From: Luke Howard Date: Wed, 14 Sep 2011 06:11:37 +0000 (+1000) Subject: Merge branch 'windows' X-Git-Tag: tr-beta1~106 X-Git-Url: http://www.project-moonshot.org/gitweb/?p=moonshot.git;a=commitdiff_plain;h=9da959f11ebc69e0ae63bc3464b258d161d01cd2 Merge branch 'windows' Conflicts: moonshot/configure.ac moonshot/mech_eap/Makefile.am moonshot/mech_eap/accept_sec_context.c moonshot/mech_eap/acquire_cred.c moonshot/mech_eap/add_cred.c moonshot/mech_eap/add_cred_with_password.c moonshot/mech_eap/canonicalize_name.c moonshot/mech_eap/compare_name.c moonshot/mech_eap/context_time.c moonshot/mech_eap/delete_name_attribute.c moonshot/mech_eap/delete_sec_context.c moonshot/mech_eap/display_name.c moonshot/mech_eap/display_name_ext.c moonshot/mech_eap/display_status.c moonshot/mech_eap/duplicate_name.c moonshot/mech_eap/eap_mech.c moonshot/mech_eap/export_name.c moonshot/mech_eap/export_name_composite.c moonshot/mech_eap/export_sec_context.c moonshot/mech_eap/get_mic.c moonshot/mech_eap/get_name_attribute.c moonshot/mech_eap/gssapiP_eap.h moonshot/mech_eap/import_name.c moonshot/mech_eap/import_sec_context.c moonshot/mech_eap/indicate_mechs.c moonshot/mech_eap/init_sec_context.c moonshot/mech_eap/inquire_attrs_for_mech.c moonshot/mech_eap/inquire_context.c moonshot/mech_eap/inquire_cred.c moonshot/mech_eap/inquire_cred_by_oid.c moonshot/mech_eap/inquire_mech_for_saslname.c moonshot/mech_eap/inquire_mechs_for_name.c moonshot/mech_eap/inquire_name.c moonshot/mech_eap/inquire_names_for_mech.c moonshot/mech_eap/inquire_saslname_for_mech.c moonshot/mech_eap/inquire_sec_context_by_oid.c moonshot/mech_eap/map_name_to_any.c moonshot/mech_eap/process_context_token.c moonshot/mech_eap/pseudo_random.c moonshot/mech_eap/release_any_name_mapping.c moonshot/mech_eap/release_cred.c moonshot/mech_eap/release_name.c moonshot/mech_eap/set_name_attribute.c moonshot/mech_eap/set_sec_context_option.c moonshot/mech_eap/store_cred.c moonshot/mech_eap/unwrap.c moonshot/mech_eap/unwrap_iov.c moonshot/mech_eap/util.h moonshot/mech_eap/util_context.c moonshot/mech_eap/util_cred.c moonshot/mech_eap/util_krb.c moonshot/mech_eap/util_name.c moonshot/mech_eap/util_tld.c moonshot/mech_eap/verify_mic.c moonshot/mech_eap/wrap.c moonshot/mech_eap/wrap_iov.c moonshot/mech_eap/wrap_iov_length.c moonshot/mech_eap/wrap_size_limit.c --- 9da959f11ebc69e0ae63bc3464b258d161d01cd2 diff --cc moonshot/acinclude.m4 index 8ecdd9c,336332a..ea542db --- a/moonshot/acinclude.m4 +++ b/moonshot/acinclude.m4 @@@ -1,5 -1,5 +1,13 @@@ dnl Based on the one from the Boinc project by Reinhard ++AC_DEFUN([AX_CHECK_WINDOWS], ++[AC_MSG_CHECKING(for windows) ++target_windows="no" ++AC_CHECK_HEADER(windows.h,[target_windows="yes"],[target_windows="no"]) ++AC_MSG_RESULT($target_windows) ++AM_CONDITIONAL(TARGET_WINDOWS,test "x$target_windows" = "xyes") ++])dnl ++ AC_DEFUN([AX_CHECK_KRB5], [AC_MSG_CHECKING(for GSS-API and Kerberos implementation) KRB5_DIR= @@@ -13,12 -20,12 +21,18 @@@ for dir in $check_krb5_dir $prefix /us krb5dir="$dir" if test -x "$dir/bin/krb5-config"; then found_krb5="yes"; -- KRB5_CFLAGS=`$dir/bin/krb5-config gssapi --cflags`; -- KRB5_LIBS=`$dir/bin/krb5-config gssapi --libs`; -- COMPILE_ET="$dir/bin/compile_et"; ++ if test "x$target_windows" = "xyes"; then ++ KRB5_CFLAGS=-I"$check_krb5_dir/include"; ++ KRB5_LIBS="-L$check_krb5_dir/lib/ -lkrb5_32 -lgssapi32"; ++ COMPILE_ET="$check_krb5_dir/bin/compile_et"; ++ else ++ KRB5_CFLAGS=`$dir/bin/krb5-config gssapi --cflags`; ++ KRB5_LIBS=`$dir/bin/krb5-config gssapi --libs`; ++ COMPILE_ET="$dir/bin/compile_et"; ++ fi break; fi -done]) +done AC_MSG_RESULT($found_krb5) if test x_$found_krb5 != x_yes; then AC_MSG_ERROR([ diff --cc moonshot/configure.ac index b70e29e,5948d74..3d77b93 --- a/moonshot/configure.ac +++ b/moonshot/configure.ac @@@ -2,11 -2,15 +2,15 @@@ AC_PREREQ([2.61] AC_INIT([mech_eap], [0.1], [bugs@project-moonshot.org]) dnl AC_CONFIG_MACRO_DIR([m4]) dnl AM_INIT_AUTOMAKE([silent-rules]) + AC_USE_SYSTEM_EXTENSIONS + AC_GNU_SOURCE AM_INIT_AUTOMAKE + AM_PROG_CC_C_O + AM_MAINTAINER_MODE() -LT_PREREQ([2.4]) +LT_PREREQ([2.2]) - LT_INIT([dlopen disable-static]) + LT_INIT([dlopen disable-static win32-dll]) - AC_PROG_CC + dnl AC_PROG_CC AC_PROG_CXX AC_CONFIG_HEADERS([config.h]) AC_CHECK_HEADERS(stdarg.h stdio.h stdint.h sys/param.h) @@@ -66,17 -69,13 +69,18 @@@ AM_CONDITIONAL(GSSEAP_ENABLE_ACCEPTOR, AC_SUBST(TARGET_CFLAGS) AC_SUBST(TARGET_LDFLAGS) + AX_CHECK_WINDOWS AX_CHECK_KRB5 -AM_CONDITIONAL(HEIMDAL, test "x$heimdal" != "xno") -dnl AX_CHECK_EAP -if test "x$acceptor" = "xyes" ; then +AX_CHECK_OPENSAML +AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no") + +AX_CHECK_SHIBRESOLVER +AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no") +if test x_$found_shibresolver = x_yes; then AX_CHECK_SHIBSP - AX_CHECK_SHIBRESOLVER +fi + +if test "x$acceptor" = "xyes" ; then AX_CHECK_RADSEC AX_CHECK_JANSSON fi diff --cc moonshot/mech_eap/Makefile.am index c07f6ab,4ccdabe..ba6e8dd --- a/moonshot/mech_eap/Makefile.am +++ b/moonshot/mech_eap/Makefile.am @@@ -4,32 -4,33 +4,46 @@@ gssincludedir = $(includedir)/gssap gssinclude_HEADERS = gssapi_eap.h EAP_CFLAGS = -I$(srcdir)/../libeap/src -I$(srcdir)/../libeap/src/common -I$(srcdir)/../libeap/src/eap_common \ - -I$(srcdir)/../libeap/src/utils \ - -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL + -I$(srcdir)/../libeap/src/utils +if GSSEAP_ENABLE_ACCEPTOR +GSSEAP_EXPORTS = mech_eap.exports +else +GSSEAP_EXPORTS = mech_eap-noacceptor.exports +endif + gssdir = $(libdir)/gss gss_LTLIBRARIES = mech_eap.la + + if TARGET_WINDOWS + EAP_CFLAGS += -DCONFIG_WIN32_DEFAULTS -DUSE_INTERNAL_CRYPTO + OS_LIBS = -lshell32 -ladvapi32 -lws2_32 -lcomerr32 + mech_eap_la_CFLAGS = -Zi + mech_eap_la_CXXFLAGS = -Zi + else + EAP_CFLAGS += -DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL + OS_LIBS = + mech_eap_la_CFLAGS = -Werror -Wall -Wunused-parameter + mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter + endif + mech_eap_la_CPPFLAGS = -DBUILD_GSSEAP_LIB -DSYSCONFDIR=\"${sysconfdir}\" -DDATAROOTDIR=\"${datarootdir}\" -mech_eap_la_CFLAGS += @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS) -mech_eap_la_CXXFLAGS += @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS) +mech_eap_la_CFLAGS = -Werror -Wall -Wunused-parameter \ + @KRB5_CFLAGS@ @RADSEC_CFLAGS@ @TARGET_CFLAGS@ $(EAP_CFLAGS) +mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter \ + @KRB5_CFLAGS@ @RADSEC_CFLAGS@ \ + @OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \ + @TARGET_CFLAGS@ $(EAP_CFLAGS) mech_eap_la_LDFLAGS = -avoid-version -module \ - -export-symbols $(srcdir)/mech_eap.exports -no-undefined \ + -export-symbols $(GSSEAP_EXPORTS) -no-undefined \ @RADSEC_LDFLAGS@ @TARGET_LDFLAGS@ -mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \ - @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@ $(OS_LIBS) $(LTLIBOBJS) ++if TARGET_WINDOWS ++mech_eap_la_LDFLAGS += -debug ++endif + +mech_eap_la_LIBADD = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \ + @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@ - mech_eap_la_SOURCES = \ - accept_sec_context.c \ acquire_cred.c \ acquire_cred_with_password.c \ add_cred.c \ @@@ -148,4 -137,4 +162,3 @@@ radsec_err.c: radsec_err. clean-generic: rm -f gsseap_err.[ch] radsec_err.[ch] - -endif diff --cc moonshot/mech_eap/gssapiP_eap.h index c0fd894,a2ce5d6..cd5315d --- a/moonshot/mech_eap/gssapiP_eap.h +++ b/moonshot/mech_eap/gssapiP_eap.h @@@ -97,6 -86,13 +97,10 @@@ extern "C" #endif #include #include + -////Because freeradius/autoconf.h is evil! -////#undef uint16_t -////#undef uint32_t -////#undef uint8_t + #undef pid_t + ++/* libradsec headers */ #include #include #ifdef __cplusplus diff --cc moonshot/mech_eap/import_sec_context.c index 1b9c0ad,8854bf4..a2a712c --- a/moonshot/mech_eap/import_sec_context.c +++ b/moonshot/mech_eap/import_sec_context.c @@@ -321,7 -321,6 +321,7 @@@ gssEapImportContext(OM_uint32 *minor #ifdef GSSEAP_DEBUG assert(remain == 0); #endif - #endif ++#endif /* GSSEAP_ENABLE_ACCEPTOR */ major = GSS_S_COMPLETE; *minor = 0; diff --cc moonshot/mech_eap/util.h index 5f0bc9d,6e35fd4..ae83923 --- a/moonshot/mech_eap/util.h +++ b/moonshot/mech_eap/util.h @@@ -85,8 -84,8 +85,8 @@@ extern "C" #define MIN(_a,_b) ((_a)<(_b)?(_a):(_b)) #endif - #if !defined(WIN32) && (!(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))) + #if !defined(WIN32) && !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) -#define GSSEAP_UNUSED __attribute__ ((__unused__)) +#define GSSEAP_UNUSED __attribute__ ((__unused__)) #else #define GSSEAP_UNUSED #endif @@@ -773,32 -715,26 +773,30 @@@ verifyTokenHeader(OM_uint32 *minor } while (0) #ifdef WIN32 + #include -#define GSSEAP_MUTEX CRITICAL_SECTION -// wrapper for EnterCriticalSection() to provide return value -inline int win32_mutex_init(CRITICAL_SECTION* m) -{ - EnterCriticalSection(m); - return 0; -} -#define GSSEAP_MUTEX_INIT(m) win32_mutex_init((m)) +#define GSSEAP_GET_LAST_ERROR() (GetLastError()) + +#define GSSEAP_MUTEX CRITICAL_SECTION - +#define GSSEAP_MUTEX_INIT(m) (InitializeCriticalSection((m)), 0) #define GSSEAP_MUTEX_DESTROY(m) DeleteCriticalSection((m)) #define GSSEAP_MUTEX_LOCK(m) EnterCriticalSection((m)) #define GSSEAP_MUTEX_UNLOCK(m) LeaveCriticalSection((m)) - /* XXX yet to implement thread-local wrappers */ ++/* Thread-local is handled separately */ + +#define GSSEAP_THREAD_ONCE INIT_ONCE +#define GSSEAP_ONCE(o, i) InitOnceExecuteOnce((o), (i)) +#define GSSEAP_ONCE_INITIALIZER INIT_ONCE_STATIC_INIT + #else + #include -#define GSSEAP_MUTEX pthread_mutex_t -#define GSSEAP_MUTEX_INITIALIZER PTHREAD_MUTEX_INITIALIZER +#define GSSEAP_GET_LAST_ERROR() (errno) +#define GSSEAP_MUTEX pthread_mutex_t - #define GSSEAP_MUTEX_INIT(m) pthread_mutex_init((m), NULL) #define GSSEAP_MUTEX_DESTROY(m) pthread_mutex_destroy((m)) #define GSSEAP_MUTEX_LOCK(m) pthread_mutex_lock((m)) @@@ -988,8 -906,8 +986,8 @@@ gssEapDestroyKrbContext(krb5_context co #ifdef GSSEAP_ENABLE_ACCEPTOR #include "util_json.h" #include "util_attr.h" -#endif #include "util_base64.h" - #endif ++#endif /* GSSEAP_ENABLE_ACCEPTOR */ #ifdef GSSEAP_ENABLE_REAUTH #include "util_reauth.h" #endif diff --cc moonshot/mech_eap/util_context.c index 61b9b23,8ff6c50..78c3636 --- a/moonshot/mech_eap/util_context.c +++ b/moonshot/mech_eap/util_context.c @@@ -120,15 -120,14 +120,15 @@@ gssEapReleaseContext(OM_uint32 *minor if (ctx->flags & CTX_FLAG_KRB_REAUTH) { gssDeleteSecContext(&tmpMinor, &ctx->reauthCtx, GSS_C_NO_BUFFER); } else --#endif ++#endif /* GSSEAP_ENABLE_REAUTH */ if (CTX_IS_INITIATOR(ctx)) { releaseInitiatorContext(&ctx->initiatorCtx); - } else { + } #ifdef GSSEAP_ENABLE_ACCEPTOR + else { releaseAcceptorContext(&ctx->acceptorCtx); -#endif } - #endif ++#endif /* GSSEAP_ENABLE_ACCEPTOR */ krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key); gssEapReleaseName(&tmpMinor, &ctx->initiatorName); diff --cc moonshot/mech_eap/util_cred.c index 856c0a5,40a8c11..bd5bf66 --- a/moonshot/mech_eap/util_cred.c +++ b/moonshot/mech_eap/util_cred.c @@@ -36,11 -36,20 +36,12 @@@ #include "gssapiP_eap.h" -#if defined(WIN32) -/*This didn't work for me(Alexey) when Visual Studio 2005 Express is used: */ -#include -/*This didn't work for me(Kevin) when Visual Studio 2010 Express is used: */ -/*#include */ - -#if !defined(snprintf) -#define snprintf _snprintf -#endif - +#ifdef WIN32 - #include ++# include /* may need to use ShFolder.h instead */ ++# include #else --#include ++# include #endif -#include /* for BUFSIZ */ OM_uint32 gssEapAllocCred(OM_uint32 *minor, gss_cred_id_t *pCred) @@@ -149,16 -144,11 +150,16 @@@ readStaticIdentityFile(OM_uint32 *minor ccacheName = getenv("GSSEAP_IDENTITY"); if (ccacheName == NULL) { -#if !defined(WIN32) - if (getpwuid_r(getuid(), &pwd, pwbuf, sizeof(pwbuf), &pw) != 0 || - pw == NULL || pw->pw_dir == NULL) { +#ifdef WIN32 + TCHAR szPath[MAX_PATH]; + + if (!SUCCEEDED(SHGetFolderPath(NULL, + CSIDL_APPDATA, /* |CSIDL_FLAG_CREATE */ + NULL, /* User access token */ - 0, ++ 0, /* SHGFP_TYPE_CURRENT */ + szPath))) { major = GSS_S_CRED_UNAVAIL; - *minor = GetLastError(); - *minor = errno; ++ *minor = GSSEAP_GET_LAST_ERROR(); /* XXX */ goto cleanup; } diff --cc moonshot/mech_eap/util_krb.c index 8589aa0,73cf108..d56c7a8 --- a/moonshot/mech_eap/util_krb.c +++ b/moonshot/mech_eap/util_krb.c @@@ -85,15 -84,16 +85,14 @@@ gssEapKerberosInit(OM_uint32 *minor, kr *minor = 0; tld = gssEapGetThreadLocalData(); - if (tld) - { - *context = tld->context; + if (tld != NULL) { + *context = tld->krbContext; if (*context == NULL) { *minor = initKrbContext(context); - if (*minor == 0) { - tld->context = *context; - } + if (*minor == 0) + tld->krbContext = *context; } } - return *minor == 0 ? GSS_S_COMPLETE : GSS_S_FAILURE; } diff --cc moonshot/mech_eap/util_radius.h index da790ab,82d12cb..d209347 --- a/moonshot/mech_eap/util_radius.h +++ b/moonshot/mech_eap/util_radius.h @@@ -154,6 -154,7 +154,7 @@@ OM_uint3 gssEapRadiusMapError(OM_uint32 *minor, struct rs_error *err); -////This really need to be a function call on Windows ++/* This really needs to be a function call on Windows */ #define RS_CONFIG_FILE SYSCONFDIR "/radsec.conf" #define VENDORPEC_MS 311 /* RFC 2548 */ diff --cc moonshot/mech_eap/util_tld.c index 2e1ddfa,7679233..f6feeba --- a/moonshot/mech_eap/util_tld.c +++ b/moonshot/mech_eap/util_tld.c @@@ -30,10 -30,13 +30,11 @@@ * SUCH DAMAGE. */ -/* Access all thread-local data through these methods which - * use pthreads to manage thread-local memory on Unix and TlsFoo() on Windows. - * This would be more flexible, scalable, and extensible - * if implemented through a callback interface, but given that - * there are currently only two 'clients', hard-coding seems more - * straightforward +/* - * Thread local data abstraction. ++ * Thread local data abstraction, using pthreads on Unix and the TlsXXX ++ * APIs on Windows. */ + #include "gssapiP_eap.h" /* Clean up thread-local data; called on thread detach */ @@@ -137,18 -147,14 +138,19 @@@ struct gss_eap_thread_local_data gssEapGetThreadLocalData() { struct gss_eap_thread_local_data *tld; + GSSEAP_ONCE(&tldKeyOnce, createThreadLocalDataKey); + tld = GSSEAP_GETSPECIFIC(tldKey); - if (!tld) - { + if (tld == NULL) { tld = GSSEAP_CALLOC(1, sizeof(*tld)); + if (tld == NULL) + return NULL; + GSSEAP_SETSPECIFIC(tldKey, tld); } + return tld; } + #endif /* WIN32 */