exim.git
12 years agoGuards for older releases of GnuTLS.
Phil Pennock [Thu, 17 May 2012 05:32:13 +0000 (01:32 -0400)]
Guards for older releases of GnuTLS.

gnutls_sec_param_to_pk_bits() and gnutls_rnd() are both new as of
GnuTLS 2.12.x.  Guard their usage on 2.12.0+ at compile time.

In older versions, the vaguely_random_number() function just immediately
calls the fallback, so it's the same as before this change (just one
extra indirection in the code-path).

Define a constant of 1024 for dh-bits for use in those old releases
where GnuTLS won't tell us how many we should use.

Change the on-disk filename for generated D-H params again, replacing
the -normal with -<bitcount>, so that it's 1024 or whatever, and as
the value changes, Exim will automatically start using the new value.

12 years agodnsdb SPF support, from Janne Snabb
Phil Pennock [Thu, 17 May 2012 04:39:38 +0000 (00:39 -0400)]
dnsdb SPF support, from Janne Snabb

12 years agoMerge branch 'experimental_ocsp'
Phil Pennock [Wed, 16 May 2012 16:35:40 +0000 (12:35 -0400)]
Merge branch 'experimental_ocsp'

12 years agoOverhaul of GnuTLS code.
Phil Pennock [Wed, 16 May 2012 16:15:26 +0000 (12:15 -0400)]
Overhaul of GnuTLS code.

GnuTLS code re-done, using cut&paste for preservation where appropriate.

Stop using deprecated APIs.  Stop hard-coding lists of ciphers.
Use gnutls_priority_init() instead.
Turns tls_require_ciphers into a string in the GnuTLS case, not just
OpenSSL case.

Deprecate three gnutls_require_* options; now ignored but not errors.
(No warnings yet).

Added TLS SNI support.

Made the channel binding integration theoretically actually work.  I had
it guarded by an #ifdef but the value used was an enum instead.  Oops.
Fixed.

New code much more amenable to future work permitting TLS in callouts.

DH param sizes now chosen by GnuTLS maintainers, we use "normal"; that's
suddenly a lot more bits, so the saved filename was changed too.
(GNUTLS_SEC_PARAM_NORMAL).

DH param setup only done for servers now, since clients don't need/use
it.

GnuTLS a lot more robust to library negotiation using stuff we don't
support, error-ing out quickly for other authentication systems (PGP,
etc).

Renamed pseudo_random_number() to vaguely_random_number() which makes
the nature clearer.

GnuTLS now provides a vaguely_random_number() implementation, to match
OpenSSL.

Pull in <inttypes.h> to make the recent arithmetic changes compile on
MacOS.

Nuke test 2011 which related to the gnutls_require_* options now
non-functional.

12 years agoTestsuite: fix problem with parsing retry records spanning midnight.
Jeremy Harris [Mon, 14 May 2012 23:06:18 +0000 (00:06 +0100)]
Testsuite: fix problem with parsing retry records spanning midnight.

12 years agoMerge branch '64bitint'
Jeremy Harris [Sun, 13 May 2012 21:39:47 +0000 (22:39 +0100)]
Merge branch '64bitint'

12 years agoUse defines in config.h for type & scanf-patterns for eval. Update docs.
Jeremy Harris [Sun, 13 May 2012 20:04:45 +0000 (21:04 +0100)]
Use defines in config.h for type & scanf-patterns for eval.  Update docs.

12 years agotypo fix
Phil Pennock [Sun, 13 May 2012 19:30:58 +0000 (15:30 -0400)]
typo fix

12 years agoMake integer values 64bit (bug 1171).
Jeremy Harris [Mon, 23 Apr 2012 21:47:58 +0000 (22:47 +0100)]
Make integer values 64bit (bug 1171).

12 years agoTestsuite: ensure socket from wait-mode daemon test is not held open.
Jeremy Harris [Sun, 13 May 2012 15:43:02 +0000 (16:43 +0100)]
Testsuite: ensure socket from wait-mode daemon test is not held open.

12 years agoOops, missed .c change in bug 1246 fix git commit
Phil Pennock [Sun, 13 May 2012 08:18:55 +0000 (04:18 -0400)]
Oops, missed .c change in bug 1246 fix git commit

12 years agoFixed headers_only on smtp transports.
Phil Pennock [Sun, 13 May 2012 08:09:25 +0000 (04:09 -0400)]
Fixed headers_only on smtp transports.

Was not sending trailing dot.
Added test case to catch this.

fixes bug 1246.

12 years agopcre-config support.
Phil Pennock [Sat, 12 May 2012 13:11:28 +0000 (09:11 -0400)]
pcre-config support.

Remove a couple of stray references to PCRE_CFLAGS too (dating from when PCRE was bundled).

12 years agoTesting for -bw mode
Phil Pennock [Fri, 11 May 2012 10:21:17 +0000 (06:21 -0400)]
Testing for -bw mode

12 years agoTestsuite: updates for 8bitmime-as-default (Dovecot; untested).
Jeremy Harris [Thu, 10 May 2012 22:38:57 +0000 (23:38 +0100)]
Testsuite: updates for 8bitmime-as-default (Dovecot; untested).

12 years agoTestsuite: updates for 8bitmime-as-default (GnuTLS).
Jeremy Harris [Thu, 10 May 2012 21:55:58 +0000 (22:55 +0100)]
Testsuite: updates for 8bitmime-as-default (GnuTLS).

Also add Retry command to more runtest testcase-fail possibilities.

12 years agofix non-bw case, late slip not re-run by my earlier tests
Phil Pennock [Thu, 10 May 2012 05:50:47 +0000 (01:50 -0400)]
fix non-bw case, late slip not re-run by my earlier tests

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Wed, 9 May 2012 17:51:31 +0000 (18:51 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoFix non-TLS build. Detection and fix by Todd Lyons.
Jeremy Harris [Wed, 9 May 2012 17:50:08 +0000 (18:50 +0100)]
Fix non-TLS build.  Detection and fix by Todd Lyons.

12 years agoinetd wait mode support with -bw
Phil Pennock [Tue, 8 May 2012 21:44:36 +0000 (14:44 -0700)]
inetd wait mode support with -bw

12 years agoOCSP Stapling support, under EXPERIMENTAL_OCSP.
Phil Pennock [Tue, 8 May 2012 15:20:33 +0000 (08:20 -0700)]
OCSP Stapling support, under EXPERIMENTAL_OCSP.

OpenSSL only.

12 years agoTestsuite: updates for 8bitmime-as-default.
Jeremy Harris [Mon, 7 May 2012 14:35:14 +0000 (15:35 +0100)]
Testsuite: updates for 8bitmime-as-default.

12 years agoDefault accept_8bitmime to true.
Phil Pennock [Mon, 7 May 2012 11:03:37 +0000 (04:03 -0700)]
Default accept_8bitmime to true.

Some discussion at http://bugs.exim.org/show_bug.cgi?id=817

Refer readers to Dan Bernstein's analysis of the issues.
Consensus seen from maintainers is that DJB is right on this point.

12 years agorevert "%s" addition in em_main.c, broke %D in log_file.
Phil Pennock [Mon, 7 May 2012 10:09:37 +0000 (06:09 -0400)]
revert "%s" addition in em_main.c, broke %D in log_file.

Also added gdb support.

This leaves us with a printf warning.  We accept that as the cost of using PRINTF_FORMAT for strings that aren't libc formats.

12 years agoTestsuite: teach the fakedns zonefile generator about the ipv6 double-colon rule.
Jeremy Harris [Sun, 6 May 2012 22:12:03 +0000 (23:12 +0100)]
Testsuite: teach the fakedns zonefile generator about the ipv6 double-colon rule.

Fixes case 1003 for me (having a trailing ::).

12 years agoUnbreak build on Solaris.
Phil Pennock [Sun, 6 May 2012 13:32:53 +0000 (06:32 -0700)]
Unbreak build on Solaris.

Solaris needs -lresolv, ie $(LIBRESOLV), for anything referencing DNS.
I added _res stuff to os.c.
os.c is used by multiple tools, but of those only Exim needs the DNS functionality.
So used a !defined(COMPILE_UTILITY) guard.

12 years agoDNS resolver init changes for NetBSD compatibility.
Phil Pennock [Sun, 6 May 2012 04:38:18 +0000 (21:38 -0700)]
DNS resolver init changes for NetBSD compatibility.

12 years agoFix eximon build (tls_sni)
Jeremy Harris [Sat, 5 May 2012 20:26:02 +0000 (21:26 +0100)]
Fix eximon build (tls_sni)

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sat, 5 May 2012 20:10:19 +0000 (21:10 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoFix bug 1225: Accept new testsuite case output.
Jeremy Harris [Sat, 5 May 2012 19:52:41 +0000 (20:52 +0100)]
Fix bug 1225: Accept new testsuite case output.

Having looked further at the ratelimit code, the new output looks reasonable.  The obscure
values of "19" derive from testing "per-byte", being the size of the test message.

12 years agoCheck localhost_number expansion for failure.
Phil Pennock [Sat, 5 May 2012 01:22:16 +0000 (18:22 -0700)]
Check localhost_number expansion for failure.

Avoids NULL dereference.
Report and patch from Alun Jones.

Also a couple of SIZE_T_FMT sizeof() printf string fixes while I was in there.

fixes bug 1122

12 years agoNew doc section explaining TLS SNI
Phil Pennock [Fri, 4 May 2012 22:52:30 +0000 (15:52 -0700)]
New doc section explaining TLS SNI

12 years agosilence various compiler complaints; expose NVALGRIND
Phil Pennock [Fri, 4 May 2012 20:25:49 +0000 (13:25 -0700)]
silence various compiler complaints; expose NVALGRIND

12 years agofix sdop directive in filter.xfpt
Phil Pennock [Fri, 4 May 2012 20:06:38 +0000 (13:06 -0700)]
fix sdop directive in filter.xfpt

12 years agofix all sdop "line overflow" doc complaints
Phil Pennock [Fri, 4 May 2012 19:52:56 +0000 (12:52 -0700)]
fix all sdop "line overflow" doc complaints

12 years agofix example line-length, add comment (openssl_options)
Phil Pennock [Fri, 4 May 2012 19:26:21 +0000 (12:26 -0700)]
fix example line-length, add comment (openssl_options)

12 years agoDoc build bug-fix.
Phil Pennock [Fri, 4 May 2012 19:13:56 +0000 (12:13 -0700)]
Doc build bug-fix.

Had repeated .ilist instead of .next in the openssl_options value list.
Old sdop: segfault.  New sdop: memory exhaustion.
Oops!

12 years agoMore tls_sni support: outbound, logging.
Phil Pennock [Fri, 4 May 2012 15:27:09 +0000 (08:27 -0700)]
More tls_sni support: outbound, logging.

tls_sni as SMTP transport option.
Use correct storage pool for copying tls_sni, so survives for life of process.
Add +tls_sni log-selector, for inbound tls_sni.
Update exipick to handle -tls_sni in spool files.

Also reset tls_bits at start of outbound connection (was missing).

12 years agoTLS SNI support for OpenSSL ($tls_sni)
Phil Pennock [Fri, 4 May 2012 11:39:01 +0000 (04:39 -0700)]
TLS SNI support for OpenSSL ($tls_sni)

12 years agoGuard loadable module vars with LOOKUP_MODULE_DIR.
Phil Pennock [Fri, 4 May 2012 02:20:43 +0000 (19:20 -0700)]
Guard loadable module vars with LOOKUP_MODULE_DIR.

Fixes compiler complaints about unused variables.

12 years agospurious compiler warning of unused var fix
Phil Pennock [Fri, 4 May 2012 02:18:34 +0000 (19:18 -0700)]
spurious compiler warning of unused var fix

(but added check in case wrong about spuriousness)

12 years agoOpenSSL fixes and backwards compat break.
Phil Pennock [Fri, 4 May 2012 02:11:49 +0000 (19:11 -0700)]
OpenSSL fixes and backwards compat break.

Drop SSL_clear() after SSL_new() which causes protocol negotiation failures for TLS1.0 vs TLS1.1/1.2 in OpenSSL 1.0.1b.

Remove SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS (+dont_insert_empty_fragments) from default of openssl_options.

12 years agoLDAP: Check for errors of TLS initialisation
Phil Pennock [Thu, 3 May 2012 10:21:31 +0000 (03:21 -0700)]
LDAP: Check for errors of TLS initialisation

Report and patch from Dmitry Banschikov.

12 years agoUpdate testsuite output files for GnuTLS version update and fixes.
Jeremy Harris [Tue, 1 May 2012 22:27:17 +0000 (23:27 +0100)]
Update testsuite output files for GnuTLS version update and fixes.

12 years agoCode refactoring in acl.c (bug 1184)
Jeremy Harris [Sun, 22 Apr 2012 21:23:42 +0000 (22:23 +0100)]
Code refactoring in acl.c (bug 1184)

Move to a table-driven approach for the parsing of "verify =".

12 years agoChange notes for bug 660.
Jeremy Harris [Fri, 27 Apr 2012 21:45:16 +0000 (22:45 +0100)]
Change notes for bug 660.

12 years agoReturn multi-values attributes from an LDAP lookup in parsable form (bug 660).
Jeremy Harris [Mon, 23 Apr 2012 20:46:03 +0000 (21:46 +0100)]
Return multi-values attributes from an LDAP lookup in parsable form (bug 660).

12 years agodocument TK's bug 1239 fix in ChangeLog
Phil Pennock [Mon, 30 Apr 2012 23:58:45 +0000 (16:58 -0700)]
document TK's bug 1239 fix in ChangeLog

12 years agoFix verification when DKIM Signatures are not inserted as tracking headers. Thanks...
Tom Kistner [Mon, 30 Apr 2012 12:37:40 +0000 (13:37 +0100)]
Fix verification when DKIM Signatures are not inserted as tracking headers. Thanks to Wolfgang Breyha for the patch! (bug 1239)

12 years agoInclude string_interpret_escape() in COMPILE_UTILITY cases.
Jeremy Harris [Sat, 28 Apr 2012 23:22:35 +0000 (00:22 +0100)]
Include string_interpret_escape() in COMPILE_UTILITY cases.

Eximon needs it, via util-spool_in.o
It needed a private hex_digits[] to avoid bringing in all of globals.c to COMPILE_UTILITY.

12 years agoinclude string_unprinting() in COMPILE_UTILITY cases.
Phil Pennock [Sat, 28 Apr 2012 21:17:24 +0000 (14:17 -0700)]
include string_unprinting() in COMPILE_UTILITY cases.

jgh debugged eximon build failure; util-spool_in.o needs it

12 years agoTLS fixes for OpenSSL.
Phil Pennock [Sat, 28 Apr 2012 13:21:02 +0000 (06:21 -0700)]
TLS fixes for OpenSSL.

Support TLS 1.1 & 1.2
New "openssl_options" values (all now documented).

Set SSL_MODE_AUTO_RETRY so that OpenSSL will retry a read or write after
TLS renegotiation, which otherwise led to messages "Got SSL error 2".

12 years agodescribe spool file changes for -tls_peerdn
Phil Pennock [Sat, 28 Apr 2012 13:04:09 +0000 (06:04 -0700)]
describe spool file changes for -tls_peerdn

12 years agoHandle \n in tls_peerdn for spool files.
Phil Pennock [Fri, 27 Apr 2012 09:39:59 +0000 (02:39 -0700)]
Handle \n in tls_peerdn for spool files.

Fixes bug 1240.

12 years agoFix testsuite case 0373.
Jeremy Harris [Thu, 26 Apr 2012 22:00:15 +0000 (23:00 +0100)]
Fix testsuite case 0373.

The subtest does a readsocket (with 1s timeout) into a server
which closes immediately.  The expected output in the testcase was null, the output
actually seen was the error-return expansion, which seems more correct.
Accepting the actual output.

12 years agoNew testcase output from SSL library.
Jeremy Harris [Sun, 22 Apr 2012 07:23:53 +0000 (08:23 +0100)]
New testcase output from SSL library.

12 years agoAdd ACL name to debug output of condition result (bug 1238).
Jeremy Harris [Tue, 24 Apr 2012 23:25:51 +0000 (00:25 +0100)]
Add ACL name to debug output of condition result (bug 1238).

12 years agoEnsure $smtp_command is initialized before it can be expanded (bug 1182).
Jeremy Harris [Mon, 23 Apr 2012 22:57:47 +0000 (23:57 +0100)]
Ensure $smtp_command is initialized before it can be expanded (bug 1182).

12 years agoAdd pointer to IPv6 support in prototype Makefile (bug 1232).
Jeremy Harris [Mon, 23 Apr 2012 20:47:53 +0000 (21:47 +0100)]
Add pointer to IPv6 support in prototype Makefile (bug 1232).

12 years agoUpdate testsuite case enabled by fix for bug 1227, with changes require by bug 1224.
Jeremy Harris [Mon, 23 Apr 2012 19:03:16 +0000 (20:03 +0100)]
Update testsuite case enabled by fix for bug 1227, with changes require by bug 1224.

12 years agoAlways init_lookup_list before readconf_main.
Phil Pennock [Mon, 23 Apr 2012 03:35:02 +0000 (20:35 -0700)]
Always init_lookup_list before readconf_main.

This happens while still root.
Be more emphatic in EDITME about the security implications of loadable modules.

12 years agoBetter ls output fixing.
Phil Pennock [Mon, 23 Apr 2012 03:20:16 +0000 (20:20 -0700)]
Better ls output fixing.

fixes bug 1226
Further investigation from Jeremy Harris showed the previous fix
left trailing whitespace on output which previously ended after
the permission bits (eg, test 0240).

This works better for me.

12 years agoMerge branch 'master' of git://git.exim.org/exim
Jeremy Harris [Sun, 22 Apr 2012 21:28:57 +0000 (22:28 +0100)]
Merge branch 'master' of git://git.exim.org/exim

12 years agoMark cases where printf format strings are used
Dirk Mueller [Sun, 22 Apr 2012 18:21:32 +0000 (19:21 +0100)]
Mark cases where printf format strings are used
Bug report from Lars Müller <lars@samba.org> (via SUSE),
Patch from Dirk Mueller <dmueller@suse.com>

12 years agoBug 1224: fixup testsuite case output from testdb.
Jeremy Harris [Sun, 22 Apr 2012 15:13:22 +0000 (16:13 +0100)]
Bug 1224: fixup testsuite case output from testdb.

12 years agoAdd testsuite case retry (without update) option on failed file compare.
Jeremy Harris [Sun, 22 Apr 2012 13:32:03 +0000 (14:32 +0100)]
Add testsuite case retry (without update) option on failed file compare.

12 years agoAccept change in testcase munged output for -bt
Jeremy Harris [Sun, 22 Apr 2012 09:01:29 +0000 (10:01 +0100)]
Accept change in testcase munged output for -bt

Trailing spaces were trimmed by commit 37acd760db

12 years agoBug 1224 followon - avoid breaking other testcases.
Jeremy Harris [Thu, 19 Apr 2012 00:52:07 +0000 (01:52 +0100)]
Bug 1224 followon - avoid breaking other testcases.

Add specific patterns to avoid when munging the output.
This is fragile and may still be broken outside my specific test environment.

12 years agoFix bug 1224.
Jeremy Harris [Wed, 18 Apr 2012 23:43:11 +0000 (00:43 +0100)]
Fix bug 1224.

Replace the lookup index char in sterr traces with a zero;
update testcase expected stderr files to match.

12 years agoFix bug 1229.
Jeremy Harris [Wed, 18 Apr 2012 20:21:28 +0000 (21:21 +0100)]
Fix bug 1229.

Update testcase output with now-expected info.

12 years agoTestcase changes to match changes introduced by bug 1214.
root [Tue, 17 Apr 2012 20:05:20 +0000 (21:05 +0100)]
Testcase changes to match changes introduced by bug 1214.

Additional "A=" authenticator info was added to log lines for rejections.

12 years agoMerge remote branch 'origin'
root [Mon, 16 Apr 2012 20:04:52 +0000 (21:04 +0100)]
Merge remote branch 'origin'

12 years agoHandle TAB, not just SP, in MAIL args.
Phil Pennock [Fri, 13 Apr 2012 02:33:48 +0000 (19:33 -0700)]
Handle TAB, not just SP, in MAIL args.

Analysis, diagnosis and variant patch by Todd Lyons.

12 years agoUpdated OptionsList with gsasl, heimdal_gssapi, _PC changes.
Phil Pennock [Thu, 12 Apr 2012 10:02:20 +0000 (03:02 -0700)]
Updated OptionsList with gsasl, heimdal_gssapi, _PC changes.

Also maildir_use_size_file is now expanded

12 years agoTwo clarifications.
Phil Pennock [Thu, 12 Apr 2012 08:41:44 +0000 (01:41 -0700)]
Two clarifications.

String expansion, draw more attention to &dagger; marking.

Document the order in which parameters are supplied to relative comparators.

12 years agoFix IPv6 RE
root [Mon, 2 Apr 2012 19:57:49 +0000 (20:57 +0100)]
Fix IPv6 RE

12 years agofix gsasl / cyrus claims
Phil Pennock [Sat, 31 Mar 2012 10:10:54 +0000 (03:10 -0700)]
fix gsasl / cyrus claims

Point 1 for 4.78 said gsasl could *not* be used to replace cyrus.
This was obsoleted by point 5.
Remove claim from point 1, add additional note to point 5.

12 years agoHandle alternate access method flag in ls.
Phil Pennock [Fri, 30 Mar 2012 20:52:17 +0000 (13:52 -0700)]
Handle alternate access method flag in ls.

Jeremy Harris found ls output not parsing on SELinux systems.  I
identified this as SUSv3's "optional alternate access method flag".
Jeremy wrote the patch, I adjusted a little.

fixes bug 1226

12 years agoset umask
Phil Pennock [Fri, 30 Mar 2012 20:47:15 +0000 (13:47 -0700)]
set umask

fixes bug 1228

12 years agohandle more of the new format version numbers
Phil Pennock [Fri, 30 Mar 2012 20:41:16 +0000 (13:41 -0700)]
handle more of the new format version numbers

12 years agoMerge branch 'dbmjz'
Phil Pennock [Wed, 21 Mar 2012 08:45:59 +0000 (01:45 -0700)]
Merge branch 'dbmjz'

12 years agoheimdal_gssapi: accept SASL with empty authzid
Phil Pennock [Wed, 21 Mar 2012 08:38:57 +0000 (01:38 -0700)]
heimdal_gssapi: accept SASL with empty authzid

Saw this happening with Apple Mail; accept it, dup the GSS Display Name

12 years agoAdd dbmjz lookup type
Phil Pennock [Fri, 2 Mar 2012 09:51:01 +0000 (01:51 -0800)]
Add dbmjz lookup type

12 years agoLog auth data in rejectlog.
Phil Pennock [Sun, 19 Feb 2012 22:03:06 +0000 (17:03 -0500)]
Log auth data in rejectlog.

http://bugs.exim.org/attachment.cgi?id=547&action=edit
fixes bug: 1214
Patch by Jeremy Harris

12 years agoexpand cyrus_sasl server_realm option
Phil Pennock [Sat, 18 Feb 2012 17:05:03 +0000 (12:05 -0500)]
expand cyrus_sasl server_realm option

12 years agoMerge branch 'sasl_fixes'
Phil Pennock [Sat, 18 Feb 2012 16:20:18 +0000 (11:20 -0500)]
Merge branch 'sasl_fixes'

12 years agoUse gsasl_property_fast() in property callback.
Phil Pennock [Sat, 18 Feb 2012 16:10:36 +0000 (11:10 -0500)]
Use gsasl_property_fast() in property callback.

Avoids the loops which we only cancel out anyway.

12 years agoDocument pkg-config for TLS
Phil Pennock [Sat, 18 Feb 2012 14:22:27 +0000 (09:22 -0500)]
Document pkg-config for TLS

12 years agoSupport pkg-config for SSL libraries.
Phil Pennock [Sat, 18 Feb 2012 14:10:50 +0000 (09:10 -0500)]
Support pkg-config for SSL libraries.

Also: update EDITME to refer to pkg-config & AUTH_HEIMDAL_GSSAPI.

12 years agoDocument pkg-config
Phil Pennock [Sat, 18 Feb 2012 13:34:12 +0000 (08:34 -0500)]
Document pkg-config

12 years agoSwap gsasl GSSAPI $auth1/$auth2
Phil Pennock [Sat, 18 Feb 2012 13:14:29 +0000 (08:14 -0500)]
Swap gsasl GSSAPI $auth1/$auth2

12 years agoDrop server_realm from heimdal_gssapi
Phil Pennock [Sat, 18 Feb 2012 12:15:16 +0000 (07:15 -0500)]
Drop server_realm from heimdal_gssapi

12 years agoDocument heimdal_gssapi as it works now.
Phil Pennock [Sat, 18 Feb 2012 09:56:19 +0000 (04:56 -0500)]
Document heimdal_gssapi as it works now.

12 years agoMinor cleanups.
Phil Pennock [Sat, 18 Feb 2012 09:10:35 +0000 (04:10 -0500)]
Minor cleanups.

multi-blank-line protection never set the bool needed
OID-method for keytab setting cleanup (drop <roken.h> and fix comments)

12 years agoUse gsskrb5_register_acceptor_identity
Phil Pennock [Fri, 17 Feb 2012 13:01:10 +0000 (08:01 -0500)]
Use gsskrb5_register_acceptor_identity

Drop the OID and pseudo-standard GSSAPI extension mechanism.
Found Heimdal-specific API call I needed, works great.
gsskrb5_register_acceptor_identity(filename)

Separately: add various debug statements.

12 years agoFirst pass heimdal_gssapi authenticator.
Phil Pennock [Wed, 15 Feb 2012 13:09:57 +0000 (08:09 -0500)]
First pass heimdal_gssapi authenticator.

Not yet working, failing to set keytab.

Also: support (AUTH|LOOKUP)_*_PC=foo to use `pkg-config foo` for cflags/libs.

12 years agoDocument gsasl integration
Phil Pennock [Tue, 14 Feb 2012 02:11:25 +0000 (21:11 -0500)]
Document gsasl integration

12 years agoMore bug-fixes, GSASL DIGEST-MD5 now works.
Phil Pennock [Mon, 6 Feb 2012 01:36:51 +0000 (20:36 -0500)]
More bug-fixes, GSASL DIGEST-MD5 now works.

Defined helper streqic() since I seem tired enough to be forgetting ==0 checks.
Deal with left-over-data-to-send correctly.
Now tested with PLAIN, CRAM-MD5, DIGEST-MD5.
For DIGEST-MD5, check for server_realm, since GSASL doesn't error out without it.

12 years agoremove stray globals block
Phil Pennock [Mon, 6 Feb 2012 00:55:37 +0000 (19:55 -0500)]
remove stray globals block

12 years agoImplemented gsasl driver for authentication.
Phil Pennock [Mon, 6 Feb 2012 00:13:32 +0000 (19:13 -0500)]
Implemented gsasl driver for authentication.

Missing: documentation; tests.

Tested: PLAIN auth.

Status: probably buggy