[shibboleth-sp2] annotated tag 1.2.1 created (now a04967f)
Ferenc Wágner
wferi-guest at moszumanska.debian.org
Tue Jan 26 21:29:07 UTC 2016
This is an automated email from the git hooks/post-receive script.
wferi-guest pushed a change to annotated tag 1.2.1
in repository shibboleth-sp2.
at a04967f (tag)
tagging a6d01d36c43a06a1bb4ba3ab82a0a3cce0ff2f8a (commit)
tagged by no-author
on Wed Nov 10 16:48:19 2004 +0000
- Log -----------------------------------------------------------------
Tagging 1.2.1 release.
Aaron Wohl (12):
get rid of timespec in portable ccache. it doesnt exist on the pc.
windows implementation needs more testing
oops the public static functions wherent in that versin i checked in
1) add virtual destructors to all base classes
vc_register
map the names:
test harness for windows shib-threads.cpp, could work on unix without too much trouble but
ifdef pthreads, it doesnt exist on the pc
cant return a void in microsoft vc 6 sp5, need to do return or fall off the end
make a less pthreads specific way to mask signals
mask signals in a way that can work on a pc
implementation of shib-sock.c for win32
Derek Atkins (179):
Code drop of new target..
Don't need this file -- added by accident
Add the apache config (mods) that I'm using
mod_shire.cpp: fix all the errors to include APLOG_NOERROR
- Update to Xerces-2.1 support
Fix a character "shift" config bug
Don't crash if apache does not pass a content type
Change the RPC API to pass a list of SAMLAssertion objects. Push the
change the log-level of a few messages from INFO -> DEBUG
Add shireSSLOnly config optopn and check it in mod_shire
refresh the INI file whenever it changes on disk (stat the file
add the shireSSLOnly tag to the INI file
Updated sample apache config
update sample apache config with a few more comments
Updated example configuration files to match new config module
Stupid SUN compiler .. implicit -Dsun=1... Can't use a variable "sun"
We don't need unistd.h (and it causes problems on Solaris)
Add the XMLOriginSiteMapper to tyhe build
use the new XMLOriginMapper
Move shib-target.h into shib-target subdir
Remove Makefile
autoconfiscate the building of the shar
install eduPerson.h into ${includedir}/eduPerson
register the shib schema
It helps to actually RETURN the object....
Check for apreq headers to make sure apreq path is correct
Add --enable-apxs-install configure option (default is OFF). When it is
Break the POST processor into a "handler"
Rebuilt the RPC stubs. Add NEED_XDR_LONGLONG for scott
Change the rpc service APIs to abstract out RPC SVC creation.
Move shibrpc_svc_run() into the shar. Implement our own svc_run(),
remove the socket "file" at shar shutdown
Add '-f' option
fix bugID 24.. Use stringstream instead of strstream
report the saml exception in the error logs.
Fix error message for SHIRE POST (bug 27)
Try connecting to the SHAR multiple times (with a short sleep between).
I should try compiling simple fixes..
I should compile before committing..
configure.ac: add --with-dmalloc= option to compile with (some) dmalloc support
Include code to work on Solaris, but it is #ifdef'd out for now
move scott's shibrpc.h fix to shibrpc.x so it doesn't get lost.
add test-client to .cvsignore
It helps if I type "clnt" and not "cnlt"
updated bootstrap to deal with RH7.3
Check-in of original version of ONCRPC library (and headers) from
Re-port RPC library to Solaris
A better hook for our oncrpc
Ignore built-files
the RPCTEST needs to be run earlier (because LIBS gets "too big" ;)
add xdr_free prototype
No longer need to test for xdr_uint64_t -- we've got it ourselves
add some #defines to rpc/rpc.h to not shadow system-library symbols
Don't need clnt_destroy or svc_destroy -- those are already
#include <rpc/rpc.h> to get our overriding #defines
Add #include <rpc/rpc.h> to the rest of the sources
slightly different fix to link ONCRPC
Add more documentation about the apache options
rename "wayfError" to "shireError"
add sitesCertFile INI-file parameter
Added thread api and pthread impl
shib-ini.cpp:
shib-ccache.cpp:
Add locking to the cache. This is mostly MT-Safe now, although
shib-ccache.cpp:
add Thread::kill() API
Refactor the SHAR code a bit.
Add interface for thread-specific data (ThreadKey)
shib-target.h:
shib-threads.{h,cpp}:
shib-ccache.cpp:
Add some more error output. In particular, start looking for
Add some debug/info logging for the shar cache cleanup thread
set the connection auth_type. Fixes bug #41
mod_shire/mod_shibrm: catch all exceptions, not just runtimes. The
Move some headers around so we can #undef _XOPEN_SOURCE
ignore xmlsectest
shib-ccache.cpp:
mod_shibrm:
fix a potential SEGV in the rpc code
need to convert the XMLString to char* to output..
Change the "extensions" header to "extensions:saml", in preparation
Add configuration options for the cacheType, cacheClean, cacheTimeout,
Implement the request attributes
Be sure to delete the ShibINI::Iterator objects when we're done with them
Improve the logging information
Fix the ShibINI::iterator destructors.
Handle errors slightly better.
Change the RPCError API; supply a 'type', 'text', 'desc', and 'code'
Fix a spelling snafu
put the shar into the background by default
revert out the daemon() call -- it's not portable
Make sure we distribute a complete source tree
Apply XDR fix for SunRPC, even though our code is not affected
Make sure to always include mod_shibrm and mod_shire Makefiles..
Properly find Xerces-C 2.2 (it needs a namespace)
User -> for pointer dereference
xmlsec requires xml2 -- required to get "make distcheck" to work. Make distcheck
Begin a restructuring to allow the most re-use of code for
Plug-in support for Credential Cache -- allows for Caches to be
Change cacheTimeout configuration from minutes to seconds
Change RPC timeout to 10 minutes. We're using "TCP",
Require a valid "member@" attribute. Hopefully this is correct.
Add #define for "defaultLife", the default attribute lifetime
Deal with assertions without ending times by limiting them to
Solaris requires a re-order of libraries (at least on MY solaris box)
* ccache-utils.h shib-ccache.cpp:
Add support for the originErrorURL, originContactName, and originContactEmail
hook in the OriginSiteMapper; now just waiting on the originSite
Re-architect the way errors are handled across the RPC.
It helps if the method is declared as part of the class ;)
Return the origin from the POST during new_session()
Hook in the origin obtained via the RPC.
Export the raw AuthenticationStatement from the CCache
Pass the origin back across the RPC in the other two RPC methods
Check for non NULL and non-empty URL string
Add configuration options for AATimeout, AAConnectTimeout, and SAML Compat.
Catch parsing errors and pass them up to the user
Update the example 'require' to be correct
Remove 'valid-user'
Put the style sheet into the HTML root directory
An ExpiredAssertionException is fatal, not retryable
shireError.html: update the error template to show origin contact
Add a timestamp to the RM error message
Don't die on a certificate parse (or keystore) failure. Ignore the failure,
Add a bunch more debugging to the RPC sections
Make sure to ignore generated files
The MySQL Credential Cache
Add a --disable-apache-13 configure option
Get the --enable-mysql configure argument to work properly
First pass at an apache-2 module. It compiles on Linux
Add stdio.h to mysql link test
Fix Scott's test to make it work on Linux again
Get the Apache-2.0 module working.
Add an apache2 configuration sample
Check for pkg-config and use that for openssl libraries, if it's available
Don't forget to add -lssl -lcrypto
Need to set -lssl -lcrypto and do so outside the --with-openssl code
Refactor some code:
First pass at an API for a higher-level target API
Remove (old) mod_shib code
Remove the non-used eduperson module code
Improved SHIREURL support:
Add some additional shutdown logging
Handle the case where a session is destroyed in the database.
Better exiting without an ini-file
Add support for ShibRequireAll per-directory directive
Move the configs EXTRA_DIST from main Makefile into configs Makefile
Build the config files at compile-time; this will let us stop hard-coding
Config files point to $prefix
Don't hard-code /opt/shibboleth in the sources. Use a #define
scott missed a closing brace. Now this compiles
Port scott's changes from apache-1.3 to apache-2.
port scott's cgiparse code into a C++ class.
Makefile's dont work properly with embedded ^M chars
Get cgi parsing code to work. Note: it helps a lot if
Need to properly zero-ize buffers before passing them to apache
fencepost error readying from apache. works now with
Use '0' instead of 'NULL' in initializers
add shibboleth.xml to the ignore list
handle non-srcdir builds
Add a shib-paths header file, auto-generated at build time.
be sure to parameterize the new config file properly
Remove some code which isn't implemented (and probably never will be)
Build apache modules from a common source.
Reduce code duplication -- move the headers into the common file
test -f requires a full path, so use AC_PATH_PROG to find the -config app
Add a comment to revisit a difference between this module and the
Fix the names of the (new) apache modules
Rename "syslog" to something that doesn't confuse people.
Change the logdir to ${localstatedir}/log/shibboleth, which means
Remove old apache-1.3 and apache-2.0 code, as we now use the combined module
Be careful of empty vars
Fix the getopt() string
remove apxs as an install-method. Fixes #89
add an init test that shows how init();shutdown();init();shutdown(); fails
Some extra debugging to show it's dying on shutdown 2
Add some debugging info in mod_apache to see where we're called.
Make sure we don't provide bogus data in the rpc return value.
Nate Klingenstein (5):
Updates to 1.1; simplifies section 4, moving most info to section 5; documents resolvertest.
Softens language in 2.1 for Ken.
Added information about ca-bundle.crt for origins.
Changed shib-support to inqueue-support.
Small changes & fixes reported by users.
Noah Levitt (3):
Add *.loT to .cvsignore.
Actually we don't want to ignore *.loT.
Try to be smart about removing .la files.
Ryan Campbell (1):
Initial checkin for .htaccess support via registry.
Scott Cantor (920):
Initial Win32 project
no message
Corrected scope operator.
Fixed null -d bug.
Add XML schemas
Add Sun makefile
Add GCC makefile
Corrected exception declaration.
Had to add Scope attribute to derived types (Xerces bug?)
Initial versions
General cleanup, adding mappable attributes, split out attribute classes.
Initial versions
Added single byte value access to attributes.
Added eduPerson source files
Added constants and support classes.
Per-attribute support classes with stricter type checking.
Added a constant for InvalidHandle.
Hopefully near alpha2
Add Sun makefiles
Add debug switch
Factor out constants
Cleaned up a minor Solaris issue and some warnings.
Solaris only extern decl.
Took out old line of code.
Error handling fixes, added assertion export, directory config merging.
Fixed bug in default timeout setting.
Corrected default setting behavior.
Set SAML verbosity based on log level.
Added option to dynamically derive SHIRE scheme/hostname/port from target URL
Fixed const problem
Path changes
Added option to normalize request URL to server name.
Fixed log statements
Renamed server config routine to avoid collision with other modules.
Fixed debug logging.
Fixed up tester to use AAP like mod_shib
Added verbose config setting.
Beginning of work for Shibboleth beta.
Solaris fix
Changed Iterator arguments to const references
Update makefile sources
Changed Iterator::next() to return const&
Update to newer SAML API
Changed serialization to a const operation.
Reworked SAMLException as a SAMLObject subclass.
Win32 corrections
Win32 corrections
no message
Fixed bugs in cache entry validation, cleared all mapped headers before looking at attributes.
Turned library into a formalized "extension" using special entry points.
Revised to use (lib)eduPerson as extension library.
Initial version, based on a hybrid of alpha 2.5 and some new work.
isapi_shib added
Added ctime header.
Reworked config class.
Added extensive logging, mapper now uses an internal lock, misc. bug fixes.
Added log4cpp settings.
Added ShibLogConfig and ShibLoadModule commands to sync up with post-alpha libraries.
Added log4cpp to build.
Config changes.
no message
Added notation elements to schema, not sure if this is correct.
Converted Filter attribute to a simple string enum, to bypass some bugs we're looking into.
Wrapped g_config in an anon. namespace
Add posttest program
Small tweaks to prepare() signature
VC6 doesn't like std::time_t
Added SAX exception handler.
Added additional checking calls, a better mapper.
no message
Updated to Xerces 2.1
Added XML mapper and some constants.
Added constants.
Initial port from Java
Removed mapper from APIs.
Added destructor.
Hardcoded a base of file:/// so relative URIs can be used.
Add m4 and libtool files
Moved to shib/
Moved to eduPerson/
Check in initial autoconf files and headers
Changed header inclusion
Moved test programs into new location
Moved to new test/ location
Moved to test/
Remove old Sun makefile
Added registration of schema, to insure it's been installed.
Removed extra registration of shib schema.
Changed layout for autoconf
Pulled out extra registration of shib schema, no longer needed.
changed header locations
Add automake file to shire module
added prelim support for Apache 1.3 modules
have to "install" shared libs
fixed headers
Add automake file to shibrm module
Change CVS properties
Change CVS properties
Remove old GCC makefile
per-target CFLAGS seems to fail on Linux
added apxs conditional to bypass install
wrapped globals in namespace
added a check for uint64 support in xdr.h
Partial implementation of signature verification with libxmlsec.
Corrected dummy mapper interface
Changed to test signed response on stdin.
removed inline assembler breakpoint
Added xmlsec and friends to the build.
Made calist mapper paramater optional (don't need CAs if not verifying)
Removed explicit call to accept() and added warning when values are filtered.
Got test-client working again
Added log4cpp to build.
tests for TLI RPC fix
Corrected and added RPC-related tests, fix to library inclusion for libxml
Added config.h
Fix to missing datatype fix for Sol2.6
Added TLI fix to CXXFLAGS
Changed example paths and added attribute mappings
example file-based logs
changed default settings
Add automake file to configs directory
added configs/Makefile
configs/ca-bundle.crt
added CA bundle
fixed xdr_free return type
added oncrpc to shar build
Added test for libapreq on Sun, needs a -U switch
log->debug() crash workaround
new test program for xmlsec
extra comma causing warning
Sun's compiler wants extra cast
Extraneous malloc declaration
Added text files to distro, updated version of package.
Added APLOG_NOERRNO to error logging.
Added distribution files
Extraneous ifdef removed
Revised exception modeling.
POST profile more exception-based when errors occur.
Revised exception modeling.
Reverted POST profile API to return pointers.
Removed unneeded pointer checks from POST profile calls.
Reverted POST API
Pass ShibINI object to extension libraries
Added "1" for boolean tag values.
Reworked routines to support attribute section in ini file, must now link to libshib-target
Reworked library to support manual content validation,
converted a reference member to a string to avoid temp object bugs
Various WIN32 fixes.
Remove Windows config header
Common copy of autoconf settings for Win32 build.
Added strcasecmp check
Various WIN32 fixes.
Various WIN32 fixes.
Customize signature verify step based on type of signed object.
switch extra install to dist-hook
Wrapped mapper c'tor in exc handler, elevated error logging.
Verbose failure of shib-target startup
Added regexp attribute to Domain elements.
Revised OriginSiteMapper so that domain iterator includes a regxp flag.
First attempt at regexp AAP support for scoped attributes.
Switch to Xerces regexp class.
Fixed dummy mapper
catch XML regex exceptions
Added missing files to distribution.
Added AAP elements to schema.
AAP implementation, refactoring of simple attribute classes.
Change to SAMLRequest signature.
Correction to request c'tor
Added RTTI and factory interface for exceptions.
Windows makefile changes
Added Java-style pkg prefix to exceptions.
Fixed exception constructor.
Migrated thread API from shib-target.
extra backslash
migrated thread classes to libshib
Modified default policy URI.
Added SAML policies
Added runtime policy via config file, added global access to target config.
Added filter on assertions for condition checking.
Converted policy vector to XMLCh from xstring
Various fixes to runtime policy changes
Bypass policy URI for now.
Made SHAR socket name/port configurable.
Remove old GCC makefiles
Worked around C language of shar.
Return NULL sock name if config not loaded.
Wasn't calling function to get socket name.
Changed policy URI to pilot version.
Added new OriginSiteMapper design to support refresh.
fixed extra template instantiation
Use built in mapper implementation.
Change policy URI
wrong ini section in policy loading
Fixed policy loading again
changed constant
fixed typename in exception classes
Added refresh setting.
Added refresh setting.
Revise affiliation URI
Added regexp feature to require rule processing.
Fixed a race condition during ST init, moving most of the work to an init() method
corrected log label
fixes to regexp code
added CA support
revised mapper interface
Multiply minutes for cleanup by 60.
Change to attribute name.
Added default AAP.
Use InCommon key for sites file.
Default policy
Comments fixed.
Updated default.
Fixed bug in EPPN parsing.
Debug logging.
More debugging.
Screwed up DOM element reference.
Forgot a cast.
Screwed up another cut and paste.
Allow empty policy.
updated pkg and lib version
added AAP to build
Use a fixed message for AA content type errors for now
Fixed calls to exception macros
Added format URI
added back old audience value for easier migration to new release
Added format URI
removed unneeded schema
Remove old schema
Moved AAP stuff in, added new attr value type.
Switched to pattern layout.
Migration of eduPerson code.
Moved AAP and attribute config from eduPerson lib.
Removal of eduPerson
Removed attribute factories.
Added attribute factories.
Added logging.
Code shifted to shib library.
Added contact info to site metadata.
A few compatibility fixes.
Reordered headers and removed some constants.
Fixed config defs.
Reordered header (Windows issue with Apache lib)
Changes to config options.
Prelim port to Apache xml-security lib
Header case correction
Updated version
Some Win32 fixes.
Can't inline virtuals
Removed eduPerson
Remove test program
removed old test
updated for new release
Removed the includes and some lib folders.
Add eduPerson module to Windows solution
Added APIs for origin site access.
Updated to 1.5 final release
Renewed OSU CA
Fix to SAML config params.
fix samples
Draft 1.1 schemas
Added new schemas.
Added contact list.
Support multiple contacts.
Change to contact info interface.
Added null destructors
Some win32 fixes.
Exported auth method and origin site.
Switch to NCName for IDRefs
Avoid pushing unconverted values on to the list.
Stat the pathname directly, removed stale code.
Add siterefresh utility
Added siterefresh
Change CVS properties
Add siterefresh to build
Bug fixes
Fixed cert parsing.
Missed a semicolon
Corrected cert parsing
Updated drafts
First cut at trust metadata
Switch to UTF-8 for values.
Reactivated valid-user rule.
Added AnyValue rule.
Added AnyValue support in AAP
Some changes for 1.0
Add AnyValue rules for default attrs
Was returning nulls from mapper calls
Clone the attribute designators when building query.
Added memory leak traps in constructor.
needless assignment of iterator removed
Removed RespondWith from query (deprecated in SAML 1.1)
Revised metadata entries
Revised metadata interface for multiple sources/providers
Revised metadata interface for multiple sources/providers
Tweak to provider type
Change metadata provider types.
Add various MSVC extensions
Refactoring of metadata interface
variable scoping error
Temporary noops for cert validation.
Fill in missing methods.
Merge trust and metadata config.
Revised trust schema
Add various MSVC extensions
First cut of new trust interfaces
Changed exception type
Schema fixes.
Missing complexType
Forgot to check result of validation.
Fail if any metadata provider fails.
Shifted getCert call from IAuthority to Trust
Forgot to initialize member
Parse regexp rules as UTF8->UTF-16 values.
Basic sites file with pilot testing sites.
First example of a trust file, pretty minimal now.
Added metadata.
Remove test program
Tweak default policy.
Updated sample file.
Removed InCommon constant.
Removed policy constant
Allow zero assertions.
Updated case of InCommon URIs and added CAs to trust file.
Removed duplicate CA.
Update timestamp when reloading file.
Wrong variable name.
Clone statement before deleting response, append null to serialized object
Tweak to cleanup
Removed extra clone
Bypass spurious warning
Removed.
Updated attribute URIs.
Log metadata failure, but don't abort.
Abort shar on metadata failure.
Added some comments.
Added some comments.
Change level to WARN.
Don't need metadata in tester.
Update some of the paths and strings for the 1.0 rollout.
Added consts.
Added consts.
Better warnings when rejecting values.
Update some of the paths and strings for the 1.0 rollout.
Tweaked path to example HS
Changed WAYF path
Switched to InQueue federation name.
Moved docs to doc folder.
Add doc folder.
Moved docs to doc folder.
Moved to doc folders
Added deploy guides.
Syncing with java copies
Bad path
Merged doc changes
Merged doc changes
Changed name of policy.
Missing schemas from distribution.
Function needed to return value.
Switch to mask_all
Removed obsoleted "attributes" section.
Reimplemented AAP consistent with Metadata/Trust APIs
Changes to attribute handling.
Added schema to support attribute config via AAP files.
Moved attribute configuration into AAP.
Removed aap-uri
Upped revision
Check for optional attributes before assignment.
Put back the fix for using transcode before Xerces is started.
Added check for strtok_r
Added strtok define.
strtok fix for Windows
Updated to fix hidden symbols
Fixed for VC6
Add ONCRPC project to Windows project
Added export specifiers.
Unused variable removed.
Update Windows project files
Added export specifiers.
Reordered headers.
Update Windows project files
Added export specifiers.
Added license.
Prelim Win32 changes.
Add shar project to Windows project
Added most of the remaining projects.
Reworked arg array (error'd on Windows)
Add MYSQL plugin to Windows project
Added mySQL plugin project.
Wasn't assigning socket during creation.
Windows changes.
Added export specifier.
Wrong license in file.
Added license.
Reorganized preprocessor declarations for Windows.
Split debug/release library build dependencies
Added a catch_all handler.
Extra "new" in exception toss crashing on Windows.
Removed unneeded static vector.
Reworked filter to improve performance on unprotected content.
Plugged leak in deletion of statement.
Added listen call to sock bind.
Added svcfd_create.
Added EAPI.
Use fd_create on Windows.
Added winsock calls.
Change CVS properties
Added build directories.
Added sharacl for TCP shar
Access sock name through function.
Change CVS properties
Check for a slash before unlinking.
Rework sockname, and add sockacl.
Add ACL on socket, add optional TCP support to Unix.
Define TCP for Windows shar.
Add --enable-tcp option.
Remove old projects.
Add TCP define to C++ flags
Fixed TLS.
Implemented per-thread RPC handles.
Broke apart to account for Windows service differences.
Win32 service support.
Removed useless "normalizing" code.
Rewritten filter based on 1.0 APIs, still missing POST handler.
Added isapi section and per-site parameters for ISAPI.
Added POST handler as an ISAPI extension.
Add shibtarget project to Windows build
Working version.
Added catch(...) handler.
Change output filenames.
Added VC++ files to dist.
Added Win32 Install file.
Revised distribution inclusions.
Added Win32 threads source to dist.
Revised distribution inclusions.
Fixed unlink option
Add backward-compatibility hack for aap-uri setting.
Major rewrite for Windows and IIS, 1.0.1 changes, many corrections.
Added aap-uri warning.
Compile error.
Fixed nasty null pointer bug in Thread::join()
Tweaked some logging.
Added clarifying stderr msg once log is switched.
Point build at mysql sources.
Added finalize call.
Turn on SQL cache by default.
Added docs for MySQL cache.
Changed default schema path on Windows
Install to libexec
Added noinst header
Swapped order of deletes in cleanup
Switch from kernel call to FD_SETSIZE.
Hide svc_fdset symbol to override Solaris global.
Override svc_fdset global to hide Solaris global.
Added AC_DEFINE for ONC library.
Conditional redefine of svc_fdset to onc_svc_fdset.
Added ONC define.
Reordered includes.
Bad FAQ URL
Added a bit of logging.
Small changed, plus syncing up origin feature list.
Patch to Makefile.in
Tweak patch language.
Added MySQL section.
Added new attributes.
Added Headers.
Added scope rules to AAP schema.
Add permit/deny rules for Scope to AAP implementation.
Allow only scope rules in a site rule.
Fix accept/deny check in Scope rules.
Updated version to 1.1, added Scope rules in AAP section.
Updated package version.
Add sample Scope rules.
Reorganized attribute factory API for custom plugins.
Let complex values pass AnyValue rules.
Update to OpenSSL 0.9.7b
Add missing files.
Some final Windows additions.
Added default shireURL for IIS version to use.
Fixed problem with buffer reuse, set MIME type on errors.
Was overwriting session id with address.
Updated feature list.
Updated feature list.
Forgot to set C++ flags to use local RPC
Added new Verisign root.
Updated library version.
Code around STL problems.
Fixed commented out rules.
OpenSSL on Solaris returning NULL method ptrs for empty exts.
Syntax error in validation
Add format parameter.
Add a test for POSIX rwlock interface
Code around lack of POSIX rwlocks on 2.6
Added GlobalSign Root.
Fix for bug #74.
Added timestamps to top level elements, new stuff for trust fabric.
Corrected data type.
Fixed various schema errors.
Example credentials file.
Added comment at top.
Add XML-based client SSL config.
Revision for new binding API, won't work just yet...
Add XML-based client SSL config.
Removed old key/cert commands.
Upped lib version
Used wrong subject pointer in binding call.
Reference, not pointer.
Updated provider types and creds format.
New creds format.
Add SAML library to link lines
Revamped credential APIs.
Errors in KeyStoreResolver
Socket "name" is a string on all platforms.
Added a close() when the child socket exhausts the ONC limit.
Set FD_SETSIZE if not set already.
Fixed bug in service install name
Fix dumping for older OpenSSL
ERROR constant was conflicting on Windows
Missing rest of SAML checking after extract of origin site.
Replaced auto_ptr with try/catch block.
Cleaned up some auto_ptrs.
Cleaned up some auto_ptrs.
Added release() calls.
ShibTargetException needs copy ctor like elf needs food. Badly.
Wasn't returning true from attach()
Removed unneeded warning about socket closure.
Change CVS properties
Check for empty cookie before calling RPC.
Handle empty cookie with a retryable error.
Adding installshield scripts to cvs
Changed media path
Adding installshield scripts to cvs
Should init refcount value.
First draft of URL mapping schema
Made hosts optional.
Untested URL mapping support.
Added scheme enum
Redesigned target around URL->application mapping
Change CVS properties
Fixes to make it compile for now
removed SimpleAttribute
bad filename
Removed sock name typedef, reorgd headers
gcc didn't like empty iterator
Added time and providerId params on redirect
Added time and providerId params on redirect
Interim redesign to DOM-based config factories
Moved RPCHandle functionality inside library, added handle pool across threads.
Change CVS properties
Removed RPCHandle code.
Added creds schema
First draft
Added default attribute lifetime.
Cache sessions and attributes by application_id, remove resourceentry wrapper, support attribute push and new expiration and strictness settings.
Updated version, try and replace state table from older version.
Provide upgrade path for database from old version
Don't require origin to supply client IP
Trust metadata schema
Added AttributeAuthority elements.
New plugin implementations of Shibboleth APIs
Fixes to matching function
Updating licenses and docs
Updated config files.
Updated schemas
Redesigned APIs, factored out pluggable bits, new wrapper classes for SAML.
Fixes to get them compiling
Wasn't verifying peer, fixed matching loops, changed default depth to 1
Added attribute caching options
Change CVS properties
Align to new APIs
Updated makefiles
Wouldn't compile?
Extra dash in comment
Restored AttributeValueType for older origins
Updating licenses and docs
Updated example
Renamed creds section
Metadata revisions, fixed lack of per-thread binding config.
Added more tracing
Bad indirection in iterator
More newer gcc code fixed
Add Apache 2.0 project file
New metadata API, fixes to SAML wrappers, simpler plugin API
New plugin API, some memory leaks and other issues fixed
New config formats
New configuraton API, new APIs for various pluggable pieces, new SHIRE/RM interface for modules, etc.
New config, C++ Listener API
New config API and session cache API
Modules for new library API, merged shibrm code into mod_shire
Revisions for new target libraries
New config file examples, and a self-signed key
Update Apache module build advice
New test client for shar
Revisions for new target libraries
Changed cast to 0
Fixed some extensions
Another file gone
Fixed some Unix bugs
Now works on both platforms
Another header gone.
Fixes to Unix main()
Moved declaration over.
For now, just declare the function...
Missing function
Add extern C to API
Missing lib
Added -d option
check for empty parameters
Update XML schema files
Fixed plugin type
Add some logging, fix reversed conditional
Return boolean from TCP accept
Need to prime the implementation in factory
Updated versions, included default paths
Bypass new path header on Windows
Change inline RequestMap to a level beneath.
Pass through lazy sessions.
Restructured auth check for lazy sessions.
Was deleting socket file too liberally.
const bug
Fix up defaults.
Sync up RM behavior
Tweak to IIS schema
Explicit length on CGI parser.
Move normalizeRequest setting to ISAPI-specific.
Default cookie props
Revise module for new APIs, lazy sessions.
Changed ISAPI section
Update Windows project files, remove embedded CGI parser
Took Location out of AttributeRequester element.
Made consumer service consistent with other elements.
Changed schema location, might have some positive effects
Updated openssl path
Removed CGI parser
Moved path constants into main header for WIN32
Should only need svc_fdcreate decl on Linux
Change CVS properties
Fixes to error handling, attribute export.
Removed TCP shar option from script
Removed apreq checks.
Removed reference to ini file
Removed apreq reference
Removed mod_shibrm
Updated for new metadata and specifying root element with the command
Cleanup usage message
Added a macro to fix a Solaris header issue
Add a Shibboleth version header to HTTP requests.
Made a localhost cert
Added a default key binding for the localhost sample key.
Attempt at a default "localhost" config
Added new exception for invalid handle, and detect during queries.
Handle new exception type as retryable.
Always propagate InvalidHandleException out of query.
Changed default sites list to localhost.
Mention mod_so in docs.
New mod_shibXX projects
Add Apache Windows project files
Moved our headers into the per-version files above the Apache headers
Need the old Handler unless AuthType shib is set at root.
New default settings to support InQueue along with private testing.
Added require Shibboleth rule, fixed valid-user, and handling of no session.
Support replay checking disablement for testing
Add a replayCheck option for testing
Changed libs to use .so extension
More cleanup -- use default key always, example.edu will accept it.
Removed dual config mode.
Removed Apache config section
Removed extra key
Removed Apache element
Always include providerId in audience.
Fix for older gcc?
Problem with function cast was OpenSSL specific
Add warning on wildcards.
missed else clause
vi, aargh
Wasn't initializing wildcard pointer.
Added a 0-depth trust entry for the sample key for SSL
Have to use dynamic_cast to check for base class.
For now, pull log config from etc/
Filter out some debug level garbage
Move exception "package" path into opensaml.
Try and remove la file(s)
Implement OpenSSL locking callbacks (way too late)
static cast required for Solaris
Changed dashes to character references.
Log some of the config-related errors.
Added clock skew config.
Restrained attribute wildcarding, added clockSkew
Added clockSkew attribute
Had an attribute mis-named.
Leave Errors extensions open.
Added noverify option, will check sig if present, but warns user
Changed default for strict lifetime checking to false
Added version check for saml
Removed extra comment in SQL cache
Hacking the schema to work around a Xerces-C validation bug.
Moved NameIdentifier out of Subject.
Removed incorrect schema hint.
Fix some imports to pull local copy of DSIG schema.
Had to hang AttributeValueType off the SAML hack.
NDC was duplicating itself on stack.
Make the parameter globals a bit more unique.
Added logging to shutdown
Added a config checking option.
Added a Xerces version check.
missed a variable name
corrected some log messages
Treat empty response as success.
Added comment.
Changed from localhost in site names.
Added alias commands for css/logo
Added styleSheet tag.
Added styleSheet Error property.
Add style sheet for templates
Cleaned up the schema a bit.
The pig has landed
Added error template sample content.
Accept unscoped affiliation by default.
Convert some errors to warn.
Changes for installer.
A wee bit smaller...
Extended MLP to support arbitrary tag subbing from XML config
Tweaked some APIs to conform better to eventual metadata
Updated for 1.2
Version changes rolled back.
Switch to basic layout, add in transaction log.
Added a transaction log, reduced some clutter in session cache logging.
Repeat after me...providerId, not provider_id
Switch to basic layout, add in transaction log.
Missed a log name.
Leave session ID shorter for now
Update to installer files
Update installer fileset
Switching to local file handler for XML configs, much better for Windows
Some cleanup for config checking
Slightly better IP mismatch msg
Update to installer files
Lowered a log to debug.
Sample should have propagateErrors true, easier to test with.
Embed spaces in DNs
logging is swallowing stderr on Windows
Embed spaces in DNs
Bug in metadata-based AA query.
Add an option for emulating 1.1 authn request
Filter out xlog from this end
Was masking better error details coming from below.
Stop dumping the whole exception.
Parser seems unhappy with xml decl
For now, added space in DNs
Fixed some ambiguities.
Fixed ASC URLs for sample targets.
Added InCommon, and HEPKI middle CA so origins won't need to do extra work.
Extra KeyInfo element.
Added export of NameIdentifier.
Probably incorrect addition of URI as a subjectAltName
Cleaned up some default behaviors
Fixed some parameter setting, still need logging fixes.
Bad variable name
Got rid of very bad schema hack.
Made cookieName optional.
Handle DN matching better.
Made cookieName optional.
Update installer string tables
Factor out some of the cookie name handling.
Forgot to clear the vector.
Add AnyAttribute support for global attrib acceptance with export rules.
Tightened up RequestMap elements.
Raise logging level to WARN
Added logging config as a distinct feature
Wasn't compiling on Apache 1.3
Auto-apply handler to *.shire
Handle library unload.
Inline element should be unqualified.
Adjusted ACL API to take authn statement as well as attrs.
More likely altName algorithm, still need to test
Add a log msg when adding CAs.
Explicit log of callback errors.
Scale back log a bit, that's too much...
Added a ShibURLScheme server command
Better handling of default port when scheme is overridden
IIS fix to properly handle URL c14n
Forgot to change constant.
Proper KeyAuth matching when multiple key descriptors exist.
Adjusted some logging levels.
Renamed metadata for IQ
Added simple conditional if/ifnot tags to MLP class.
Show use of conditionals to avoid excess ugliness.
Bit of cleanup
Forgot to move reference to example origin
Update installer fileset
Proper error return for bad args.
Updated build notes and shibtest
Block use of KeyName inside KeyInfo, avoids confusion.
Block use of KeyName inside KeyInfo, avoids confusion.
Last sync up to SAML draft
Missing slash was breaking service install
Corrected and clarified some behavior.
Removed a few rarely used attributes.
Add password to commented example Key
Example of alternate way of hooking handler.
Removed Policy element from configuration
Missing closing tag
Default to memory cache
Sync up
Add debug option
Fix debug option for non-GCC compilers
Need to use apr-config on Fedora
Apache header conflict on Solaris 9
Switched to child_init hook for startup on Apache 2
Last sec draft std adjustment
Copying over latest docs.
Update for 1.2
Update installer fileset
Copying over latest docs.
Need to treat contact info as UTF-8
Ugh, forgot to encode the providerId
More checking against getApplication calls.
Had a naked throw() in get_assertions
Another naked throw()
Need to skip embedded Application tags.
Wrap child thread creation to catch exceptions.
Add logging of result codes.
Helps to include header...
Cleaned up some stray objects when threads die
Switch back to PatternLayout
Fixed extra dist list
Added depcomp to dist target
Small fix to shireURL handling
Bad return check on openssl call
Sync to HEAD
Backported child shutdown fix
Fixed crash when removing lone assertion due to condition check (bug 111)
Target URL computation was unreliable.
Added Win32 config to distribution
Added missing files to dist.
Added wrapper around pthread include.
Expose exception during debug startup.
Corrected Site attributes definition.
Fixed service uninstall.
Wasn't chopping query string properly.
Syncing older project files.
Syncing older project files.
Better logging of RPC status code.
Some additional logging.
Needed lock around svcfd_create call, which manipulates ONC globals.
Keep client handle in scope until resources are freed.
Moved a static function inside the child class.
Implemented thread-safe wrappers around global data.
Added imports.
Change CVS properties
Added additional exception handling for xsec errors.
Added mutex around transport array.
Upped library interface version.
Update to newest SOAP schema.
Update lib interface revision.
Version resource
*** keyword substitution change ***
Version resource
Version resource
Increased package number.
Add version resources to Windows projects
Had to add header for Solaris.
Fixed a few Solaris errors.
Fix language errors when checking C functions.
Update to latest log4cpp build
Switch to C cast for OS X
Favor gcc over gcc3 (OS X more likely than Red Hat 7)
New platform-based RPC switch
Fixed some small issues with RPC test
Port of BSD-based float handling.
Implemented a socket/thread map to insure one thread per socket.
Switch back to original RPC test, most Unix variants should be safe now.
Use decl check for svcfd_create.
Update automake version
Fixed conditional declaration
Finalize RPC decl checking
Proper win32 error detection
Work around broken svc_destroy on Mac
Add additional declarations
Make sure svc_destroy is used for Windows/Sun
Define svcfd_create when test fails.
Define int types when stdint is needed.
Yank conflicting netdb header into internal version.
Pull in config.h to prevent duplicate rpcent definition.
Conditionally declare sys_errlist
Added .. to include list
Syncing back up
More comprehensive RPC checking and options
Forgot to include config.h
stdint.h not present on Windows
Checking for Xerces 2.6.0
Remove default from Host scheme.
Smarten up Host handling to cover common cases.
Change some default settings to reflect Host/IIS changes
Version updates
Version updates
Version updates
Backported anyType fix.
Updated to Xerces 2.6.1 (my build)
Change CVS properties
Added default logging configuration for command line tools.
Update news file
Add stderr appender
Version updates
Change CVS properties
Backported timeout "fix"
RPM changes from HEAD
Clarified an error message.
Updated to latest libcurl
Fixed broken scheme computation in extension
Changing defaults/examples to avoid use of DN.
Tweaks for 1.2.1
Missing stat definition on older Red Hat.
Recoded all response handling to address browser issues.
Corrected feature version
Tweaks for 1.2.1
Merging config protection changes.
Add all-data-local to install hook
Added a sanity check if cookie value has an equal sign in it.
Patched filter redirects to match extension redirects.
Added option to read file from stdin, easier way to support SSL
Walter Hoehn (34):
Added license to c++ source files.
Added license to header files.
Removed tags from endif. Was causing bootstrap to fail.
Added name-based default security domain to Origin Mapper.
Changed ENV exporting of multi-valued attributes to use : as the separator. Added escaping of the same.
String was going out of scope. Changed to use ap_table_set, which makes a copy.
Everyone seems to agree that ; is better than : as a separator.
Backed out default security domain change. The change in behavior I was attempting to correct was intended.
Add the NSDL "Site CA" Certificate
Fixed require alias processing. Should now match correctly on single/multiple values and work with semicolon escaping.
Added RSA server CA for UTH.
Fixed metadata schema annotations.
Merging from 1.0 branch.
Added InQueue federation config guide.
Many changes.
More documentation fixes from Steven.
Fix goofed update.
Implemented Bob's latest suggestions.
Rev.
Copied from /java/doc/
Copied from /java/doc/.
Copied updates from /java/doc/.
Rev'd version number.
Updated some version numbers and an outdated path.
Added new 1.1 features to NEWS file.
Integrating new doc changes from Steven.
Minor fixes.
Copied from /java/doc/.
Copied from /java/doc/.
Copied from /java/doc/.
Updated NSDL CA cert.
Updated NSDL CA cert.
Sync'd with /java.
Synch'd from /java.
no-author (3):
New repository initialized by cvs2svn.
This commit was manufactured by cvs2svn to create branch 'Rel_1_2'.
This commit was manufactured by cvs2svn to create branch 'Rel_1_2'.
-----------------------------------------------------------------------
This annotated tag includes the following new commits:
new 30c8fce This commit was manufactured by cvs2svn to create branch 'Rel_1_2'.
new 211a20a Fixed extra dist list
new 6df5bad Added depcomp to dist target
new a162200 Small fix to shireURL handling
new adc141d Bad return check on openssl call
new 756ebd1 Sync to HEAD
new f6d082e Backported child shutdown fix
new 97412c2 Fixed crash when removing lone assertion due to condition check (bug 111)
new fc1928d Target URL computation was unreliable.
new 62dc738 Added Win32 config to distribution
new d88d448 Added missing files to dist.
new f533cda Added wrapper around pthread include.
new b309167 Expose exception during debug startup.
new 82c6b30 Corrected Site attributes definition.
new 634e21e Fixed service uninstall.
new 996194c Wasn't chopping query string properly.
new d398477 Syncing older project files.
new 3266de8 Syncing older project files.
new 7928b4f Better logging of RPC status code.
new 8db07cf Some additional logging.
new 050c5c6 Needed lock around svcfd_create call, which manipulates ONC globals.
new 8fcbc48 Keep client handle in scope until resources are freed.
new 1782956 Moved a static function inside the child class.
new 1f42cf2 Implemented thread-safe wrappers around global data.
new 003e4a4 Added imports.
new 0fd201e Change CVS properties
new 0206352 Added additional exception handling for xsec errors.
new d191b88 Added mutex around transport array.
new bb444b2 Upped library interface version.
new 2919a0f Update to newest SOAP schema.
new 28fbc22 Update lib interface revision.
new 035e35f Version resource
new f4c1aff *** keyword substitution change ***
new 455a2ab Version resource
new 8766d73 Version resource
new d5ea71a Increased package number.
new 9fdb7e7 Add version resources to Windows projects
new 1ab5b64 Had to add header for Solaris.
new 67970d6 Fixed a few Solaris errors.
new dccf860 Fix language errors when checking C functions.
new f87b3d7 Update to latest log4cpp build
new 341c7db Switch to C cast for OS X
new 6033c5d Favor gcc over gcc3 (OS X more likely than Red Hat 7)
new beaf06b New platform-based RPC switch
new d3000b3 Fixed some small issues with RPC test
new c0b5e2a Port of BSD-based float handling.
new 74aad3f Implemented a socket/thread map to insure one thread per socket.
new 1f0d0fd Switch back to original RPC test, most Unix variants should be safe now.
new 0f34b27 Use decl check for svcfd_create.
new dc3ad00 Update automake version
new 87d421b Fixed conditional declaration
new 3aec5f1 Finalize RPC decl checking
new 4cd0aaa Proper win32 error detection
new 309a0e0 Work around broken svc_destroy on Mac
new f0dc3f3 Add additional declarations
new 705100e Make sure svc_destroy is used for Windows/Sun
new 6326e1c Define svcfd_create when test fails.
new 7d20be3 Define int types when stdint is needed.
new bfc9a8f Yank conflicting netdb header into internal version.
new ae405ed Pull in config.h to prevent duplicate rpcent definition.
new 9710de9 Conditionally declare sys_errlist
new bca91b0 Added .. to include list
new e9b26a1 Syncing back up
new 7791b80 More comprehensive RPC checking and options
new fa7934b Forgot to include config.h
new da46d49 stdint.h not present on Windows
new 194c43c Checking for Xerces 2.6.0
new 8733f9e This commit was manufactured by cvs2svn to create branch 'Rel_1_2'.
new d523e21 Remove default from Host scheme.
new 4001d05 Smarten up Host handling to cover common cases.
new 15c13be Change some default settings to reflect Host/IIS changes
new 6a72ab2 Version updates
new 1a0c379 Version updates
new 1336bdf Version updates
new bac4eeb Backported anyType fix.
new 2ccd49d Updated to Xerces 2.6.1 (my build)
new a80580e Change CVS properties
new ad0b947 Sync'd with /java.
new 792ed1a Added default logging configuration for command line tools.
new ddcc3df Update news file
new 46f4ca6 Add stderr appender
new 5b3e934 Version updates
new 72ec5b5 Change CVS properties
new 0e95cb3 Backported timeout "fix"
new 287e9a4 RPM changes from HEAD
new ba8eee8 Clarified an error message.
new 65431f6 Updated to latest libcurl
new 17717d1 Fixed broken scheme computation in extension
new 9792f10 Changing defaults/examples to avoid use of DN.
new 0263db8 Tweaks for 1.2.1
new 748358f Missing stat definition on older Red Hat.
new c1efdb9 Recoded all response handling to address browser issues.
new ed8eacf Corrected feature version
new 6e0b95a Tweaks for 1.2.1
new 0786030 Merging config protection changes.
new 8e73cfb Add all-data-local to install hook
new ee47a4d Added a sanity check if cookie value has an equal sign in it.
new 85ff208 Patched filter redirects to match extension redirects.
new 756ce83 Added option to read file from stdin, easier way to support SSL
new a6d01d3 Synch'd from /java.
The 100 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "adds" were already present in the repository and have only
been added to this reference.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-shibboleth/shibboleth-sp2.git
More information about the Pkg-shibboleth-devel
mailing list