Sam Hartman [Tue, 20 May 2014 00:49:39 +0000 (20:49 -0400)]
Include tids service unit and schema sql.
Sam Hartman [Wed, 26 Mar 2014 08:18:16 +0000 (04:18 -0400)]
Update spec file for 1.2
Margaret Wasserman [Mon, 24 Mar 2014 22:20:47 +0000 (18:20 -0400)]
Remove need for remote def of TR_FLINE that won't compile on Centos.
Margaret Wasserman [Tue, 18 Mar 2014 21:21:41 +0000 (17:21 -0400)]
Update trust_router version number to 1.2
Margaret Wasserman [Tue, 18 Mar 2014 20:50:49 +0000 (16:50 -0400)]
Increment TID library version number to 1.
Margaret Wasserman [Mon, 17 Mar 2014 19:04:47 +0000 (15:04 -0400)]
If port passed in to tidc_open_connection() is 0, use the default port.
Margaret Wasserman [Sat, 15 Mar 2014 10:10:00 +0000 (06:10 -0400)]
Debugging printfs for trust router port number.
Margaret Wasserman [Fri, 14 Mar 2014 13:41:22 +0000 (09:41 -0400)]
Remove API dependency on jansson for constraints.
Margaret Wasserman [Thu, 13 Mar 2014 13:13:32 +0000 (09:13 -0400)]
Allow caller to set port number for tidc_open_connection(). Install
include/trust_router/tr_constraints.h, so that freeradius will build
with updated TID code.
Margaret Wasserman [Wed, 12 Mar 2014 18:18:24 +0000 (14:18 -0400)]
Change name type passed to gss_import_name().
Margaret Wasserman [Wed, 12 Mar 2014 12:30:09 +0000 (08:30 -0400)]
Avoid overwriting gss error before printing.
Margaret Wasserman [Wed, 12 Mar 2014 12:29:25 +0000 (08:29 -0400)]
Allow the Trust Router's TIDS port to be set in the internal config.
Margaret Wasserman [Tue, 4 Mar 2014 13:19:05 +0000 (08:19 -0500)]
Don't overwrite minorStatus before printing error.
Margaret Wasserman [Tue, 4 Mar 2014 12:41:49 +0000 (07:41 -0500)]
Fix bug in previous commit.
Margaret Wasserman [Tue, 4 Mar 2014 12:40:01 +0000 (07:40 -0500)]
Add hostname to service name in gsscon_connect().
Margaret Wasserman [Fri, 14 Feb 2014 19:03:58 +0000 (14:03 -0500)]
Add files not commited for AAA Server IP Addr to Hostname change.
Margaret Wasserman [Fri, 14 Feb 2014 01:15:53 +0000 (20:15 -0500)]
Configure AAA Server hostname, instead of expecting an IP address.
Margaret Wasserman [Fri, 14 Feb 2014 00:57:13 +0000 (19:57 -0500)]
Completion of constraints code, not fully tested.
Margaret Wasserman [Mon, 3 Feb 2014 10:45:31 +0000 (05:45 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Sam Hartman [Thu, 30 Jan 2014 16:02:45 +0000 (11:02 -0500)]
tr_tids_gss_handler: print auth name
Print the name we authenticated to.
Margaret Wasserman [Thu, 30 Jan 2014 10:45:30 +0000 (05:45 -0500)]
Configuration code for realm and domain constraints.
Sam Hartman [Thu, 23 Jan 2014 21:11:52 +0000 (16:11 -0500)]
asprintf not sprintf
Margaret Wasserman [Wed, 22 Jan 2014 20:05:58 +0000 (15:05 -0500)]
Added hostname to configuration and example code.
Margaret Wasserman [Wed, 22 Jan 2014 14:43:02 +0000 (09:43 -0500)]
Add things missing from previous commit to add realm_name to the service name.
Margaret Wasserman [Wed, 22 Jan 2014 14:37:22 +0000 (09:37 -0500)]
Changes to add realm name (from config) to end of service name for passive authentication.
Sam Hartman [Fri, 20 Dec 2013 20:15:59 +0000 (15:15 -0500)]
new version
Margaret Wasserman [Fri, 20 Dec 2013 16:43:36 +0000 (11:43 -0500)]
Fix bugs found in testing new filtering code.
Margaret Wasserman [Thu, 19 Dec 2013 18:20:57 +0000 (13:20 -0500)]
Clean up compiler warnings (and likely bugs).
Margaret Wasserman [Thu, 19 Dec 2013 18:14:09 +0000 (13:14 -0500)]
Full support for rp_permitted filters using new filter structures, etc.
Margaret Wasserman [Wed, 18 Dec 2013 12:27:00 +0000 (07:27 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Wed, 18 Dec 2013 12:25:52 +0000 (07:25 -0500)]
Configuration for full filter structures.
Sam Hartman [Mon, 25 Nov 2013 12:59:39 +0000 (07:59 -0500)]
specfile: bump release
Margaret Wasserman [Tue, 19 Nov 2013 17:27:51 +0000 (12:27 -0500)]
Update makefiles to include tid/tr_resp.c.
Margaret Wasserman [Tue, 19 Nov 2013 17:26:15 +0000 (12:26 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Tue, 19 Nov 2013 17:25:11 +0000 (12:25 -0500)]
Added access functions for TID_RESP structure.
Sam Hartman [Tue, 19 Nov 2013 17:12:37 +0000 (12:12 -0500)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Sam Hartman [Tue, 19 Nov 2013 17:04:24 +0000 (12:04 -0500)]
temporary: gsscon_passive_authenticate: acquire trustidentity creds.
As discussin in LP: #1203159, the client always uses trustidentity as
a name. We're running into problems because the server uses
GSS_C_NO_CREDENTIAL. That means no service name is included in RADIUS
and unless there's proxy magic, then channel bindings fails.
For now, also acquire trustidentity credentials on the server. This
still leaves the security issue discussed by that bug, but at least
the code works.
Margaret Wasserman [Tue, 19 Nov 2013 16:44:01 +0000 (11:44 -0500)]
Access funcitons for TID_REQ structure, incl TID code reorg.
Sam Hartman [Mon, 28 Oct 2013 20:16:11 +0000 (16:16 -0400)]
specfile: sqlite-devel not sqlite3-devel
Sam Hartman [Mon, 28 Oct 2013 18:51:12 +0000 (14:51 -0400)]
buildrequires
Sam Hartman [Thu, 10 Oct 2013 17:26:23 +0000 (13:26 -0400)]
Don't multiply define the same type
Sam Hartman [Tue, 8 Oct 2013 12:45:31 +0000 (08:45 -0400)]
spec file updates
fixes LP: #1236768
Margaret Wasserman [Tue, 17 Sep 2013 11:31:51 +0000 (07:31 -0400)]
Add accessors for TR_MSG structure.
Margaret Wasserman [Wed, 10 Jul 2013 17:11:05 +0000 (13:11 -0400)]
Updated config file with complete, consistent config for Trust Router 1.0.
Margaret Wasserman [Wed, 10 Jul 2013 16:37:14 +0000 (12:37 -0400)]
Fix forward reference that causes CentOS build to fail.
Margaret Wasserman [Wed, 10 Jul 2013 15:27:55 +0000 (11:27 -0400)]
Fix logic error in previous fix for APC parsing.
Margaret Wasserman [Wed, 10 Jul 2013 15:26:29 +0000 (11:26 -0400)]
Don't parse APCs in IDP realm if they aren't there.
Sam Hartman [Tue, 9 Jul 2013 23:47:39 +0000 (19:47 -0400)]
Version 1.0
Margaret Wasserman [Tue, 9 Jul 2013 22:50:56 +0000 (18:50 -0400)]
Fix order of parameters in wildcard call.
Margaret Wasserman [Tue, 9 Jul 2013 22:26:34 +0000 (18:26 -0400)]
Clean up wildcard match code, add debugging printf
Margaret Wasserman [Tue, 9 Jul 2013 22:12:46 +0000 (18:12 -0400)]
Fix logic error in gss name comparison.
Margaret Wasserman [Tue, 9 Jul 2013 21:57:18 +0000 (17:57 -0400)]
Fix gss matching code to compare to the rp realm for the request.
Margaret Wasserman [Tue, 9 Jul 2013 21:25:09 +0000 (17:25 -0400)]
Fix segfault in RP client lookup code.
Margaret Wasserman [Tue, 9 Jul 2013 20:21:19 +0000 (16:21 -0400)]
Fixes to make gss_name checking code compile.
Margaret Wasserman [Tue, 9 Jul 2013 20:08:54 +0000 (16:08 -0400)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Tue, 9 Jul 2013 20:08:28 +0000 (16:08 -0400)]
Add code to do gss_name check in trust router.
Sam Hartman [Tue, 9 Jul 2013 20:03:52 +0000 (16:03 -0400)]
tid: implement GSS name callback
Margaret Wasserman [Tue, 9 Jul 2013 19:48:40 +0000 (15:48 -0400)]
Add code for rp client lookups to the build.
Margaret Wasserman [Tue, 9 Jul 2013 19:10:11 +0000 (15:10 -0400)]
Update config code and config files to fully parse rp_client
rp_permitted filters.
Sam Hartman [Tue, 9 Jul 2013 14:36:09 +0000 (10:36 -0400)]
tids: build after gsscon change.
This callback always succeeds and needs to be replaced with a correct callback exposed through the tids interface.
Sam Hartman [Mon, 8 Jul 2013 19:08:29 +0000 (15:08 -0400)]
gsscon: callback for client name validation
gsscon_passive_authenticate now takes a callback for client authentication.
Margaret Wasserman [Mon, 8 Jul 2013 19:00:52 +0000 (15:00 -0400)]
Merge gsscon_connect() and gsscon_active_authenticate() calls.
Margaret Wasserman [Wed, 3 Jul 2013 13:30:54 +0000 (09:30 -0400)]
Declare variable so the code will build.
Margaret Wasserman [Wed, 3 Jul 2013 08:02:38 +0000 (04:02 -0400)]
Check rp_realm and target_realm membership in both COI and APC
Margaret Wasserman [Wed, 3 Jul 2013 08:01:48 +0000 (04:01 -0400)]
Updates to the way configuration is merged.
Margaret Wasserman [Tue, 2 Jul 2013 21:18:18 +0000 (17:18 -0400)]
Do not require server list in error response.
Margaret Wasserman [Tue, 2 Jul 2013 21:17:26 +0000 (17:17 -0400)]
Do not send the request on community membership error.
Margaret Wasserman [Tue, 2 Jul 2013 19:51:54 +0000 (15:51 -0400)]
Set socket options before bind().
Margaret Wasserman [Tue, 2 Jul 2013 19:51:25 +0000 (15:51 -0400)]
Fix segfault where request was only partially memset().
Margaret Wasserman [Tue, 2 Jul 2013 18:42:01 +0000 (14:42 -0400)]
Code to check community membership on TR.
Margaret Wasserman [Tue, 2 Jul 2013 18:05:23 +0000 (14:05 -0400)]
Added function to lookup a community by name.
Margaret Wasserman [Tue, 2 Jul 2013 14:04:20 +0000 (10:04 -0400)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Tue, 2 Jul 2013 14:02:26 +0000 (10:02 -0400)]
Added function to do prefix wildcard comparison for filtering.
Margaret Wasserman [Tue, 2 Jul 2013 13:15:50 +0000 (09:15 -0400)]
Fix coding error (segfault) in community config code.
Margaret Wasserman [Tue, 2 Jul 2013 13:12:55 +0000 (09:12 -0400)]
Make functions to find RPs and IDPs externally accessible.
Margaret Wasserman [Tue, 2 Jul 2013 12:49:06 +0000 (08:49 -0400)]
Underlying code to check RP GSS Name.
Margaret Wasserman [Tue, 2 Jul 2013 12:30:20 +0000 (08:30 -0400)]
Code to parse communities in config, so that we can check membership.
Sam Hartman [Tue, 21 May 2013 15:51:01 +0000 (11:51 -0400)]
Update version in spec too
Margaret Wasserman [Wed, 15 May 2013 15:24:21 +0000 (11:24 -0400)]
Updated to-do list for Trust Router 1.0
Margaret Wasserman [Mon, 6 May 2013 19:37:31 +0000 (15:37 -0400)]
Update version to 0.2
Margaret Wasserman [Mon, 6 May 2013 19:31:49 +0000 (15:31 -0400)]
Update .gitignore to include editor save files and executables.
Margaret Wasserman [Mon, 6 May 2013 14:07:04 +0000 (10:07 -0400)]
Add orig_coi to the reponse, fix bugs with coi-to-apc conversion.
Margaret Wasserman [Fri, 3 May 2013 20:56:55 +0000 (16:56 -0400)]
Improved error handling, cleaned up messages, fixed minor bugs.
Margaret Wasserman [Tue, 30 Apr 2013 20:57:03 +0000 (16:57 -0400)]
Added tr_apc.h to list of includes.
Margaret Wasserman [Tue, 30 Apr 2013 20:54:38 +0000 (16:54 -0400)]
Merge branch 'master' of moonshot.suchdamage.org:/srv/git/trust_router
Margaret Wasserman [Tue, 30 Apr 2013 20:54:14 +0000 (16:54 -0400)]
Add new tr_comm.c file to makefile.
Margaret Wasserman [Tue, 30 Apr 2013 18:19:04 +0000 (14:19 -0400)]
Update to-do list to reflect expected beta contents.
Margaret Wasserman [Tue, 30 Apr 2013 18:14:30 +0000 (14:14 -0400)]
Code for TR to change a COI to an APC in forwarded reqs, also some reorg of request handling.
Margaret Wasserman [Tue, 30 Apr 2013 16:31:21 +0000 (12:31 -0400)]
Parsers for "communities:" section of configuration
Sam hartman [Mon, 29 Apr 2013 17:31:15 +0000 (18:31 +0100)]
Update for RPM packaging
Sam Hartman [Wed, 17 Apr 2013 17:41:03 +0000 (13:41 -0400)]
rename tr to trust_router
Sam hartman [Wed, 17 Apr 2013 11:44:11 +0000 (12:44 +0100)]
fixes for building on Centos; mostly -Werror clean at this point
Margaret Wasserman [Mon, 15 Apr 2013 13:21:50 +0000 (09:21 -0400)]
Move DH parameter generation outside of TIDC Instance creation.
Margaret Wasserman [Sun, 14 Apr 2013 13:35:57 +0000 (09:35 -0400)]
Put the connextion and gss context in the request for later use.
Margaret Wasserman [Wed, 10 Apr 2013 22:54:47 +0000 (18:54 -0400)]
Fixes to bugs discovered during initial tidc/radius integration.
Sam Hartman [Wed, 10 Apr 2013 19:30:55 +0000 (15:30 -0400)]
install tr_dh.h
Sam Hartman [Wed, 10 Apr 2013 19:27:05 +0000 (15:27 -0400)]
Refactor: tr_compute_dh_key manages its own buffer
Sam Hartman [Wed, 10 Apr 2013 19:26:47 +0000 (15:26 -0400)]
add tr_name_strlcat and tr_name_strdup
Margaret Wasserman [Sun, 7 Apr 2013 23:23:03 +0000 (19:23 -0400)]
Updates to trust router handlers, added ipaddr cmd line option to tids.
Sam Hartman [Fri, 5 Apr 2013 16:43:10 +0000 (12:43 -0400)]
Initialize tid response structure