For mech-eap you'll probably want to use the master branch. The debian
branch is for packaging.
For freeradius, you can use the tr-integ branch, or use freeradius'
3.0.x branch directly.

-Kevin Wasserman

On 4/30/2015 12:34 PM, Alejandro Perez Mendez wrote:
> Hi all,
> 
> we are going to start with the developing of a proof-of-concept
> prototype of the functionality associated to section 7 of
> draft-ietf-abfab-aaa-saml. For doing that I would need to:
> 
> 1) Modify the functionality of gss_get_name_attribute in mech_eap, in
> order to allow it to query the IDP when the requested SAML attribute is
> not in the local storage.
> 
> 2) Modify the freeradius implementation in order to process SAML-Message
> attributes in Access-Request and to provide the appropriate response.
> 
> I'm cloning moonshot's git repository in my local machine, but it's not
> clear to me which branch should I use for mech_eap and freeradius. I
> guess origin/debian should be fine, however, for freeradius I'm getting
> some problems. In particular, I'm getting this error at the end of the
> authentication when channel bindings are enabled. That's why I thought
> that maybe I was using a too unstable branch.
> 
>    CONSISTENCY CHECK FAILED src/main/state.c[386]: Expected VALUE_PAIR
>    "EAP-Channel-Binding-Message" to be parented by 0xef6730
>    (RADIUS_PACKET), instead parented by 0xef6640 (RADIUS_PACKET)
>    Talloc chunk lineage:
>    0xef6730 (RADIUS_PACKET) < 0xef64a0 (REQUEST) < 0xef5830 (REQUEST) <
>    0xef55a0 (UNNAMED)
>    Talloc context level 0:
>    Talloc chunk lineage:
>    0xef6640 (RADIUS_PACKET) < 0xef64a0 (REQUEST) < 0xef5830 (REQUEST) <
>    0xef55a0 (UNNAMED)
>    Talloc context level 0:
>    SOFT ASSERT FAILED src/lib/debug.c[1229]: 0
>    CAUGHT SIGNAL: User defined signal 1
>    Backtrace of last 32 frames:
>    /usr/local/lib/libfreeradius-radius.so(fr_fault+0x132)[0x7f2dcb368051]
>   
> /usr/local/lib/libfreeradius-radius.so(fr_assert_cond+0x54)[0x7f2dcb3694e5]
>   
> /usr/local/lib/libfreeradius-radius.so(fr_verify_list+0x126)[0x7f2dcb369457]
> 
>    /usr/local/lib/libfreeradius-server.so(+0x22bb9)[0x7f2dcb5c3bb9]
>   
> /usr/local/lib/libfreeradius-server.so(verify_request+0x120)[0x7f2dcb5c3ce3]
> 
>    radiusd(fr_state_get_vps+0x1b5)[0x431047]
>    radiusd(rad_authenticate+0x237)[0x410986]
>    radiusd(rad_virtual_server+0x102)[0x4112d8]
>    /usr/local/lib/rlm_eap_ttls.so(eapttls_process+0xac0)[0x7f2dc5a43af2]
>    /usr/local/lib/rlm_eap_ttls.so(+0x22a3)[0x7f2dc5a412a3]
>    /usr/local/lib/rlm_eap.so(+0x4323)[0x7f2dc6459323]
>    /usr/local/lib/rlm_eap.so(eap_method_select+0x470)[0x7f2dc6459ca6]
>    /usr/local/lib/rlm_eap.so(+0x3031)[0x7f2dc6458031]
>    radiusd[0x42857a]
>    radiusd[0x428c45]
>    radiusd[0x428756]
>    radiusd[0x42964c]
>    radiusd(modcall+0x9c)[0x42a3e8]
>    radiusd(indexed_modcall+0x2e7)[0x425bc1]
>    radiusd(process_authenticate+0x22)[0x427e66]
>    radiusd[0x410354]
>    radiusd(rad_authenticate+0x520)[0x410c6f]
>    radiusd[0x43ce27]
>    radiusd[0x43bcd1]
>    radiusd(request_receive+0x788)[0x43d67a]
>    radiusd[0x41890e]
>    radiusd[0x443f94]
>   
> /usr/local/lib/libfreeradius-radius.so(fr_event_loop+0x5c0)[0x7f2dcb38d471]
>    radiusd(radius_event_process+0x26)[0x445a29]
>    radiusd(main+0xc8f)[0x4302ef]
>    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f2dc9afbead]
>    radiusd[0x40f7f9]
>    No panic action set
>    _EXIT(1) CALLED src/lib/debug.c[1230].  Last error was:
> 
> I'd be very grateful if someone could tell me whether I'm using the
> proper branch, and if so, why this failure might be happening.
> 
> Thank you in advance, and best regards,
> Alejandro
> 
>