21:04:44 +0000 (21:04 +0000)]
Typo (fix for bug 1424794)
kouril [Sun, 19 Feb 2006 14:58:41 +0000 (14:58 +0000)]
Commented out all KrbEnableSSLPreauthentication related stuff as it depends on
the mod_ssl internals (ssl_var_lookup).
kouril [Thu, 2 Feb 2006 15:35:42 +0000 (15:35 +0000)]
Added SSL_preauthentication option
kouril [Fri, 5 Aug 2005 15:16:29 +0000 (15:16 +0000)]
- Don't build the SPNEGO library at all if using latest heimdal (or another
distributions supporting SPNEGO, are there any?)
- Changed the semantics of the KrbServiceName directive. It can contain not
only the service name (HTTP) but also a full principal name that will be used
for authentication of the server. This should help in solving some DNS
issues.
kouril [Wed, 8 Jun 2005 10:36:46 +0000 (10:36 +0000)]
- renamed enum CONTEXT into KERB_CTXT to address name clashes on Windows
- added a few missing calling conventions to the calls
(thanks to Pascal Davoust, 20 May 2005 14:56:15)
kouril [Wed, 8 Jun 2005 10:32:55 +0000 (10:32 +0000)]
- Be more compatible with the development apache branch. Allow working with
APR 1.x and 2.2.
- Avoid some warnings
(thanks to Joe Orton for this patch, 23 May 2005 14:00:57)