From d093300bc9eaa6b4690391d10451b59470d94170 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 13 Sep 2011 08:42:07 +1000
Subject: [PATCH] make it possible to build without acceptor

---
 moonshot/acinclude.m4                         |  2 -
 moonshot/configure.ac                         | 29 +++++++++++++--
 moonshot/mech_eap/Makefile.am                 | 37 ++++++++++++-------
 moonshot/mech_eap/eap_mech.c                  |  2 +
 moonshot/mech_eap/export_sec_context.c        |  4 ++
 moonshot/mech_eap/gssapiP_eap.h               |  2 +
 moonshot/mech_eap/mech_eap-noacceptor.exports | 53 +++++++++++++++++++++++++++
 moonshot/mech_eap/mech_eap.exports            |  2 +-
 moonshot/mech_eap/util_context.c              |  7 +++-
 moonshot/mech_eap/util_name.c                 |  8 ++++
 10 files changed, 125 insertions(+), 21 deletions(-)
 create mode 100644 moonshot/mech_eap/mech_eap-noacceptor.exports

diff --git a/moonshot/acinclude.m4 b/moonshot/acinclude.m4
index c1c2224..8ecdd9c 100644
--- a/moonshot/acinclude.m4
+++ b/moonshot/acinclude.m4
@@ -188,7 +188,6 @@ else
 	AC_DEFINE_UNQUOTED([HAVE_SHIBRESOLVER], 1, [Define is Shibboleth resolver is available])
 fi
 fi
-AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
 ])dnl
 
 AC_DEFUN([AX_CHECK_OPENSAML],
@@ -232,7 +231,6 @@ else
 	AC_DEFINE_UNQUOTED([HAVE_OPENSAML], 1, [Define is OpenSAML is available])
 fi
 fi
-AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
 ])dnl
 
 AC_DEFUN([AX_CHECK_RADSEC],
diff --git a/moonshot/configure.ac b/moonshot/configure.ac
index 957a5bf..b70e29e 100644
--- a/moonshot/configure.ac
+++ b/moonshot/configure.ac
@@ -47,17 +47,40 @@ if test "x$reauth" = "xyes" ; then
 fi
 AM_CONDITIONAL(GSSEAP_ENABLE_REAUTH, test "x$reauth" != "xno")
 
+acceptor=yes
+AC_ARG_ENABLE(acceptor,
+  [  --enable-acceptor whether to enable acceptor codepaths: yes/no; default yes ],
+  [ if test "x$enableval" = "xyes" -o "x$enableval" = "xno" ; then
+      acceptor=$enableval
+    else
+      echo "--enable-acceptor argument must be yes or no"
+      exit -1
+    fi
+  ])
+
+if test "x$acceptor" = "xyes" ; then
+  echo "acceptor enabled"
+  TARGET_CFLAGS="$TARGET_CFLAGS -DGSSEAP_ENABLE_ACCEPTOR"
+fi
+AM_CONDITIONAL(GSSEAP_ENABLE_ACCEPTOR, test "x$acceptor" != "xno")
+
 AC_SUBST(TARGET_CFLAGS)
 AC_SUBST(TARGET_LDFLAGS)
 AX_CHECK_KRB5
-dnl AX_CHECK_EAP
 AX_CHECK_OPENSAML
+AM_CONDITIONAL(OPENSAML, test "x_$check_opensaml_dir" != "x_no")
+
 AX_CHECK_SHIBRESOLVER
+AM_CONDITIONAL(SHIBRESOLVER, test "x_$check_shibresolver_dir" != "x_no")
 if test x_$found_shibresolver = x_yes; then
   AX_CHECK_SHIBSP
 fi
-AX_CHECK_RADSEC
-AX_CHECK_JANSSON
+
+if test "x$acceptor" = "xyes" ; then
+  AX_CHECK_RADSEC
+  AX_CHECK_JANSSON
+fi
+
 AX_CHECK_LIBMOONSHOT
 AC_CONFIG_FILES([Makefile libeap/Makefile mech_eap/Makefile])
 AC_OUTPUT
diff --git a/moonshot/mech_eap/Makefile.am b/moonshot/mech_eap/Makefile.am
index b3a951d..0214ca0 100644
--- a/moonshot/mech_eap/Makefile.am
+++ b/moonshot/mech_eap/Makefile.am
@@ -7,6 +7,12 @@ EAP_CFLAGS = -I$(srcdir)/../libeap/src -I$(srcdir)/../libeap/src/common -I$(srcd
 	-I$(srcdir)/../libeap/src/utils \
 	-DEAP_TLS -DEAP_PEAP -DEAP_TTLS -DEAP_MD5 -DEAP_MSCHAPv2 -DEAP_GTC -DEAP_OTP -DEAP_LEAP -DEAP_PSK -DEAP_PAX -DEAP_SAKE -DEAP_GPSK -DEAP_GPSK_SHA256 -DEAP_SERVER_IDENTITY -DEAP_SERVER_TLS -DEAP_SERVER_PEAP -DEAP_SERVER_TTLS -DEAP_SERVER_MD5 -DEAP_SERVER_MSCHAPV2 -DEAP_SERVER_GTC -DEAP_SERVER_PSK -DEAP_SERVER_PAX -DEAP_SERVER_SAKE -DEAP_SERVER_GPSK -DEAP_SERVER_GPSK_SHA256 -DIEEE8021X_EAPOL
 
+if GSSEAP_ENABLE_ACCEPTOR
+GSSEAP_EXPORTS = mech_eap.exports
+else
+GSSEAP_EXPORTS = mech_eap-noacceptor.exports
+endif
+
 gssdir = $(libdir)/gss
 gss_LTLIBRARIES = mech_eap.la
 
@@ -18,13 +24,12 @@ mech_eap_la_CXXFLAGS = -Werror -Wall -Wunused-parameter \
 		        @OPENSAML_CXXFLAGS@ @SHIBRESOLVER_CXXFLAGS@ @SHIBSP_CXXFLAGS@ \
 			@TARGET_CFLAGS@ $(EAP_CFLAGS)
 mech_eap_la_LDFLAGS  = -avoid-version -module \
-			-export-symbols mech_eap.exports -no-undefined \
+			-export-symbols $(GSSEAP_EXPORTS) -no-undefined \
 			@RADSEC_LDFLAGS@ @TARGET_LDFLAGS@
 mech_eap_la_LIBADD   = @KRB5_LIBS@ ../libeap/libeap.la @RADSEC_LIBS@ \
 		       @OPENSAML_LIBS@ @SHIBRESOLVER_LIBS@ @SHIBSP_LIBS@ @JANSSON_LIBS@
 
 mech_eap_la_SOURCES =    			\
-	accept_sec_context.c			\
 	acquire_cred.c				\
 	acquire_cred_with_password.c		\
 	add_cred.c				\
@@ -33,7 +38,6 @@ mech_eap_la_SOURCES =    			\
 	canonicalize_name.c			\
 	compare_name.c				\
 	context_time.c				\
-	delete_name_attribute.c			\
 	delete_sec_context.c			\
 	display_name.c				\
 	display_name_ext.c			\
@@ -41,10 +45,8 @@ mech_eap_la_SOURCES =    			\
 	duplicate_name.c			\
 	eap_mech.c				\
 	export_name.c				\
-	export_name_composite.c			\
 	export_sec_context.c			\
 	get_mic.c				\
-	get_name_attribute.c			\
 	gsseap_err.c				\
 	import_name.c				\
 	import_sec_context.c			\
@@ -57,32 +59,26 @@ mech_eap_la_SOURCES =    			\
 	inquire_cred_by_oid.c			\
 	inquire_mech_for_saslname.c		\
 	inquire_mechs_for_name.c		\
-	inquire_name.c				\
 	inquire_names_for_mech.c		\
 	inquire_saslname_for_mech.c		\
 	inquire_sec_context_by_oid.c		\
-	map_name_to_any.c			\
 	process_context_token.c			\
 	pseudo_random.c				\
 	radsec_err.c				\
-	release_any_name_mapping.c		\
 	release_cred.c				\
 	release_name.c				\
 	release_oid.c				\
-	set_name_attribute.c			\
 	set_cred_option.c			\
 	set_sec_context_option.c		\
 	store_cred.c				\
 	unwrap.c				\
 	unwrap_iov.c				\
-	util_attr.cpp				\
 	util_base64.c				\
 	util_buffer.c				\
 	util_context.c				\
 	util_cksum.c				\
 	util_cred.c				\
 	util_crypt.c				\
-	util_json.cpp				\
 	util_krb.c				\
 	util_lucid.c				\
 	util_mech.c				\
@@ -90,7 +86,6 @@ mech_eap_la_SOURCES =    			\
 	util_name.c				\
 	util_oid.c				\
 	util_ordering.c				\
-	util_radius.cpp				\
 	util_sm.c				\
 	util_token.c				\
 	verify_mic.c				\
@@ -99,6 +94,20 @@ mech_eap_la_SOURCES =    			\
 	wrap_iov_length.c			\
 	wrap_size_limit.c
 
+if GSSEAP_ENABLE_ACCEPTOR
+
+mech_eap_la_SOURCES +=				\
+	accept_sec_context.c			\
+	delete_name_attribute.c			\
+	export_name_composite.c			\
+	get_name_attribute.c			\
+	map_name_to_any.c			\
+	release_any_name_mapping.c		\
+	set_name_attribute.c			\
+	util_attr.cpp				\
+	util_json.cpp				\
+	util_radius.cpp
+
 if OPENSAML
 mech_eap_la_SOURCES += util_saml.cpp
 endif
@@ -107,13 +116,13 @@ if SHIBRESOLVER
 mech_eap_la_SOURCES += util_shib.cpp
 endif
 
+endif
+
 BUILT_SOURCES = gsseap_err.c radsec_err.c
 
 if GSSEAP_ENABLE_REAUTH
 mech_eap_la_SOURCES += util_reauth.c
 
-
-
 if !HEIMDAL
 krb5pluginsdir = $(libdir)/krb5/plugins/authdata
 krb5plugins_LTLIBRARIES = radius_ad.la
diff --git a/moonshot/mech_eap/eap_mech.c b/moonshot/mech_eap/eap_mech.c
index 995a8ee..630dd0e 100644
--- a/moonshot/mech_eap/eap_mech.c
+++ b/moonshot/mech_eap/eap_mech.c
@@ -191,8 +191,10 @@ gssEapInitiatorInit(void)
 static void
 gssEapFinalize(void)
 {
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     OM_uint32 minor;
 
     gssEapAttrProvidersFinalize(&minor);
+#endif
     eap_peer_unregister_methods();
 }
diff --git a/moonshot/mech_eap/export_sec_context.c b/moonshot/mech_eap/export_sec_context.c
index 8695bf6..5f89903 100644
--- a/moonshot/mech_eap/export_sec_context.c
+++ b/moonshot/mech_eap/export_sec_context.c
@@ -37,6 +37,7 @@
 
 #include "gssapiP_eap.h"
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
 static OM_uint32
 gssEapExportPartialContext(OM_uint32 *minor,
                            gss_ctx_id_t ctx,
@@ -98,6 +99,7 @@ cleanup:
 
     return major;
 }
+#endif /* GSSEAP_ENABLE_ACCEPTOR */
 
 OM_uint32
 gssEapExportSecContext(OM_uint32 *minor,
@@ -137,6 +139,7 @@ gssEapExportSecContext(OM_uint32 *minor,
             goto cleanup;
     }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     /*
      * The partial context is only transmitted for unestablished acceptor
      * contexts.
@@ -147,6 +150,7 @@ gssEapExportSecContext(OM_uint32 *minor,
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     length  = 16;                               /* version, state, flags, */
     length += 4 + ctx->mechanismUsed->length;   /* mechanismUsed */
diff --git a/moonshot/mech_eap/gssapiP_eap.h b/moonshot/mech_eap/gssapiP_eap.h
index 4eaa664..fcd4bab 100644
--- a/moonshot/mech_eap/gssapiP_eap.h
+++ b/moonshot/mech_eap/gssapiP_eap.h
@@ -122,7 +122,9 @@ struct gss_name_struct
     OM_uint32 flags;
     gss_OID mechanismUsed; /* this is immutable */
     krb5_principal krbPrincipal; /* this is immutable */
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     struct gss_eap_attr_ctx *attrCtx;
+#endif
 };
 
 #define CRED_FLAG_INITIATE                  0x00010000
diff --git a/moonshot/mech_eap/mech_eap-noacceptor.exports b/moonshot/mech_eap/mech_eap-noacceptor.exports
new file mode 100644
index 0000000..ee2bdd0
--- /dev/null
+++ b/moonshot/mech_eap/mech_eap-noacceptor.exports
@@ -0,0 +1,53 @@
+gss_acquire_cred
+gss_add_cred
+gss_add_cred_with_password
+gss_canonicalize_name
+gss_compare_name
+gss_context_time
+gss_delete_sec_context
+gss_display_name
+gss_display_name_ext
+gss_display_status
+gss_duplicate_name
+gss_export_name
+gss_export_sec_context
+gss_get_mic
+gss_import_name
+gss_import_sec_context
+gss_indicate_mechs
+gss_init_sec_context
+gss_inquire_attrs_for_mech
+gss_inquire_context
+gss_inquire_cred
+gss_inquire_cred_by_mech
+gss_inquire_cred_by_oid
+gss_inquire_mechs_for_name
+gss_inquire_mech_for_saslname
+gss_inquire_name
+gss_inquire_names_for_mech
+gss_inquire_saslname_for_mech
+gss_inquire_sec_context_by_oid
+gss_process_context_token
+gss_pseudo_random
+gss_release_cred
+gss_release_name
+gss_internal_release_oid
+gss_set_sec_context_option
+gss_store_cred
+gss_unwrap
+gss_unwrap_iov
+gss_verify_mic
+gss_wrap
+gss_wrap_iov
+gss_wrap_iov_length
+gss_wrap_size_limit
+GSS_EAP_AES128_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_AES256_CTS_HMAC_SHA1_96_MECHANISM
+GSS_EAP_NT_EAP_NAME
+GSS_EAP_CRED_SET_CRED_FLAG
+GSS_EAP_CRED_SET_CRED_PASSWORD
+GSS_EAP_CRED_SET_RADIUS_CONFIG_FILE
+GSS_EAP_CRED_SET_RADIUS_CONFIG_STANZA
+gssspi_acquire_cred_with_password
+gssspi_authorize_localname
+gssspi_set_cred_option
diff --git a/moonshot/mech_eap/mech_eap.exports b/moonshot/mech_eap/mech_eap.exports
index 34a26bf..954bbbd 100644
--- a/moonshot/mech_eap/mech_eap.exports
+++ b/moonshot/mech_eap/mech_eap.exports
@@ -5,6 +5,7 @@ gss_add_cred_with_password
 gss_canonicalize_name
 gss_compare_name
 gss_context_time
+gss_delete_name_attribute
 gss_delete_sec_context
 gss_display_name
 gss_display_name_ext
@@ -26,7 +27,6 @@ gss_inquire_cred_by_mech
 gss_inquire_cred_by_oid
 gss_inquire_mechs_for_name
 gss_inquire_mech_for_saslname
-gss_inquire_name
 gss_inquire_names_for_mech
 gss_inquire_saslname_for_mech
 gss_inquire_sec_context_by_oid
diff --git a/moonshot/mech_eap/util_context.c b/moonshot/mech_eap/util_context.c
index 32ca195..80324bf 100644
--- a/moonshot/mech_eap/util_context.c
+++ b/moonshot/mech_eap/util_context.c
@@ -84,6 +84,7 @@ releaseInitiatorContext(struct gss_eap_initiator_ctx *ctx)
     eap_peer_sm_deinit(ctx->eap);
 }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
 static void
 releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
 {
@@ -99,6 +100,7 @@ releaseAcceptorContext(struct gss_eap_acceptor_ctx *ctx)
     if (ctx->vps != NULL)
         gssEapRadiusFreeAvps(&tmpMinor, &ctx->vps);
 }
+#endif
 
 OM_uint32
 gssEapReleaseContext(OM_uint32 *minor,
@@ -121,9 +123,12 @@ gssEapReleaseContext(OM_uint32 *minor,
 #endif
     if (CTX_IS_INITIATOR(ctx)) {
         releaseInitiatorContext(&ctx->initiatorCtx);
-    } else {
+    }
+#ifdef GSSEAP_ENABLE_ACCEPTOR
+    else {
         releaseAcceptorContext(&ctx->acceptorCtx);
     }
+#endif
 
     krb5_free_keyblock_contents(krbContext, &ctx->rfc3961Key);
     gssEapReleaseName(&tmpMinor, &ctx->initiatorName);
diff --git a/moonshot/mech_eap/util_name.c b/moonshot/mech_eap/util_name.c
index fbd4b8a..e20dffd 100644
--- a/moonshot/mech_eap/util_name.c
+++ b/moonshot/mech_eap/util_name.c
@@ -113,7 +113,9 @@ gssEapReleaseName(OM_uint32 *minor, gss_name_t *pName)
     krb5_free_principal(krbContext, name->krbPrincipal);
     gssEapReleaseOid(&tmpMinor, &name->mechanismUsed);
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     gssEapReleaseAttrContext(&tmpMinor, name);
+#endif
 
     GSSEAP_MUTEX_DESTROY(&name->mutex);
     GSSEAP_FREE(name);
@@ -426,6 +428,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
     name->mechanismUsed = mechanismUsed;
     mechanismUsed = GSS_C_NO_OID;
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
         gss_buffer_desc buf;
 
@@ -436,6 +439,7 @@ gssEapImportNameInternal(OM_uint32 *minor,
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     major = GSS_S_COMPLETE;
     *minor = 0;
@@ -565,12 +569,14 @@ gssEapExportNameInternal(OM_uint32 *minor,
         exportedNameLen += 6 + mech->length;
     }
     exportedNameLen += 4 + nameBuf.length;
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (flags & EXPORT_NAME_FLAG_COMPOSITE) {
         major = gssEapExportAttrContext(minor, name, &attrs);
         if (GSS_ERROR(major))
             goto cleanup;
         exportedNameLen += attrs.length;
     }
+#endif
 
     exportedName->value = GSSEAP_MALLOC(exportedNameLen);
     if (exportedName->value == NULL) {
@@ -670,11 +676,13 @@ gssEapCanonicalizeName(OM_uint32 *minor,
         goto cleanup;
     }
 
+#ifdef GSSEAP_ENABLE_ACCEPTOR
     if (input_name->attrCtx != NULL) {
         major = gssEapDuplicateAttrContext(minor, input_name, name);
         if (GSS_ERROR(major))
             goto cleanup;
     }
+#endif
 
     *dest_name = name;
 
-- 
2.1.4