1233294Sstas2008-08-14 Love Hornquist Astrand <lha@10a140laptop.local> 2127808Snectar 3233294Sstas * krb5/accept_sec_context.c: If there is a initiator subkey, copy 4233294Sstas that to acceptor subkey to match windows behavior. From Metze. 5233294Sstas 6233294Sstas2008-08-02 Love H��rnquist ��strand <lha@h5l.org> 7233294Sstas 8233294Sstas * ntlm/init_sec_context.c: Catch error 9233294Sstas 10233294Sstas * krb5/inquire_sec_context_by_oid.c: Catch store failure. 11233294Sstas 12233294Sstas * mech/gss_canonicalize_name.c: Not init m, return never 13233294Sstas used (overwritten later). 14233294Sstas 15233294Sstas2008-07-25 Love H��rnquist ��strand <lha@kth.se> 16233294Sstas 17233294Sstas * ntlm/init_sec_context.c: Use krb5_cc_get_config. 18233294Sstas 19233294Sstas2008-07-25 Love H��rnquist ��strand <lha@kth.se> 20233294Sstas 21233294Sstas * krb5/init_sec_context.c: Match the orignal patch I got from 22233294Sstas metze, seems that DCE-STYLE is even more weirer then what I though 23233294Sstas when I merged the patch. 24233294Sstas 25233294Sstas2008-06-02 Love H��rnquist ��strand <lha@kth.se> 26233294Sstas 27233294Sstas * krb5/init_sec_context.c: Don't add asn1 wrapping to token when 28233294Sstas using DCE_STYLE. Patch from Stefan Metzmacher. 29233294Sstas 30233294Sstas2008-05-27 Love H��rnquist ��strand <lha@kth.se> 31233294Sstas 32233294Sstas * ntlm/init_sec_context.c: use krb5_get_error_message 33233294Sstas 34233294Sstas2008-05-05 Love H��rnquist ��strand <lha@kth.se> 35233294Sstas 36233294Sstas * spnego/spnego_locl.h: Add back "mech/utils.h", its needed for 37233294Sstas oid/buffer functions. 38233294Sstas 39233294Sstas2008-05-02 Love H��rnquist ��strand <lha@it.su.se> 40233294Sstas 41233294Sstas * spnego: Changes from doug barton to make spnego indepedant of 42233294Sstas the heimdal version of the plugin system. 43233294Sstas 44233294Sstas2008-04-27 Love H��rnquist ��strand <lha@it.su.se> 45233294Sstas 46233294Sstas * krb5: use DES_set_key_unchecked() 47233294Sstas 48233294Sstas2008-04-17 Love H��rnquist ��strand <lha@it.su.se> 49233294Sstas 50233294Sstas * add __declspec() for windows. 51233294Sstas 52233294Sstas2008-04-15 Love H��rnquist ��strand <lha@it.su.se> 53233294Sstas 54233294Sstas * krb5/import_sec_context.c: Use tmp to read ac->flags value to 55233294Sstas avoid warning. 56233294Sstas 57233294Sstas2008-04-07 Love H��rnquist ��strand <lha@it.su.se> 58233294Sstas 59233294Sstas * mech/gss_mech_switch.c: Use unsigned where appropriate. 60233294Sstas 61233294Sstas2008-03-14 Love H��rnquist ��strand <lha@it.su.se> 62233294Sstas 63233294Sstas * test_context.c: Add test for gsskrb5_register_acceptor_identity. 64233294Sstas 65233294Sstas2008-03-09 Love H��rnquist ��strand <lha@it.su.se> 66233294Sstas 67233294Sstas * krb5/init_sec_context.c (init_auth): use right variable to 68233294Sstas detect if we want to free or not. 69233294Sstas 70233294Sstas2008-02-26 Love H��rnquist ��strand <lha@it.su.se> 71233294Sstas 72233294Sstas * Makefile.am: add missing \ 73233294Sstas 74233294Sstas * Makefile.am: reshuffle depenencies 75233294Sstas 76233294Sstas * Add flag to krb5 to not add GSS-API INT|CONF to the negotiation 77233294Sstas 78233294Sstas2008-02-21 Love H��rnquist ��strand <lha@it.su.se> 79233294Sstas 80233294Sstas * make the SPNEGO mech store the error itself instead, works for 81233294Sstas everything except other stackable mechs 82233294Sstas 83233294Sstas2008-02-18 Love H��rnquist ��strand <lha@it.su.se> 84233294Sstas 85233294Sstas * spnego/init_sec_context.c (spnego_reply): if the reply token was 86233294Sstas of length 0, make it the same as no token. Pointed out by Zeqing 87233294Sstas Xia. 88233294Sstas 89233294Sstas * krb5/acquire_cred.c (acquire_initiator_cred): handle the 90233294Sstas credential cache better, use destroy/close when appriate and for 91233294Sstas all cases. Thanks to Michael Allen for point out the memory-leak 92233294Sstas that I also fixed. 93233294Sstas 94233294Sstas2008-02-03 Love H��rnquist ��strand <lha@it.su.se> 95233294Sstas 96233294Sstas * spnego/accept_sec_context.c: Make error reporting somewhat more 97233294Sstas correct for SPNEGO. 98233294Sstas 99233294Sstas2008-01-27 Love H��rnquist ��strand <lha@it.su.se> 100233294Sstas 101233294Sstas * test_common.c: Improve the error message. 102233294Sstas 103233294Sstas2008-01-24 Love H��rnquist ��strand <lha@it.su.se> 104233294Sstas 105233294Sstas * ntlm/accept_sec_context.c: Avoid free-ing type1 message before 106233294Sstas its allocated. 107233294Sstas 108233294Sstas2008-01-13 Love H��rnquist ��strand <lha@it.su.se> 109233294Sstas 110178825Sdfr * test_ntlm.c: Test source name (and make the acceptor in ntlm gss 111178825Sdfr mech useful). 112178825Sdfr 113233294Sstas2007-12-30 Love H��rnquist ��strand <lha@it.su.se> 114178825Sdfr 115178825Sdfr * ntlm/init_sec_context.c: Don't confuse target name and source 116178825Sdfr name, make regressiont tests pass again. 117178825Sdfr 118233294Sstas2007-12-29 Love H��rnquist ��strand <lha@it.su.se> 119178825Sdfr 120178825Sdfr * ntlm: clean up name handling 121178825Sdfr 122233294Sstas2007-12-04 Love H��rnquist ��strand <lha@it.su.se> 123178825Sdfr 124178825Sdfr * ntlm/init_sec_context.c: Use credential if it was passed in. 125178825Sdfr 126178825Sdfr * ntlm/acquire_cred.c: Check if there is initial creds with 127178825Sdfr _gss_ntlm_get_user_cred(). 128178825Sdfr 129178825Sdfr * ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that 130178825Sdfr return the user info so it can be used by external modules. 131178825Sdfr 132178825Sdfr * ntlm/inquire_cred.c: use the right error code. 133178825Sdfr 134178825Sdfr * ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no 135178825Sdfr credential, ntlm have (not yet) a default credential. 136178825Sdfr 137178825Sdfr * mech/gss_release_oid_set.c: Avoid trying to deref NULL, from 138178825Sdfr Phil Fisher. 139178825Sdfr 140233294Sstas2007-12-03 Love H��rnquist ��strand <lha@it.su.se> 141178825Sdfr 142178825Sdfr * test_acquire_cred.c: Always try to fetch cred (even with 143178825Sdfr GSS_C_NO_NAME). 144178825Sdfr 145233294Sstas2007-08-09 Love H��rnquist ��strand <lha@it.su.se> 146178825Sdfr 147178825Sdfr * mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags. 148178825Sdfr 149233294Sstas2007-08-08 Love H��rnquist ��strand <lha@it.su.se> 150178825Sdfr 151178825Sdfr * spnego/compat.c (_gss_spnego_internal_delete_sec_context): 152178825Sdfr release ctx->target_name too From Rafal Malinowski. 153178825Sdfr 154233294Sstas2007-07-26 Love H��rnquist ��strand <lha@it.su.se> 155178825Sdfr 156178825Sdfr * mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't 157178825Sdfr have dlopen. From Rune of Chalmers. 158178825Sdfr 159233294Sstas2007-07-10 Love H��rnquist ��strand <lha@it.su.se> 160178825Sdfr 161178825Sdfr * mech/gss_duplicate_name.c: New signature of _gss_find_mn. 162178825Sdfr 163178825Sdfr * mech/gss_init_sec_context.c: New signature of _gss_find_mn. 164178825Sdfr 165178825Sdfr * mech/gss_acquire_cred.c: New signature of _gss_find_mn. 166178825Sdfr 167178825Sdfr * mech/name.h: New signature of _gss_find_mn. 168178825Sdfr 169178825Sdfr * mech/gss_canonicalize_name.c: New signature of _gss_find_mn. 170178825Sdfr 171178825Sdfr * mech/gss_compare_name.c: New signature of _gss_find_mn. 172178825Sdfr 173178825Sdfr * mech/gss_add_cred.c: New signature of _gss_find_mn. 174178825Sdfr 175178825Sdfr * mech/gss_names.c (_gss_find_mn): Return an error code for 176178825Sdfr caller. 177178825Sdfr 178178825Sdfr * spnego/accept_sec_context.c: remove checks that are done by the 179178825Sdfr previous function. 180178825Sdfr 181178825Sdfr * Makefile.am: New library version. 182178825Sdfr 183233294Sstas2007-07-04 Love H��rnquist ��strand <lha@it.su.se> 184178825Sdfr 185178825Sdfr * mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from 186178825Sdfr Rafal Malinowski. 187178825Sdfr 188178825Sdfr * spnego/spnego.asn1: Indent and make NegTokenInit and 189178825Sdfr NegTokenResp extendable. 190178825Sdfr 191233294Sstas2007-06-21 Love H��rnquist ��strand <lha@it.su.se> 192178825Sdfr 193178825Sdfr * ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred. 194178825Sdfr 195178825Sdfr * mech/gss_display_status.c: Provide message for GSS_S_COMPLETE. 196178825Sdfr 197178825Sdfr * mech/context.c: If the canned string is "", its no use to the 198178825Sdfr user, make it fall back to the default error string. 199178825Sdfr 200233294Sstas2007-06-20 Love H��rnquist ��strand <lha@it.su.se> 201178825Sdfr 202178825Sdfr * mech/gss_display_name.c (gss_display_name): no name -> 203178825Sdfr fail. From Rafal Malinswski. 204178825Sdfr 205178825Sdfr * spnego/accept_sec_context.c: Wrap name in a spnego_name instead 206178825Sdfr of just a copy of the underlaying object. From Rafal Malinswski. 207178825Sdfr 208178825Sdfr * spnego/accept_sec_context.c: Handle underlaying mech not 209178825Sdfr returning mn. 210178825Sdfr 211178825Sdfr * mech/gss_accept_sec_context.c: Handle underlaying mech not 212178825Sdfr returning mn. 213178825Sdfr 214178825Sdfr * spnego/accept_sec_context.c: Make sure src_name is always set to 215178825Sdfr GSS_C_NO_NAME when returning. 216178825Sdfr 217178825Sdfr * krb5/acquire_cred.c (acquire_acceptor_cred): don't claim 218178825Sdfr everything is well on failure. From Phil Fisher. 219178825Sdfr 220178825Sdfr * mech/gss_duplicate_name.c: catch error (and ignore it) 221178825Sdfr 222178825Sdfr * ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess. 223178825Sdfr 224178825Sdfr * mech/gss_accept_sec_context.c: Only wrap the delegated cred if 225178825Sdfr we got a delegated mech cred. From Rafal Malinowski. 226178825Sdfr 227178825Sdfr * spnego/accept_sec_context.c: Only wrap the delegated cred if we 228178825Sdfr are going to return it to the consumer. From Rafal Malinowski. 229178825Sdfr 230178825Sdfr * spnego/accept_sec_context.c: Fixed memory leak pointed out by 231178825Sdfr Rafal Malinowski, also while here moved to use NegotiationToken 232178825Sdfr for decoding. 233178825Sdfr 234233294Sstas2007-06-18 Love H��rnquist ��strand <lha@it.su.se> 235178825Sdfr 236178825Sdfr * krb5/prf.c (_gsskrb5_pseudo_random): add missing break. 237178825Sdfr 238178825Sdfr * krb5/release_name.c: Set *minor_status unconditionallty, its 239178825Sdfr done later anyway. 240178825Sdfr 241178825Sdfr * spnego/accept_sec_context.c: Init get_mic to 0. 242178825Sdfr 243178825Sdfr * mech/gss_set_cred_option.c: Free memory in failure case, found 244178825Sdfr by beam. 245178825Sdfr 246178825Sdfr * mech/gss_inquire_context.c: Handle mech_type being NULL. 247178825Sdfr 248178825Sdfr * mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL. 249178825Sdfr 250178825Sdfr * mech/gss_krb5.c: Free memory in error case, found by beam. 251178825Sdfr 252233294Sstas2007-06-12 Love H��rnquist ��strand <lha@it.su.se> 253178825Sdfr 254178825Sdfr * ntlm/inquire_context.c: Use ctx->gssflags for flags. 255178825Sdfr 256178825Sdfr * krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is 257178825Sdfr not ment for machine consumption. 258178825Sdfr 259233294Sstas2007-06-09 Love H��rnquist ��strand <lha@it.su.se> 260178825Sdfr 261178825Sdfr * ntlm/digest.c (kdc_alloc): free memory on failure, pointed out 262178825Sdfr by Rafal Malinowski. 263178825Sdfr 264178825Sdfr * ntlm/digest.c (kdc_destroy): free context when done, pointed out 265178825Sdfr by Rafal Malinowski. 266178825Sdfr 267178825Sdfr * spnego/context_stubs.c (_gss_spnego_display_name): if input_name 268178825Sdfr is null, fail. From Rafal Malinowski. 269178825Sdfr 270233294Sstas2007-06-04 Love H��rnquist ��strand <lha@it.su.se> 271178825Sdfr 272178825Sdfr * ntlm/digest.c: Free memory when done. 273178825Sdfr 274233294Sstas2007-06-02 Love H��rnquist ��strand <lha@it.su.se> 275178825Sdfr 276178825Sdfr * test_ntlm.c: Test both with and without keyex. 277178825Sdfr 278178825Sdfr * ntlm/digest.c: If we didn't set session key, don't expect one 279178825Sdfr back. 280178825Sdfr 281178825Sdfr * test_ntlm.c: Set keyex flag and calculate session key. 282178825Sdfr 283233294Sstas2007-05-31 Love H��rnquist ��strand <lha@it.su.se> 284178825Sdfr 285178825Sdfr * spnego/accept_sec_context.c: Use the return value before is 286178825Sdfr overwritten by later calls. From Rafal Malinowski 287178825Sdfr 288178825Sdfr * krb5/release_cred.c: Give an minor_status argument to 289178825Sdfr gss_release_oid_set. From Rafal Malinowski 290178825Sdfr 291233294Sstas2007-05-30 Love H��rnquist ��strand <lha@it.su.se> 292178825Sdfr 293178825Sdfr * ntlm/accept_sec_context.c: Catch errors and return the up the 294178825Sdfr stack. 295178825Sdfr 296178825Sdfr * test_kcred.c: more testing of lifetimes 297178825Sdfr 298233294Sstas2007-05-17 Love H��rnquist ��strand <lha@it.su.se> 299178825Sdfr 300178825Sdfr * Makefile.am: Drop the gss oid_set function for the krb5 mech, 301178825Sdfr use the mech glue versions instead. Pointed out by Rafal 302178825Sdfr Malinowski. 303178825Sdfr 304178825Sdfr * krb5: Use gss oid_set functions from mechglue 305178825Sdfr 306233294Sstas2007-05-14 Love H��rnquist ��strand <lha@it.su.se> 307178825Sdfr 308178825Sdfr * ntlm/accept_sec_context.c: Set session key only if we are 309178825Sdfr returned a session key. Found by David Love. 310178825Sdfr 311233294Sstas2007-05-13 Love H��rnquist ��strand <lha@it.su.se> 312178825Sdfr 313178825Sdfr * krb5/prf.c: switched MIN to min to make compile on solaris, 314178825Sdfr pointed out by David Love. 315178825Sdfr 316233294Sstas2007-05-09 Love H��rnquist ��strand <lha@it.su.se> 317178825Sdfr 318178825Sdfr * krb5/inquire_cred_by_mech.c: Fill in all of the variables if 319178825Sdfr they are passed in. Pointed out by Phil Fisher. 320178825Sdfr 321233294Sstas2007-05-08 Love H��rnquist ��strand <lha@it.su.se> 322178825Sdfr 323178825Sdfr * krb5/inquire_cred.c: Fix copy and paste error, bug spotted by 324178825Sdfr from Phil Fisher. 325178825Sdfr 326178825Sdfr * mech: dont keep track of gc_usage, just figure it out at 327178825Sdfr gss_inquire_cred() time 328178825Sdfr 329178825Sdfr * mech/gss_mech_switch.c (add_builtin): ok for 330178825Sdfr __gss_mech_initialize() to return NULL 331178825Sdfr 332178825Sdfr * test_kcred.c: more correct tests 333178825Sdfr 334178825Sdfr * spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a 335178825Sdfr spnego_name. 336178825Sdfr 337178825Sdfr * ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now, 338178825Sdfr need to find default cred and friends. 339178825Sdfr 340178825Sdfr * krb5/inquire_cred_by_mech.c: reimplement 341178825Sdfr 342233294Sstas2007-05-07 Love H��rnquist ��strand <lha@it.su.se> 343178825Sdfr 344178825Sdfr * ntlm/acquire_cred.c: drop unused variable. 345178825Sdfr 346178825Sdfr * ntlm/acquire_cred.c: Reimplement. 347178825Sdfr 348178825Sdfr * Makefile.am: add ntlm/digest.c 349178825Sdfr 350178825Sdfr * ntlm: split out backend ntlm server processing 351178825Sdfr 352233294Sstas2007-04-24 Love H��rnquist ��strand <lha@it.su.se> 353178825Sdfr 354178825Sdfr * ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free 355178825Sdfr credcache when done 356178825Sdfr 357233294Sstas2007-04-22 Love H��rnquist ��strand <lha@it.su.se> 358178825Sdfr 359178825Sdfr * ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @ 360178825Sdfr 361178825Sdfr * ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm 362178825Sdfr creds from the krb5 credential cache. 363178825Sdfr 364233294Sstas2007-04-21 Love H��rnquist ��strand <lha@it.su.se> 365178825Sdfr 366178825Sdfr * ntlm/delete_sec_context.c: free the key stored in the context 367178825Sdfr 368178825Sdfr * ntlm/ntlm.h: switch password for a key 369178825Sdfr 370178825Sdfr * test_oid.c: Switch oid to one that is exported. 371178825Sdfr 372233294Sstas2007-04-20 Love H��rnquist ��strand <lha@it.su.se> 373178825Sdfr 374178825Sdfr * ntlm/init_sec_context.c: move where hash is calculated to make 375178825Sdfr it easier to add ccache support. 376178825Sdfr 377178825Sdfr * Makefile.am: Add version-script.map to EXTRA_DIST. 378178825Sdfr 379233294Sstas2007-04-19 Love H��rnquist ��strand <lha@it.su.se> 380178825Sdfr 381178825Sdfr * Makefile.am: Unconfuse newer versions of automake that doesn't 382178825Sdfr know the diffrence between depenences and setting variables. foo: 383178825Sdfr vs foo=. 384178825Sdfr 385178825Sdfr * test_ntlm.c: delete sec context when done. 386178825Sdfr 387178825Sdfr * version-script.map: export more symbols. 388178825Sdfr 389178825Sdfr * Makefile.am: add version script if ld supports it 390178825Sdfr 391178825Sdfr * version-script.map: add version script if ld supports it 392178825Sdfr 393233294Sstas2007-04-18 Love H��rnquist ��strand <lha@it.su.se> 394178825Sdfr 395178825Sdfr * Makefile.am: test_acquire_cred need test_common.[ch] 396178825Sdfr 397178825Sdfr * test_acquire_cred.c: add more test options. 398178825Sdfr 399178825Sdfr * krb5/external.c: add GSS_KRB5_CCACHE_NAME_X 400178825Sdfr 401178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X 402178825Sdfr 403178825Sdfr * krb5/set_sec_context_option.c: refactor code, implement 404178825Sdfr GSS_KRB5_CCACHE_NAME_X 405178825Sdfr 406178825Sdfr * mech/gss_krb5.c: reimplement gss_krb5_ccache_name 407178825Sdfr 408233294Sstas2007-04-17 Love H��rnquist ��strand <lha@it.su.se> 409178825Sdfr 410178825Sdfr * spnego/cred_stubs.c: Need to import spnego name before we can 411178825Sdfr use it as a gss_name_t. 412178825Sdfr 413178825Sdfr * test_acquire_cred.c: use this test as part of the regression 414178825Sdfr suite. 415178825Sdfr 416178825Sdfr * mech/gss_acquire_cred.c (gss_acquire_cred): dont init 417178825Sdfr cred->gc_mc every time in the loop. 418178825Sdfr 419233294Sstas2007-04-15 Love H��rnquist ��strand <lha@it.su.se> 420178825Sdfr 421178825Sdfr * Makefile.am: add test_common.h 422178825Sdfr 423233294Sstas2007-02-16 Love H��rnquist ��strand <lha@it.su.se> 424178825Sdfr 425178825Sdfr * gss_acquire_cred.3: Add link for 426178825Sdfr gsskrb5_register_acceptor_identity. 427178825Sdfr 428233294Sstas2007-02-08 Love H��rnquist ��strand <lha@it.su.se> 429178825Sdfr 430178825Sdfr * krb5/copy_ccache.c: Try to leak less memory in the failure case. 431178825Sdfr 432233294Sstas2007-01-31 Love H��rnquist ��strand <lha@it.su.se> 433178825Sdfr 434178825Sdfr * mech/gss_display_status.c: Use right printf formater. 435178825Sdfr 436178825Sdfr * test_*.[ch]: split out the error printing function and try to 437178825Sdfr return better errors 438178825Sdfr 439233294Sstas2007-01-30 Love H��rnquist ��strand <lha@it.su.se> 440178825Sdfr 441178825Sdfr * krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on 442178825Sdfr GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. 443178825Sdfr 444178825Sdfr This is because Kerberos always support INT|CONF, matches behavior 445178825Sdfr with MS and MIT. The creates problems for the GSS-SPNEGO mech. 446178825Sdfr 447233294Sstas2007-01-24 Love H��rnquist ��strand <lha@it.su.se> 448178825Sdfr 449178825Sdfr * krb5/prf.c: constrain desired_output_len 450178825Sdfr 451178825Sdfr * krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random 452178825Sdfr 453178825Sdfr * mech/gss_pseudo_random.c: Catch error from underlaying mech on 454178825Sdfr failure. 455178825Sdfr 456178825Sdfr * Makefile.am: Add krb5/prf.c 457178825Sdfr 458178825Sdfr * krb5/prf.c: gss_pseudo_random for krb5 459178825Sdfr 460178825Sdfr * test_context.c: Checks for gss_pseudo_random. 461178825Sdfr 462178825Sdfr * krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG 463178825Sdfr 464178825Sdfr * Makefile.am: Add mech/gss_pseudo_random.c 465178825Sdfr 466178825Sdfr * gssapi/gssapi.h: try to load pseudo_random 467178825Sdfr 468178825Sdfr * mech/gss_mech_switch.c: try to load pseudo_random 469178825Sdfr 470178825Sdfr * mech/gss_pseudo_random.c: Add gss_pseudo_random. 471178825Sdfr 472178825Sdfr * gssapi_mech.h: Add hook for gm_pseudo_random. 473178825Sdfr 474233294Sstas2007-01-17 Love H��rnquist ��strand <lha@it.su.se> 475178825Sdfr 476178825Sdfr * test_context.c: Don't assume bufer from gss_display_status is 477178825Sdfr ok. 478178825Sdfr 479178825Sdfr * mech/gss_wrap_size_limit.c: Reset out variables. 480178825Sdfr 481178825Sdfr * mech/gss_wrap.c: Reset out variables. 482178825Sdfr 483178825Sdfr * mech/gss_verify_mic.c: Reset out variables. 484178825Sdfr 485178825Sdfr * mech/gss_utils.c: Reset out variables. 486178825Sdfr 487178825Sdfr * mech/gss_release_oid_set.c: Reset out variables. 488178825Sdfr 489178825Sdfr * mech/gss_release_cred.c: Reset out variables. 490178825Sdfr 491178825Sdfr * mech/gss_release_buffer.c: Reset variables. 492178825Sdfr 493178825Sdfr * mech/gss_oid_to_str.c: Reset out variables. 494178825Sdfr 495178825Sdfr * mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables. 496178825Sdfr 497178825Sdfr * mech/gss_mech_switch.c: Reset out variables. 498178825Sdfr 499178825Sdfr * mech/gss_inquire_sec_context_by_oid.c: Reset out variables. 500178825Sdfr 501178825Sdfr * mech/gss_inquire_names_for_mech.c: Reset out variables. 502178825Sdfr 503178825Sdfr * mech/gss_inquire_cred_by_oid.c: Reset out variables. 504178825Sdfr 505178825Sdfr * mech/gss_inquire_cred_by_oid.c: Reset out variables. 506178825Sdfr 507178825Sdfr * mech/gss_inquire_cred_by_mech.c: Reset out variables. 508178825Sdfr 509178825Sdfr * mech/gss_inquire_cred.c: Reset out variables, fix memory leak. 510178825Sdfr 511178825Sdfr * mech/gss_inquire_context.c: Reset out variables. 512178825Sdfr 513178825Sdfr * mech/gss_init_sec_context.c: Zero out outbuffer on failure. 514178825Sdfr 515178825Sdfr * mech/gss_import_name.c: Reset out variables. 516178825Sdfr 517178825Sdfr * mech/gss_import_name.c: Reset out variables. 518178825Sdfr 519178825Sdfr * mech/gss_get_mic.c: Reset out variables. 520178825Sdfr 521178825Sdfr * mech/gss_export_name.c: Reset out variables. 522178825Sdfr 523178825Sdfr * mech/gss_encapsulate_token.c: Reset out variables. 524178825Sdfr 525178825Sdfr * mech/gss_duplicate_oid.c: Reset out variables. 526178825Sdfr 527178825Sdfr * mech/gss_duplicate_oid.c: Reset out variables. 528178825Sdfr 529178825Sdfr * mech/gss_duplicate_name.c: Reset out variables. 530178825Sdfr 531178825Sdfr * mech/gss_display_status.c: Reset out variables. 532178825Sdfr 533178825Sdfr * mech/gss_display_name.c: Reset out variables. 534178825Sdfr 535178825Sdfr * mech/gss_delete_sec_context.c: Reset out variables using propper 536178825Sdfr macros. 537178825Sdfr 538178825Sdfr * mech/gss_decapsulate_token.c: Reset out variables using propper 539178825Sdfr macros. 540178825Sdfr 541178825Sdfr * mech/gss_add_cred.c: Reset out variables. 542178825Sdfr 543178825Sdfr * mech/gss_acquire_cred.c: Reset out variables. 544178825Sdfr 545178825Sdfr * mech/gss_accept_sec_context.c: Reset out variables using propper 546178825Sdfr macros. 547178825Sdfr 548178825Sdfr * mech/gss_init_sec_context.c: Reset out variables. 549178825Sdfr 550178825Sdfr * mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a 551178825Sdfr gss_buffer_t 552178825Sdfr 553233294Sstas2007-01-16 Love H��rnquist ��strand <lha@it.su.se> 554178825Sdfr 555178825Sdfr * mech: sprinkel _gss_mg_error 556178825Sdfr 557178825Sdfr * mech/gss_display_status.c (gss_display_status): use 558178825Sdfr _gss_mg_get_error to fetch the error from underlaying mech, if it 559178825Sdfr failes, let do the regular dance for GSS-CODE version and a 560178825Sdfr generic print-the-error code for MECH-CODE. 561178825Sdfr 562178825Sdfr * mech/gss_oid_to_str.c: Don't include the NUL in the length of 563178825Sdfr the string. 564178825Sdfr 565178825Sdfr * mech/context.h: Protoypes for _gss_mg_. 566178825Sdfr 567178825Sdfr * mech/context.c: Glue to catch the error from the lower gss-api 568178825Sdfr layer and save that for later so gss_display_status() can show the 569178825Sdfr error. 570178825Sdfr 571178825Sdfr * gss.c: Detect NTLM. 572178825Sdfr 573233294Sstas2007-01-11 Love H��rnquist ��strand <lha@it.su.se> 574178825Sdfr 575178825Sdfr * mech/gss_accept_sec_context.c: spelling 576178825Sdfr 577233294Sstas2007-01-04 Love H��rnquist ��strand <lha@it.su.se> 578178825Sdfr 579178825Sdfr * Makefile.am: Include build (private) prototypes header files. 580178825Sdfr 581178825Sdfr * Makefile.am (ntlmsrc): add ntlm/ntlm-private.h 582178825Sdfr 583233294Sstas2006-12-28 Love H��rnquist ��strand <lha@it.su.se> 584178825Sdfr 585178825Sdfr * ntlm/accept_sec_context.c: Pass signseal argument to 586178825Sdfr _gss_ntlm_set_key. 587178825Sdfr 588178825Sdfr * ntlm/init_sec_context.c: Pass signseal argument to 589178825Sdfr _gss_ntlm_set_key. 590178825Sdfr 591178825Sdfr * ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument 592178825Sdfr 593178825Sdfr * test_ntlm.c: add ntlmv2 test 594178825Sdfr 595178825Sdfr * ntlm/ntlm.h: break out struct ntlmv2_key; 596178825Sdfr 597178825Sdfr * ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys. 598178825Sdfr 599178825Sdfr * ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI. 600178825Sdfr 601178825Sdfr * ntlm/ntlm.h: NTLMv2 keys. 602178825Sdfr 603178825Sdfr * ntlm/crypto.c: NTLMv2 sign and verify. 604178825Sdfr 605233294Sstas2006-12-20 Love H��rnquist ��strand <lha@it.su.se> 606178825Sdfr 607178825Sdfr * ntlm/accept_sec_context.c: Don't send targetinfo now. 608178825Sdfr 609178825Sdfr * ntlm/init_sec_context.c: Build ntlmv2 answer buffer. 610178825Sdfr 611178825Sdfr * ntlm/init_sec_context.c: Leak less memory. 612178825Sdfr 613178825Sdfr * ntlm/init_sec_context.c: Announce that we support key exchange. 614178825Sdfr 615178825Sdfr * ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 616178825Sdfr session security (disable because missing sign and seal). 617178825Sdfr 618233294Sstas2006-12-19 Love H��rnquist ��strand <lha@it.su.se> 619178825Sdfr 620178825Sdfr * ntlm/accept_sec_context.c: split RC4 send and recv keystreams 621178825Sdfr 622178825Sdfr * ntlm/init_sec_context.c: split RC4 send and recv keystreams 623178825Sdfr 624178825Sdfr * ntlm/ntlm.h: split RC4 send and recv keystreams 625178825Sdfr 626178825Sdfr * ntlm/crypto.c: Implement SEAL. 627178825Sdfr 628178825Sdfr * ntlm/crypto.c: move gss_wrap/gss_unwrap here 629178825Sdfr 630178825Sdfr * test_context.c: request INT and CONF from the gss layer, test 631178825Sdfr get and verify MIC. 632178825Sdfr 633178825Sdfr * ntlm/ntlm.h: add crypto bits. 634178825Sdfr 635178825Sdfr * ntlm/accept_sec_context.c: Save session master key. 636178825Sdfr 637178825Sdfr * Makefile.am: Move get and verify mic to the same file (crypto.c) 638178825Sdfr since they share code. 639178825Sdfr 640178825Sdfr * ntlm/crypto.c: Move get and verify mic to the same file since 641178825Sdfr they share code, implement NTLM v1 and dummy signatures. 642178825Sdfr 643178825Sdfr * ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and 644178825Sdfr GSS_C_INTEG_FLAG, save the session master key 645178825Sdfr 646178825Sdfr * spnego/accept_sec_context.c: try using gss_accept_sec_context() 647178825Sdfr on the opportunistic token instead of guessing the acceptor name 648178825Sdfr and do gss_acquire_cred, this make SPNEGO work like before. 649178825Sdfr 650233294Sstas2006-12-18 Love H��rnquist ��strand <lha@it.su.se> 651178825Sdfr 652178825Sdfr * ntlm/init_sec_context.c: Calculate the NTLM version 1 "master" 653178825Sdfr key. 654178825Sdfr 655178825Sdfr * spnego/accept_sec_context.c: Resurect negHints for the acceptor 656178825Sdfr sends first packet. 657178825Sdfr 658178825Sdfr * Makefile.am: Add "windows" versions of the NegTokenInitWin and 659178825Sdfr friends. 660178825Sdfr 661178825Sdfr * test_context.c: add --wrapunwrap flag 662178825Sdfr 663178825Sdfr * spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to 664178825Sdfr compat.c, use the sequence types of MechTypeList, make 665178825Sdfr add_mech_type() static. 666178825Sdfr 667178825Sdfr * spnego/accept_sec_context.c: move 668178825Sdfr _gss_spnego_indicate_mechtypelist() to compat.c 669178825Sdfr 670178825Sdfr * Makefile.am: Generate sequence code for MechTypeList 671178825Sdfr 672178825Sdfr * spnego: check that the generated acceptor mechlist is acceptable too 673178825Sdfr 674178825Sdfr * spnego/init_sec_context.c: Abstract out the initiator filter 675178825Sdfr function, it will be needed for the acceptor too. 676178825Sdfr 677178825Sdfr * spnego/accept_sec_context.c: Abstract out the initiator filter 678178825Sdfr function, it will be needed for the acceptor too. Remove negHints. 679178825Sdfr 680178825Sdfr * test_context.c: allow asserting return mech 681178825Sdfr 682178825Sdfr * ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx 683178825Sdfr 684178825Sdfr * ntlm/acquire_cred.c: Check that the KDC seem to there and 685178825Sdfr answering us, we can't do better then that wen checking if we will 686178825Sdfr accept the credential. 687178825Sdfr 688178825Sdfr * ntlm/get_mic.c: return GSS_S_UNAVAILABLE 689178825Sdfr 690178825Sdfr * mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid 691178825Sdfr 692178825Sdfr * mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid 693178825Sdfr 694178825Sdfr * spnego/spnego.asn1: Its very sad, but NegHints its are not part 695178825Sdfr of the NegTokenInit, this makes SPNEGO acceptor life a lot harder. 696178825Sdfr 697178825Sdfr * spnego: try harder to handle names better. handle missing 698178825Sdfr acceptor and initator creds better (ie dont propose/accept mech 699178825Sdfr that there are no credentials for) split NegTokenInit and 700178825Sdfr NegTokenResp in acceptor 701178825Sdfr 702233294Sstas2006-12-16 Love H��rnquist ��strand <lha@it.su.se> 703178825Sdfr 704178825Sdfr * ntlm/import_name.c: Allocate the buffer from the right length. 705178825Sdfr 706233294Sstas2006-12-15 Love H��rnquist ��strand <lha@it.su.se> 707178825Sdfr 708178825Sdfr * ntlm/init_sec_context.c (init_sec_context): Tell the other side 709178825Sdfr what domain we think we are talking to. 710178825Sdfr 711178825Sdfr * ntlm/delete_sec_context.c: free username and password 712178825Sdfr 713178825Sdfr * ntlm/release_name.c (_gss_ntlm_release_name): free name. 714178825Sdfr 715178825Sdfr * ntlm/import_name.c (_gss_ntlm_import_name): add support for 716178825Sdfr GSS_C_NT_HOSTBASED_SERVICE names 717178825Sdfr 718178825Sdfr * ntlm/ntlm.h: Add ntlm_name. 719178825Sdfr 720178825Sdfr * test_context.c: allow testing of ntlm. 721178825Sdfr 722178825Sdfr * gssapi_mech.h: add __gss_ntlm_initialize 723178825Sdfr 724178825Sdfr * ntlm/accept_sec_context.c (handle_type3): verify that the kdc 725178825Sdfr approved of the ntlm exchange too 726178825Sdfr 727178825Sdfr * mech/gss_mech_switch.c: Add the builtin ntlm mech 728178825Sdfr 729178825Sdfr * test_ntlm.c: NTLM test app. 730178825Sdfr 731178825Sdfr * mech/gss_accept_sec_context.c: Add detection of NTLMSSP. 732178825Sdfr 733178825Sdfr * gssapi/gssapi.h: add ntlm mech oid 734178825Sdfr 735178825Sdfr * ntlm/external.c: Switch OID to the ms ntlmssp oid 736178825Sdfr 737178825Sdfr * Makefile.am: Add ntlm gss-api module. 738178825Sdfr 739178825Sdfr * ntlm/accept_sec_context.c: Catch more error errors. 740178825Sdfr 741178825Sdfr * ntlm/accept_sec_context.c: Check after a credential to use. 742178825Sdfr 743233294Sstas2006-12-14 Love H��rnquist ��strand <lha@it.su.se> 744178825Sdfr 745178825Sdfr * krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X): 746178825Sdfr don't fail on success. Bug report from Stefan Metzmacher. 747178825Sdfr 748233294Sstas2006-12-13 Love H��rnquist ��strand <lha@it.su.se> 749178825Sdfr 750178825Sdfr * krb5/init_sec_context.c (init_auth): only turn on 751178825Sdfr GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. 752178825Sdfr From Stefan Metzmacher. 753178825Sdfr 754233294Sstas2006-12-11 Love H��rnquist ��strand <lha@it.su.se> 755178825Sdfr 756178825Sdfr * Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h 757178825Sdfr spnego_asn1.h. 758178825Sdfr 759233294Sstas2006-11-20 Love H��rnquist ��strand <lha@it.su.se> 760178825Sdfr 761178825Sdfr * krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a 762178825Sdfr context argument. 763178825Sdfr 764233294Sstas2006-11-16 Love H��rnquist ��strand <lha@it.su.se> 765178825Sdfr 766178825Sdfr * test_context.c: Test that token keys are the same, return 767178825Sdfr actual_mech. 768178825Sdfr 769233294Sstas2006-11-15 Love H��rnquist ��strand <lha@it.su.se> 770178825Sdfr 771178825Sdfr * spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open. 772178825Sdfr 773178825Sdfr * spnego/accept_sec_context.c: Use ASN.1 encoder functions to 774178825Sdfr encode CHOICE structure now that we can handle it. 775178825Sdfr 776178825Sdfr * spnego/init_sec_context.c: Use ASN.1 encoder functions to encode 777178825Sdfr CHOICE structure now that we can handle it. 778178825Sdfr 779178825Sdfr * spnego/accept_sec_context.c (_gss_spnego_accept_sec_context): 780178825Sdfr send back ad accept_completed when the security context is ->open, 781178825Sdfr w/o this the client doesn't know that the server have completed 782178825Sdfr the transaction. 783178825Sdfr 784178825Sdfr * test_context.c: Add delegate flag and check that the delegated 785178825Sdfr cred works. 786178825Sdfr 787178825Sdfr * spnego/init_sec_context.c: Keep track of the opportunistic token 788178825Sdfr in the inital message, it might be a complete gss-api context, in 789178825Sdfr that case we'll get back accept_completed without any token. With 790178825Sdfr this change, krb5 w/o mutual authentication works. 791178825Sdfr 792178825Sdfr * spnego/accept_sec_context.c: Use ASN.1 encoder functions to 793178825Sdfr encode CHOICE structure now that we can handle it. 794178825Sdfr 795178825Sdfr * spnego/accept_sec_context.c: Filter out SPNEGO from the out 796178825Sdfr supported mechs list and make sure we don't select that for the 797178825Sdfr preferred mechamism. 798178825Sdfr 799233294Sstas2006-11-14 Love H��rnquist ��strand <lha@it.su.se> 800178825Sdfr 801178825Sdfr * mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the 802178825Sdfr cred finding to its own function 803178825Sdfr 804178825Sdfr * krb5/wrap.c: Better error strings, from Andrew Bartlet. 805178825Sdfr 806233294Sstas2006-11-13 Love H��rnquist ��strand <lha@it.su.se> 807178825Sdfr 808178825Sdfr * test_context.c: Create our own krb5_context. 809178825Sdfr 810178825Sdfr * krb5: Switch from using a specific error message context in the 811178825Sdfr TLS to have a whole krb5_context in TLS. This have some 812178825Sdfr interestion side-effekts for the configruration setting options 813178825Sdfr since they operate on per-thread basis now. 814178825Sdfr 815178825Sdfr * mech/gss_set_cred_option.c: When calling ->gm_set_cred_option 816178825Sdfr and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet. 817178825Sdfr 818233294Sstas2006-11-12 Love H��rnquist ��strand <lha@it.su.se> 819178825Sdfr 820178825Sdfr * Makefile.am: Help solaris make even more. 821178825Sdfr 822178825Sdfr * Makefile.am: Help solaris make. 823178825Sdfr 824233294Sstas2006-11-09 Love H��rnquist ��strand <lha@it.su.se> 825178825Sdfr 826178825Sdfr * Makefile.am: remove include $(srcdir)/Makefile-digest.am for now 827178825Sdfr 828178825Sdfr * mech/gss_accept_sec_context.c: Try better guessing what is mech 829178825Sdfr we are going to select by looking harder at the input_token, idea 830178825Sdfr from Luke Howard's mechglue branch. 831178825Sdfr 832178825Sdfr * Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h 833178825Sdfr 834178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X 835178825Sdfr 836178825Sdfr * mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes 837178825Sdfr 838178825Sdfr * gssapi/gssapi.h: GSS_KRB5_S_ 839178825Sdfr 840178825Sdfr * krb5/gsskrb5_locl.h: Include <gkrb5_err.h>. 841178825Sdfr 842178825Sdfr * gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes. 843178825Sdfr 844178825Sdfr * Makefile.am: Build and install gkrb5_err.h 845178825Sdfr 846178825Sdfr * krb5/gkrb5_err.et: Move the GSS_KRB5_S error here. 847178825Sdfr 848233294Sstas2006-11-08 Love H��rnquist ��strand <lha@it.su.se> 849178825Sdfr 850178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_default_realm. 851178825Sdfr 852178825Sdfr * krb5/set_sec_context_option.c: Support 853178825Sdfr GSS_KRB5_SET_DEFAULT_REALM_X. 854178825Sdfr 855178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X 856178825Sdfr 857178825Sdfr * krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X 858178825Sdfr 859233294Sstas2006-11-07 Love H��rnquist ��strand <lha@it.su.se> 860178825Sdfr 861178825Sdfr * test_context.c: rename krb5_[gs]et_time_wrap to 862178825Sdfr krb5_[gs]et_max_time_skew 863178825Sdfr 864178825Sdfr * krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context 865178825Sdfr no longer used, bye bye 866178825Sdfr 867178825Sdfr * mech/gss_krb5.c: No depenency of the krb5 gssapi mech. 868178825Sdfr 869178825Sdfr * mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use 870178825Sdfr _gsskrb5_decode_om_uint32. From Andrew Bartlet. 871178825Sdfr 872178825Sdfr * mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for 873178825Sdfr now. 874178825Sdfr 875178825Sdfr * spnego/spnego_locl.h: Include <roken.h> for compatiblity. 876178825Sdfr 877178825Sdfr * krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in 878178825Sdfr DCE-STYLE, don't try to use to. From Andrew Bartlett. 879178825Sdfr 880178825Sdfr * test_context.c: test wrap/unwrap, add flag for dce-style and 881178825Sdfr mutual auth, also support multi-roundtrip sessions 882178825Sdfr 883178825Sdfr * krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro. 884178825Sdfr 885178825Sdfr * krb5/accept_sec_context.c (gsskrb5_acceptor_start): use 886178825Sdfr krb5_rd_req_ctx 887178825Sdfr 888178825Sdfr * mech/gss_krb5.c (gsskrb5_get_subkey): return the per message 889178825Sdfr token subkey 890178825Sdfr 891178825Sdfr * krb5/inquire_sec_context_by_oid.c: check if there is any key at 892178825Sdfr all 893178825Sdfr 894233294Sstas2006-11-06 Love H��rnquist ��strand <lha@it.su.se> 895178825Sdfr 896178825Sdfr * krb5/inquire_sec_context_by_oid.c: Set more error strings, use 897178825Sdfr right enum for acceptor subkey. From Andrew Bartlett. 898178825Sdfr 899233294Sstas2006-11-04 Love H��rnquist ��strand <lha@it.su.se> 900178825Sdfr 901178825Sdfr * test_context.c: Test gsskrb5_extract_service_keyblock, needed in 902178825Sdfr PAC valication. From Andrew Bartlett 903178825Sdfr 904178825Sdfr * mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context 905178825Sdfr and keyblock extraction functions. 906178825Sdfr 907178825Sdfr * gssapi/gssapi_krb5.h: Add extraction of keyblock function, from 908178825Sdfr Andrew Bartlett. 909178825Sdfr 910178825Sdfr * krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X 911178825Sdfr 912233294Sstas2006-11-03 Love H��rnquist ��strand <lha@it.su.se> 913178825Sdfr 914178825Sdfr * test_context.c: Rename various routines and constants from 915178825Sdfr canonize to canonicalize. From Andrew Bartlett 916178825Sdfr 917178825Sdfr * mech/gss_krb5.c: Rename various routines and constants from 918178825Sdfr canonize to canonicalize. From Andrew Bartlett 919178825Sdfr 920178825Sdfr * krb5/set_sec_context_option.c: Rename various routines and 921178825Sdfr constants from canonize to canonicalize. From Andrew Bartlett 922178825Sdfr 923178825Sdfr * krb5/external.c: Rename various routines and constants from 924178825Sdfr canonize to canonicalize. From Andrew Bartlett 925178825Sdfr 926178825Sdfr * gssapi/gssapi_krb5.h: Rename various routines and constants from 927178825Sdfr canonize to canonicalize. From Andrew Bartlett 928178825Sdfr 929233294Sstas2006-10-25 Love H��rnquist ��strand <lha@it.su.se> 930178825Sdfr 931178825Sdfr * krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need 932178825Sdfr to free ccache 933178825Sdfr 934233294Sstas2006-10-24 Love H��rnquist ��strand <lha@it.su.se> 935178825Sdfr 936178825Sdfr * test_context.c (loop): free target_name 937178825Sdfr 938178825Sdfr * mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc' 939178825Sdfr 940178825Sdfr * mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 941178825Sdfr 942178825Sdfr * krb5/init_sec_context.c: Avoid leaking memory. 943178825Sdfr 944178825Sdfr * mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the 945178825Sdfr ->elements memory. 946178825Sdfr 947178825Sdfr * test_context.c: make compile 948178825Sdfr 949178825Sdfr * krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context. 950178825Sdfr 951178825Sdfr * krb5/set_cred_option.c (import_cred): free sp 952178825Sdfr 953233294Sstas2006-10-22 Love H��rnquist ��strand <lha@it.su.se> 954178825Sdfr 955178825Sdfr * mech/gss_add_oid_set_member.c: Use old implementation of 956178825Sdfr gss_add_oid_set_member, it leaks less memory. 957178825Sdfr 958178825Sdfr * krb5/test_cfx.c: free krb5_crypto. 959178825Sdfr 960178825Sdfr * krb5/test_cfx.c: free krb5_context 961178825Sdfr 962178825Sdfr * mech/gss_release_name.c (gss_release_name): free input_name 963178825Sdfr it-self. 964178825Sdfr 965233294Sstas2006-10-21 Love H��rnquist ��strand <lha@it.su.se> 966178825Sdfr 967178825Sdfr * test_context.c: Call setprogname. 968178825Sdfr 969178825Sdfr * mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context. 970178825Sdfr 971178825Sdfr * gssapi/gssapi_krb5.h: add 972178825Sdfr gsskrb5_extract_authtime_from_sec_context 973178825Sdfr 974233294Sstas2006-10-20 Love H��rnquist ��strand <lha@it.su.se> 975178825Sdfr 976178825Sdfr * krb5/inquire_sec_context_by_oid.c: Add get_authtime. 977178825Sdfr 978178825Sdfr * krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X 979178825Sdfr 980178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X 981178825Sdfr 982178825Sdfr * krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X. 983178825Sdfr 984178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc 985178825Sdfr 986178825Sdfr * gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and 987178825Sdfr gsskrb5_set_send_to_kdc 988178825Sdfr 989178825Sdfr * krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X 990178825Sdfr 991178825Sdfr * Makefile.am: more files 992178825Sdfr 993233294Sstas2006-10-19 Love H��rnquist ��strand <lha@it.su.se> 994178825Sdfr 995178825Sdfr * Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/ 996178825Sdfr 997178825Sdfr * test_context.c: Allow specifing mech. 998178825Sdfr 999178825Sdfr * krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now) 1000178825Sdfr 1001178825Sdfr * gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to 1002178825Sdfr GSS_SASL_DIGEST_MD5_MECHANISM 1003178825Sdfr 1004233294Sstas2006-10-18 Love H��rnquist ��strand <lha@it.su.se> 1005178825Sdfr 1006178825Sdfr * mech/gssapi.asn1: Make it into a heim_any_set, its doesn't 1007178825Sdfr except a tag. 1008178825Sdfr 1009178825Sdfr * mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE 1010178825Sdfr 1011178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X 1012178825Sdfr 1013178825Sdfr * krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X. 1014178825Sdfr 1015178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and 1016178825Sdfr GSS_KRB5_GET_SUBKEY_X 1017178825Sdfr 1018178825Sdfr * krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X, 1019178825Sdfr GSS_KRB5_GET_SUBKEY_X 1020178825Sdfr 1021233294Sstas2006-10-17 Love H��rnquist ��strand <lha@it.su.se> 1022178825Sdfr 1023178825Sdfr * test_context.c: Support switching on name type oid's 1024178825Sdfr 1025178825Sdfr * test_context.c: add test for dns canon flag 1026178825Sdfr 1027178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize. 1028178825Sdfr 1029178825Sdfr * gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic 1030178825Sdfr 1031178825Sdfr * gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize. 1032178825Sdfr 1033178825Sdfr * krb5/set_sec_context_option.c: implement 1034178825Sdfr GSS_KRB5_SET_DNS_CANONIZE_X 1035178825Sdfr 1036178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X 1037178825Sdfr 1038178825Sdfr * krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X 1039178825Sdfr 1040178825Sdfr * mech/gss_krb5.c: add bits to make lucid context work 1041178825Sdfr 1042233294Sstas2006-10-14 Love H��rnquist ��strand <lha@it.su.se> 1043178825Sdfr 1044178825Sdfr * mech/gss_oid_to_str.c: Prefix der primitives with der_. 1045178825Sdfr 1046178825Sdfr * krb5/inquire_sec_context_by_oid.c: Prefix der primitives with 1047178825Sdfr der_. 1048178825Sdfr 1049178825Sdfr * krb5/encapsulate.c: Prefix der primitives with der_. 1050178825Sdfr 1051178825Sdfr * mech/gss_oid_to_str.c: New der_print_heim_oid signature. 1052178825Sdfr 1053233294Sstas2006-10-12 Love H��rnquist ��strand <lha@it.su.se> 1054178825Sdfr 1055178825Sdfr * Makefile.am: add test_context 1056178825Sdfr 1057178825Sdfr * krb5/inquire_sec_context_by_oid.c: Make it work. 1058178825Sdfr 1059178825Sdfr * test_oid.c: Test lucid oid. 1060178825Sdfr 1061178825Sdfr * gssapi/gssapi.h: Add OM_uint64_t. 1062178825Sdfr 1063178825Sdfr * krb5/inquire_sec_context_by_oid.c: Add lucid interface. 1064178825Sdfr 1065178825Sdfr * krb5/external.c: Add lucid interface, renumber oids to my 1066178825Sdfr delegated space. 1067178825Sdfr 1068178825Sdfr * mech/gss_krb5.c: Add lucid interface. 1069178825Sdfr 1070178825Sdfr * gssapi/gssapi_krb5.h: Add lucid interface. 1071178825Sdfr 1072178825Sdfr * spnego/spnego_locl.h: Maybe include <netdb.h>. 1073178825Sdfr 1074233294Sstas2006-10-09 Love H��rnquist ��strand <lha@it.su.se> 1075178825Sdfr 1076178825Sdfr * mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined. 1077178825Sdfr 1078233294Sstas2006-10-08 Love H��rnquist ��strand <lha@it.su.se> 1079178825Sdfr 1080178825Sdfr * Makefile.am: install gssapi_krb5.H and gssapi_spnego.h 1081178825Sdfr 1082178825Sdfr * gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>. 1083178825Sdfr 1084178825Sdfr * gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>. 1085178825Sdfr 1086178825Sdfr * Makefile.am: Drop some -I no longer needed. 1087178825Sdfr 1088178825Sdfr * gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here. 1089178825Sdfr 1090178825Sdfr * krb5: reference all include files using 'krb5/' 1091178825Sdfr 1092233294Sstas2006-10-07 Love H��rnquist ��strand <lha@it.su.se> 1093178825Sdfr 1094178825Sdfr * gssapi.h: Add file inclusion protection. 1095178825Sdfr 1096178825Sdfr * gssapi/gssapi.h: Correct header file inclusion protection. 1097178825Sdfr 1098178825Sdfr * gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to 1099178825Sdfr lib/gssapi/gssapi/ to please automake. 1100178825Sdfr 1101178825Sdfr * spnego/spnego_locl.h: Maybe include <sys/types.h>. 1102178825Sdfr 1103178825Sdfr * mech/mech_locl.h: Include <roken.h>. 1104178825Sdfr 1105178825Sdfr * Makefile.am: split build files into dist_ and noinst_ SOURCES 1106178825Sdfr 1107233294Sstas2006-10-06 Love H��rnquist ��strand <lha@it.su.se> 1108178825Sdfr 1109178825Sdfr * gss.c: #if 0 out unused code. 1110178825Sdfr 1111178825Sdfr * mech/gss_mech_switch.c: Cast argument to ctype(3) functions 1112178825Sdfr to (unsigned char). 1113178825Sdfr 1114233294Sstas2006-10-05 Love H��rnquist ��strand <lha@it.su.se> 1115178825Sdfr 1116178825Sdfr * mech/name.h: remove <sys/queue.h> 1117178825Sdfr 1118178825Sdfr * mech/mech_switch.h: remove <sys/queue.h> 1119178825Sdfr 1120178825Sdfr * mech/cred.h: remove <sys/queue.h> 1121178825Sdfr 1122233294Sstas2006-10-02 Love H��rnquist ��strand <lha@it.su.se> 1123178825Sdfr 1124178825Sdfr * krb5/arcfour.c: Thinker more with header lengths. 1125178825Sdfr 1126178825Sdfr * krb5/arcfour.c: Improve the calcucation of header 1127178825Sdfr lengths. DCE-STYLE data is also padded so remove if (1 || ...) 1128178825Sdfr code. 1129178825Sdfr 1130178825Sdfr * krb5/wrap.c (_gsskrb5_wrap_size_limit): use 1131178825Sdfr _gssapi_wrap_size_arcfour for arcfour 1132178825Sdfr 1133178825Sdfr * krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here. 1134178825Sdfr 1135178825Sdfr * Makefile.am: Split all mech to diffrent mechsrc variables. 1136178825Sdfr 1137178825Sdfr * spnego/context_stubs.c: Make internal function static (and 1138178825Sdfr rename). 1139178825Sdfr 1140233294Sstas2006-10-01 Love H��rnquist ��strand <lha@it.su.se> 1141178825Sdfr 1142178825Sdfr * krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald 1143178825Sdfr Barth. 1144178825Sdfr 1145178825Sdfr * spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN. 1146178825Sdfr 1147233294Sstas2006-09-25 Love H��rnquist ��strand <lha@it.su.se> 1148178825Sdfr 1149178825Sdfr * krb5/arcfour.c: Add wrap support, interrop with itself but not 1150178825Sdfr w2k3s-sp1 1151178825Sdfr 1152178825Sdfr * krb5/gsskrb5_locl.h: move the arcfour specific stuff to the 1153178825Sdfr arcfour header. 1154178825Sdfr 1155178825Sdfr * krb5/arcfour.c: Support DCE-style unwrap, tested with 1156178825Sdfr w2k3server-sp1. 1157178825Sdfr 1158178825Sdfr * mech/gss_accept_sec_context.c (gss_accept_sec_context): if the 1159178825Sdfr token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its 1160178825Sdfr a DCE-style kerberos 5 connection. XXX this needs to be made 1161178825Sdfr better in cause we get another GSS-API protocol violating 1162178825Sdfr protocol. It should be possible to detach the Kerberos DCE-style 1163178825Sdfr since it starts with a AP-REQ PDU, but that have to wait for now. 1164178825Sdfr 1165233294Sstas2006-09-22 Love H��rnquist ��strand <lha@it.su.se> 1166178825Sdfr 1167178825Sdfr * gssapi.h: Add GSS_C flags from 1168178825Sdfr draft-brezak-win2k-krb-rc4-hmac-04.txt. 1169178825Sdfr 1170178825Sdfr * krb5/delete_sec_context.c: Free service_keyblock and fwd_data, 1171178825Sdfr indent. 1172178825Sdfr 1173178825Sdfr * krb5/accept_sec_context.c: Merge of the acceptor part from the 1174178825Sdfr samba patch by Stefan Metzmacher and Andrew Bartlet. 1175178825Sdfr 1176178825Sdfr * krb5/init_sec_context.c: Add GSS_C_DCE_STYLE. 1177178825Sdfr 1178178825Sdfr * krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the 1179178825Sdfr initiator part from the samba patch by Stefan Metzmacher and 1180178825Sdfr Andrew Bartlet (still missing DCE/RPC support) 1181178825Sdfr 1182233294Sstas2006-08-28 Love H��rnquist ��strand <lha@it.su.se> 1183178825Sdfr 1184178825Sdfr * gss.c (help): use sl_slc_help(). 1185178825Sdfr 1186233294Sstas2006-07-22 Love H��rnquist ��strand <lha@it.su.se> 1187178825Sdfr 1188178825Sdfr * gss-commands.in: rename command to supported-mechanisms 1189178825Sdfr 1190178825Sdfr * Makefile.am: Make gss objects depend on the slc built 1191178825Sdfr gss-commands.h 1192178825Sdfr 1193233294Sstas2006-07-20 Love H��rnquist ��strand <lha@it.su.se> 1194178825Sdfr 1195178825Sdfr * gss-commands.in: add slc commands for gss 1196178825Sdfr 1197178825Sdfr * krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init() 1198178825Sdfr 1199178825Sdfr * Makefile.am: Add test_cfx 1200178825Sdfr 1201178825Sdfr * krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1202178825Sdfr 1203178825Sdfr * krb5/set_sec_context_option.c: catch 1204178825Sdfr GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1205178825Sdfr 1206178825Sdfr * krb5/accept_sec_context.c: reimplement 1207178825Sdfr gsskrb5_register_acceptor_identity 1208178825Sdfr 1209178825Sdfr * mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity 1210178825Sdfr 1211178825Sdfr * mech/gss_inquire_mechs_for_name.c: call _gss_load_mech 1212178825Sdfr 1213178825Sdfr * mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech 1214178825Sdfr 1215178825Sdfr * mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run 1216178825Sdfr only once, this have the side effect that _gss_mechs and 1217178825Sdfr _gss_mech_oids is only initialized once, so if just the users of 1218178825Sdfr these two global variables calls _gss_load_mech() first, it will 1219178825Sdfr act as a barrier and make sure the variables are never changed and 1220178825Sdfr we don't need to lock them. 1221178825Sdfr 1222178825Sdfr * mech/utils.h: no need to mark functions extern. 1223178825Sdfr 1224178825Sdfr * mech/name.h: no need to mark _gss_find_mn extern. 1225178825Sdfr 1226233294Sstas2006-07-19 Love H��rnquist ��strand <lha@it.su.se> 1227178825Sdfr 1228178825Sdfr * krb5/cfx.c: Redo the wrap length calculations. 1229178825Sdfr 1230178825Sdfr * krb5/test_cfx.c: test max_wrap_size in cfx.c 1231178825Sdfr 1232178825Sdfr * mech/gss_display_status.c: Handle more error codes. 1233178825Sdfr 1234233294Sstas2006-07-07 Love H��rnquist ��strand <lha@it.su.se> 1235178825Sdfr 1236178825Sdfr * mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h" 1237178825Sdfr 1238178825Sdfr * mech/mechqueue.h: Add SLIST macros. 1239178825Sdfr 1240178825Sdfr * krb5/inquire_context.c: Don't free return values on success. 1241178825Sdfr 1242178825Sdfr * krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided 1243178825Sdfr is the default cred, acquire the acceptor cred and initator cred 1244178825Sdfr in two diffrent steps and then query them for the information, 1245178825Sdfr this way, the code wont fail if there are no keytab, but there is 1246178825Sdfr a credential cache. 1247178825Sdfr 1248178825Sdfr * mech/gss_inquire_cred.c: move the check if we found any cred 1249178825Sdfr where it matter for both cases 1250178825Sdfr (default cred and provided cred) 1251178825Sdfr 1252178825Sdfr * mech/gss_init_sec_context.c: If the desired mechanism can't 1253178825Sdfr convert the name to a MN, fail with GSS_S_BAD_NAME rather then a 1254178825Sdfr NULL de-reference. 1255178825Sdfr 1256233294Sstas2006-07-06 Love H��rnquist ��strand <lha@it.su.se> 1257178825Sdfr 1258178825Sdfr * spnego/external.c: readd gss_spnego_inquire_names_for_mech 1259178825Sdfr 1260178825Sdfr * spnego/spnego_locl.h: reimplement 1261178825Sdfr gss_spnego_inquire_names_for_mech add support function 1262178825Sdfr _gss_spnego_supported_mechs 1263178825Sdfr 1264178825Sdfr * spnego/context_stubs.h: reimplement 1265178825Sdfr gss_spnego_inquire_names_for_mech add support function 1266178825Sdfr _gss_spnego_supported_mechs 1267178825Sdfr 1268178825Sdfr * spnego/context_stubs.c: drop gss_spnego_indicate_mechs 1269178825Sdfr 1270178825Sdfr * mech/gss_indicate_mechs.c: if the underlaying mech doesn't 1271178825Sdfr support gss_indicate_mechs, use the oid in the mechswitch 1272178825Sdfr structure 1273178825Sdfr 1274178825Sdfr * spnego/external.c: let the mech glue layer implement 1275178825Sdfr gss_indicate_mechs 1276178825Sdfr 1277178825Sdfr * spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about 1278178825Sdfr desired_mechs, get our own list with indicate_mechs and remove 1279178825Sdfr ourself. 1280178825Sdfr 1281233294Sstas2006-07-05 Love H��rnquist ��strand <lha@it.su.se> 1282178825Sdfr 1283178825Sdfr * spnego/external.c: remove gss_spnego_inquire_names_for_mech, let 1284178825Sdfr the mechglue layer implement it 1285178825Sdfr 1286178825Sdfr * spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let 1287178825Sdfr the mechglue layer implement it 1288178825Sdfr 1289178825Sdfr * spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let 1290178825Sdfr the mechglue layer implement it 1291178825Sdfr 1292233294Sstas2006-07-01 Love H��rnquist ��strand <lha@it.su.se> 1293178825Sdfr 1294178825Sdfr * mech/gss_set_cred_option.c: fix argument to gss_release_cred 1295178825Sdfr 1296233294Sstas2006-06-30 Love H��rnquist ��strand <lha@it.su.se> 1297178825Sdfr 1298178825Sdfr * krb5/init_sec_context.c: Make work on compilers that are 1299178825Sdfr somewhat more picky then gcc4 (like gcc2.95) 1300178825Sdfr 1301178825Sdfr * krb5/init_sec_context.c (do_delegation): use KDCOptions2int to 1302178825Sdfr convert fwd_flags to an integer, since otherwise int2KDCOptions in 1303178825Sdfr krb5_get_forwarded_creds wont do the right thing. 1304178825Sdfr 1305178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): free memory on 1306178825Sdfr failure 1307178825Sdfr 1308178825Sdfr * krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option): 1309178825Sdfr init global kerberos context 1310178825Sdfr 1311178825Sdfr * krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global 1312178825Sdfr kerberos context 1313178825Sdfr 1314178825Sdfr * mech/gss_accept_sec_context.c: Insert the delegated sub cred on 1315178825Sdfr the delegated cred handle, not cred handle 1316178825Sdfr 1317178825Sdfr * mech/gss_accept_sec_context.c (gss_accept_sec_context): handle 1318178825Sdfr the case where ret_flags == NULL 1319178825Sdfr 1320178825Sdfr * mech/gss_mech_switch.c (add_builtin): set 1321178825Sdfr _gss_mech_switch->gm_mech_oid 1322178825Sdfr 1323178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs 1324178825Sdfr 1325178825Sdfr * test_cred.c (gss_print_errors): don't try to print error when 1326178825Sdfr gss_display_status failed 1327178825Sdfr 1328178825Sdfr * Makefile.am: Add mech/gss_release_oid.c 1329178825Sdfr 1330178825Sdfr * mech/gss_release_oid.c: Add gss_release_oid, reverse of 1331178825Sdfr gss_duplicate_oid 1332178825Sdfr 1333178825Sdfr * spnego/compat.c: preferred_mech_type was allocated with 1334178825Sdfr gss_duplicate_oid in one place and assigned static varianbles a 1335178825Sdfr the second place. change that static assignement to 1336178825Sdfr gss_duplicate_oid and bring back gss_release_oid. 1337178825Sdfr 1338178825Sdfr * spnego/compat.c (_gss_spnego_delete_sec_context): don't release 1339178825Sdfr preferred_mech_type and negotiated_mech_type, they where never 1340178825Sdfr allocated from the begining. 1341178825Sdfr 1342233294Sstas2006-06-29 Love H��rnquist ��strand <lha@it.su.se> 1343178825Sdfr 1344178825Sdfr * mech/gss_import_name.c (gss_import_name): avoid 1345178825Sdfr type-punned/strict aliasing rules 1346178825Sdfr 1347178825Sdfr * mech/gss_add_cred.c: avoid type-punned/strict aliasing rules 1348178825Sdfr 1349178825Sdfr * gssapi.h: Make gss_name_t an opaque type. 1350178825Sdfr 1351178825Sdfr * krb5: make gss_name_t an opaque type 1352178825Sdfr 1353178825Sdfr * krb5/set_cred_option.c: Add 1354178825Sdfr 1355178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): support the 1356178825Sdfr case where *cred_handle == NULL 1357178825Sdfr 1358178825Sdfr * mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is 1359178825Sdfr GSS_C_NO_CREDENTIAL on failure. 1360178825Sdfr 1361178825Sdfr * mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is 1362178825Sdfr NO_OID_SET, there is a need to load the mechs, so always do that. 1363178825Sdfr 1364233294Sstas2006-06-28 Love H��rnquist ��strand <lha@it.su.se> 1365178825Sdfr 1366178825Sdfr * krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X 1367178825Sdfr to instead pass a fullname to the credential, then resolve and 1368178825Sdfr copy out the content, and then close the cred. 1369178825Sdfr 1370178825Sdfr * mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead 1371178825Sdfr pass a fullname to the credential, then resolve and copy out the 1372178825Sdfr content, and then close the cred. 1373178825Sdfr 1374178825Sdfr * krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X 1375178825Sdfr interface needs to be re-done, currently its utterly broken. 1376178825Sdfr 1377178825Sdfr * mech/gss_set_cred_option.c: Make work. 1378178825Sdfr 1379178825Sdfr * krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option 1380178825Sdfr 1381178825Sdfr * mech/gss_krb5.c (gss_krb5_import_cred): implement 1382178825Sdfr 1383178825Sdfr * Makefile.am: Add gss_set_{sec_context,cred}_option and sort 1384178825Sdfr 1385178825Sdfr * mech/gss_set_{sec_context,cred}_option.c: add 1386178825Sdfr 1387178825Sdfr * gssapi.h: Add GSS_KRB5_IMPORT_CRED_X 1388178825Sdfr 1389178825Sdfr * test_*.c: make compile again 1390178825Sdfr 1391178825Sdfr * Makefile.am: Add lib dependencies and test programs 1392178825Sdfr 1393178825Sdfr * spnego: remove dependency on libkrb5 1394178825Sdfr 1395178825Sdfr * mech: Bug fixes, cleanup, compiler warnings, restructure code. 1396178825Sdfr 1397178825Sdfr * spnego: Rename gss_context_id_t and gss_cred_id_t to local names 1398178825Sdfr 1399178825Sdfr * krb5: repro copy the krb5 files here 1400178825Sdfr 1401178825Sdfr * mech: import Doug Rabson mechglue from freebsd 1402178825Sdfr 1403178825Sdfr * spnego: Import Luke Howard's SPNEGO from the mechglue branch 1404178825Sdfr 1405233294Sstas2006-06-22 Love H��rnquist ��strand <lha@it.su.se> 1406178825Sdfr 1407178825Sdfr * gssapi.h: Add oid_to_str. 1408178825Sdfr 1409178825Sdfr * Makefile.am: add oid_to_str and test_oid 1410178825Sdfr 1411178825Sdfr * oid_to_str.c: Add gss_oid_to_str 1412178825Sdfr 1413178825Sdfr * test_oid.c: Add test for gss_oid_to_str() 1414178825Sdfr 1415233294Sstas2006-05-13 Love H��rnquist ��strand <lha@it.su.se> 1416178825Sdfr 1417178825Sdfr * verify_mic.c: Less pointer signedness warnings. 1418178825Sdfr 1419178825Sdfr * unwrap.c: Less pointer signedness warnings. 1420178825Sdfr 1421178825Sdfr * arcfour.c: Less pointer signedness warnings. 1422178825Sdfr 1423178825Sdfr * gssapi_locl.h: Use const void * to instead of unsigned char * to 1424178825Sdfr avoid pointer signedness warnings. 1425178825Sdfr 1426178825Sdfr * encapsulate.c: Use const void * to instead of unsigned char * to 1427178825Sdfr avoid pointer signedness warnings. 1428178825Sdfr 1429178825Sdfr * decapsulate.c: Use const void * to instead of unsigned char * to 1430178825Sdfr avoid pointer signedness warnings. 1431178825Sdfr 1432178825Sdfr * decapsulate.c: Less pointer signedness warnings. 1433178825Sdfr 1434178825Sdfr * cfx.c: Less pointer signedness warnings. 1435178825Sdfr 1436178825Sdfr * init_sec_context.c: Less pointer signedness warnings (partly by 1437178825Sdfr using the new asn.1 CHOICE decoder) 1438178825Sdfr 1439178825Sdfr * import_sec_context.c: Less pointer signedness warnings. 1440178825Sdfr 1441233294Sstas2006-05-09 Love H��rnquist ��strand <lha@it.su.se> 1442178825Sdfr 1443178825Sdfr * accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From 1444178825Sdfr Andrew Abartlet. 1445178825Sdfr 1446233294Sstas2006-05-08 Love H��rnquist ��strand <lha@it.su.se> 1447178825Sdfr 1448178825Sdfr * get_mic.c (mic_des3): make sure message_buffer doesn't point to 1449178825Sdfr free()ed memory on failure. Pointed out by IBM checker. 1450178825Sdfr 1451233294Sstas2006-05-05 Love H��rnquist ��strand <lha@it.su.se> 1452178825Sdfr 1453178825Sdfr * Rename u_intXX_t to uintXX_t 1454178825Sdfr 1455233294Sstas2006-05-04 Love H��rnquist ��strand <lha@it.su.se> 1456178825Sdfr 1457178825Sdfr * cfx.c: Less pointer signedness warnings. 1458178825Sdfr 1459178825Sdfr * arcfour.c: Avoid pointer signedness warnings. 1460178825Sdfr 1461178825Sdfr * gssapi_locl.h (gssapi_decode_*): make data argument const void * 1462178825Sdfr 1463178825Sdfr * 8003.c (gssapi_decode_*): make data argument const void * 1464178825Sdfr 1465233294Sstas2006-04-12 Love H��rnquist ��strand <lha@it.su.se> 1466178825Sdfr 1467178825Sdfr * export_sec_context.c: Export sequence order element. From Wynn 1468178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1469178825Sdfr 1470178825Sdfr * import_sec_context.c: Import sequence order element. From Wynn 1471178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1472178825Sdfr 1473178825Sdfr * sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export): 1474178825Sdfr New functions, used by {import,export}_sec_context. From Wynn 1475178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1476178825Sdfr 1477178825Sdfr * test_sequence.c: Add test for import/export sequence. 1478178825Sdfr 1479233294Sstas2006-04-09 Love H��rnquist ��strand <lha@it.su.se> 1480178825Sdfr 1481178825Sdfr * add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a 1482178825Sdfr standard conformance failure, but much better then a crash. 1483178825Sdfr 1484233294Sstas2006-04-02 Love H��rnquist ��strand <lha@it.su.se> 1485178825Sdfr 1486178825Sdfr * get_mic.c (get_mic*)_: make sure message_token is cleaned on 1487178825Sdfr error, found by IBM checker. 1488178825Sdfr 1489178825Sdfr * wrap.c (wrap*): Reset output_buffer on error, found by IBM 1490178825Sdfr checker. 1491178825Sdfr 1492233294Sstas2006-02-15 Love H��rnquist ��strand <lha@it.su.se> 1493178825Sdfr 1494178825Sdfr * import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and 1495178825Sdfr GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names. 1496178825Sdfr 1497233294Sstas2006-01-16 Love H��rnquist ��strand <lha@it.su.se> 1498178825Sdfr 1499178825Sdfr * delete_sec_context.c (gss_delete_sec_context): if the context 1500178825Sdfr handle is GSS_C_NO_CONTEXT, don't fall over. 1501178825Sdfr 1502233294Sstas2005-12-12 Love H��rnquist ��strand <lha@it.su.se> 1503178825Sdfr 1504178825Sdfr * gss_acquire_cred.3: Replace gss_krb5_import_ccache with 1505178825Sdfr gss_krb5_import_cred and add more references 1506178825Sdfr 1507233294Sstas2005-12-05 Love H��rnquist ��strand <lha@it.su.se> 1508178825Sdfr 1509178825Sdfr * gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred, 1510178825Sdfr it can handle keytabs too. 1511178825Sdfr 1512178825Sdfr * add_cred.c (gss_add_cred): avoid deadlock 1513178825Sdfr 1514178825Sdfr * context_time.c (gssapi_lifetime_left): define the 0 lifetime as 1515178825Sdfr GSS_C_INDEFINITE. 1516178825Sdfr 1517233294Sstas2005-12-01 Love H��rnquist ��strand <lha@it.su.se> 1518178825Sdfr 1519178825Sdfr * acquire_cred.c (acquire_acceptor_cred): only check if principal 1520178825Sdfr exists if we got called with principal as an argument. 1521178825Sdfr 1522178825Sdfr * acquire_cred.c (acquire_acceptor_cred): check that the acceptor 1523178825Sdfr exists in the keytab before returning ok. 1524178825Sdfr 1525233294Sstas2005-11-29 Love H��rnquist ��strand <lha@it.su.se> 1526178825Sdfr 1527178825Sdfr * copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew 1528178825Sdfr Bartlett. 1529178825Sdfr 1530233294Sstas2005-11-25 Love H��rnquist ��strand <lha@it.su.se> 1531178825Sdfr 1532178825Sdfr * test_kcred.c: Rename gss_krb5_import_ccache to 1533178825Sdfr gss_krb5_import_cred. 1534178825Sdfr 1535178825Sdfr * copy_ccache.c: Rename gss_krb5_import_ccache to 1536178825Sdfr gss_krb5_import_cred and let it grow code to handle keytabs too. 1537178825Sdfr 1538233294Sstas2005-11-02 Love H��rnquist ��strand <lha@it.su.se> 1539178825Sdfr 1540178825Sdfr * init_sec_context.c: Change sematics of ok-as-delegate to match 1541178825Sdfr windows if 1542178825Sdfr [gssapi]realm/ok-as-delegate=true is set, otherwise keep old 1543178825Sdfr sematics. 1544178825Sdfr 1545178825Sdfr * release_cred.c (gss_release_cred): use 1546178825Sdfr GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be 1547178825Sdfr krb5_cc_destroy-ed 1548178825Sdfr 1549178825Sdfr * acquire_cred.c (acquire_initiator_cred): 1550178825Sdfr GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials. 1551178825Sdfr 1552178825Sdfr * accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite 1553178825Sdfr to use gss_krb5_import_ccache 1554178825Sdfr 1555233294Sstas2005-11-01 Love H��rnquist ��strand <lha@it.su.se> 1556178825Sdfr 1557178825Sdfr * arcfour.c: Remove signedness warnings. 1558178825Sdfr 1559233294Sstas2005-10-31 Love H��rnquist ��strand <lha@it.su.se> 1560178825Sdfr 1561178825Sdfr * gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy 1562178825Sdfr by reference. 1563178825Sdfr 1564178825Sdfr * copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy 1565178825Sdfr of the ccache, make a reference by getting the name and resolving 1566178825Sdfr the name. This way the cache is shared, this flipp side is of 1567178825Sdfr course that if someone calls krb5_cc_destroy the cache is lost for 1568178825Sdfr everyone. 1569178825Sdfr 1570178825Sdfr * test_kcred.c: Remove memory leaks. 1571178825Sdfr 1572233294Sstas2005-10-26 Love H��rnquist ��strand <lha@it.su.se> 1573178825Sdfr 1574178825Sdfr * Makefile.am: build test_kcred 1575178825Sdfr 1576178825Sdfr * gss_acquire_cred.3: Document gss_krb5_import_ccache 1577178825Sdfr 1578178825Sdfr * gssapi.3: Sort and add gss_krb5_import_ccache. 1579178825Sdfr 1580178825Sdfr * acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code 1581178825Sdfr used to extract lifetime from a credential cache 1582178825Sdfr 1583178825Sdfr * gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract 1584178825Sdfr lifetime from a credential cache. 1585178825Sdfr 1586178825Sdfr * gssapi.h: add gss_krb5_import_ccache, reverse of 1587178825Sdfr gss_krb5_copy_ccache 1588178825Sdfr 1589178825Sdfr * copy_ccache.c: add gss_krb5_import_ccache, reverse of 1590178825Sdfr gss_krb5_copy_ccache 1591178825Sdfr 1592178825Sdfr * test_kcred.c: test gss_krb5_import_ccache 1593178825Sdfr 1594233294Sstas2005-10-21 Love H��rnquist ��strand <lha@it.su.se> 1595178825Sdfr 1596178825Sdfr * acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match 1597178825Sdfr to find a matching creditial cache, if that failes, fallback to 1598178825Sdfr the default cache. 1599178825Sdfr 1600233294Sstas2005-10-12 Love H��rnquist ��strand <lha@it.su.se> 1601178825Sdfr 1602178825Sdfr * gssapi_locl.h: Add gssapi_krb5_set_status and 1603178825Sdfr gssapi_krb5_clear_status 1604178825Sdfr 1605178825Sdfr * init_sec_context.c (spnego_reply): Don't pass back raw Kerberos 1606178825Sdfr errors, use GSS-API errors instead. From Michael B Allen. 1607178825Sdfr 1608178825Sdfr * display_status.c: Add gssapi_krb5_clear_status, 1609178825Sdfr gssapi_krb5_set_status for handling error messages. 1610178825Sdfr 1611233294Sstas2005-08-23 Love H��rnquist ��strand <lha@it.su.se> 1612178825Sdfr 1613178825Sdfr * external.c: Use rk_UNCONST to avoid const warning. 1614178825Sdfr 1615178825Sdfr * display_status.c: Constify strings to avoid warnings. 1616178825Sdfr 1617233294Sstas2005-08-11 Love H��rnquist ��strand <lha@it.su.se> 1618178825Sdfr 1619178825Sdfr * init_sec_context.c: avoid warnings, update (c) 1620178825Sdfr 1621233294Sstas2005-07-13 Love H��rnquist ��strand <lha@it.su.se> 1622178825Sdfr 1623178825Sdfr * init_sec_context.c (spnego_initial): use NegotiationToken 1624178825Sdfr encoder now that we have one with the new asn1. compiler. 1625178825Sdfr 1626178825Sdfr * Makefile.am: the new asn.1 compiler includes the modules name in 1627178825Sdfr the depend file 1628178825Sdfr 1629233294Sstas2005-06-16 Love H��rnquist ��strand <lha@it.su.se> 1630178825Sdfr 1631178825Sdfr * decapsulate.c: use rk_UNCONST 1632178825Sdfr 1633178825Sdfr * ccache_name.c: rename to avoid shadowing 1634178825Sdfr 1635178825Sdfr * gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name 1636178825Sdfr 1637178825Sdfr * process_context_token.c: use rk_UNCONST to unconstify 1638178825Sdfr 1639178825Sdfr * test_cred.c: rename optind to optidx 1640178825Sdfr 1641233294Sstas2005-05-30 Love H��rnquist ��strand <lha@it.su.se> 1642178825Sdfr 1643178825Sdfr * init_sec_context.c (init_auth): honor ok-as-delegate if local 1644178825Sdfr configuration approves 1645178825Sdfr 1646178825Sdfr * gssapi_locl.h: prototype for _gss_check_compat 1647178825Sdfr 1648178825Sdfr * compat.c: export check_compat as _gss_check_compat 1649178825Sdfr 1650233294Sstas2005-05-29 Love H��rnquist ��strand <lha@it.su.se> 1651178825Sdfr 1652178825Sdfr * init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid 1653178825Sdfr problems with system headerfiles that pollute the name space. 1654178825Sdfr 1655178825Sdfr * accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid 1656178825Sdfr problems with system headerfiles that pollute the name space. 1657178825Sdfr 1658233294Sstas2005-05-17 Love H��rnquist ��strand <lha@it.su.se> 1659178825Sdfr 1660178825Sdfr * init_sec_context.c (init_auth): set 1661178825Sdfr KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility), 1662178825Sdfr also while here, use krb5_auth_con_addflags 1663178825Sdfr 1664233294Sstas2005-05-06 Love H��rnquist ��strand <lha@it.su.se> 1665178825Sdfr 1666178825Sdfr * arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap 1667178825Sdfr length. From: Tom Maher <tmaher@eecs.berkeley.edu> 1668178825Sdfr 1669178825Sdfr2005-05-02 Dave Love <fx@gnu.org> 1670178825Sdfr 1671178825Sdfr * test_cred.c (main): Call setprogname. 1672178825Sdfr 1673233294Sstas2005-04-27 Love H��rnquist ��strand <lha@it.su.se> 1674178825Sdfr 1675178825Sdfr * prefix all sequence symbols with _, they are not part of the 1676178825Sdfr GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 1677178825Sdfr 1678233294Sstas2005-04-10 Love H��rnquist ��strand <lha@it.su.se> 1679178825Sdfr 1680178825Sdfr * accept_sec_context.c: break out the processing of the delegated 1681178825Sdfr credential to a separate function to make error handling easier, 1682178825Sdfr move the credential handling to after other setup is done 1683178825Sdfr 1684178825Sdfr * test_sequence.c: make less verbose in case of success 1685178825Sdfr 1686178825Sdfr * Makefile.am: add test_sequence to TESTS 1687178825Sdfr 1688233294Sstas2005-04-01 Love H��rnquist ��strand <lha@it.su.se> 1689178825Sdfr 1690178825Sdfr * 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum 1691178825Sdfr isn't NULL From: Nicolas Pouvesle <npouvesle@tenablesecurity.com> 1692178825Sdfr 1693233294Sstas2005-03-21 Love H��rnquist ��strand <lha@it.su.se> 1694178825Sdfr 1695178825Sdfr * Makefile.am: use $(LIB_roken) 1696178825Sdfr 1697233294Sstas2005-03-16 Love H��rnquist ��strand <lha@it.su.se> 1698178825Sdfr 1699178825Sdfr * display_status.c (gssapi_krb5_set_error_string): pass in the 1700178825Sdfr krb5_context to krb5_free_error_string 1701178825Sdfr 1702233294Sstas2005-03-15 Love H��rnquist ��strand <lha@it.su.se> 1703178825Sdfr 1704178825Sdfr * display_status.c (gssapi_krb5_set_error_string): don't misuse 1705178825Sdfr the krb5_get_error_string api 1706178825Sdfr 1707233294Sstas2005-03-01 Love H��rnquist ��strand <lha@it.su.se> 1708178825Sdfr 1709178825Sdfr * compat.c (_gss_DES3_get_mic_compat): don't unlock mutex 1710178825Sdfr here. Bug reported by Stefan Metzmacher <metze@samba.org> 1711178825Sdfr 1712178825Sdfr2005-02-21 Luke Howard <lukeh@padl.com> 1713178825Sdfr 1714178825Sdfr * init_sec_context.c: don't call krb5_get_credentials() with 1715178825Sdfr KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache 1716178825Sdfr growing indefinitely as no key is found with KEYTYPE_NULL 1717178825Sdfr 1718178825Sdfr * compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is 1719178825Sdfr no longer used (however the mechListMIC behaviour is broken, 1720178825Sdfr rfc2478bis support requires the code in the mechglue branch) 1721178825Sdfr 1722178825Sdfr * init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 1723178825Sdfr 1724178825Sdfr * gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 1725178825Sdfr 1726178825Sdfr2005-01-05 Luke Howard <lukeh@padl.com> 1727178825Sdfr 1728178825Sdfr * 8003.c: use symbolic name for checksum type 1729178825Sdfr 1730178825Sdfr * accept_sec_context.c: allow client to indicate 1731178825Sdfr that subkey should be used 1732178825Sdfr 1733178825Sdfr * acquire_cred.c: plug leak 1734178825Sdfr 1735178825Sdfr * get_mic.c: use gss_krb5_get_subkey() instead 1736178825Sdfr of gss_krb5_get_{local,remote}key(), support 1737178825Sdfr KEYTYPE_ARCFOUR_56 1738178825Sdfr 1739178825Sdfr * gssapi_local.c: use gss_krb5_get_subkey(), 1740178825Sdfr support KEYTYPE_ARCFOUR_56 1741178825Sdfr 1742178825Sdfr * import_sec_context.c: plug leak 1743178825Sdfr 1744178825Sdfr * unwrap.c: use gss_krb5_get_subkey(), 1745178825Sdfr support KEYTYPE_ARCFOUR_56 1746178825Sdfr 1747178825Sdfr * verify_mic.c: use gss_krb5_get_subkey(), 1748178825Sdfr support KEYTYPE_ARCFOUR_56 1749178825Sdfr 1750178825Sdfr * wrap.c: use gss_krb5_get_subkey(), 1751178825Sdfr support KEYTYPE_ARCFOUR_56 1752178825Sdfr 1753233294Sstas2004-11-30 Love H��rnquist ��strand <lha@it.su.se> 1754178825Sdfr 1755178825Sdfr * inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and 1756178825Sdfr gss_release_cred to avoid deadlock, from Luke Howard 1757178825Sdfr <lukeh@padl.com>. 1758178825Sdfr 1759233294Sstas2004-09-06 Love H��rnquist ��strand <lha@it.su.se> 1760178825Sdfr 1761178825Sdfr * gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context 1762178825Sdfr was renamed to gsskrb5_extract_authz_data_from_sec_context 1763178825Sdfr 1764233294Sstas2004-08-07 Love H��rnquist ��strand <lha@it.su.se> 1765178825Sdfr 1766178825Sdfr * unwrap.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM> 1767178825Sdfr 1768178825Sdfr * arcfour.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM> 1769178825Sdfr 1770233294Sstas2004-05-06 Love H��rnquist ��strand <lha@it.su.se> 1771178825Sdfr 1772178825Sdfr * gssapi.3: spelling from Josef El-Rayes <josef@FreeBSD.org> while 1773178825Sdfr here, write some text about the SPNEGO situation 1774178825Sdfr 1775233294Sstas2004-04-08 Love H��rnquist ��strand <lha@it.su.se> 1776178825Sdfr 1777178825Sdfr * cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/ 1778178825Sdfr 1779233294Sstas2004-04-07 Love H��rnquist ��strand <lha@it.su.se> 1780178825Sdfr 1781178825Sdfr * gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke 1782178825Sdfr Howard <lukeh@padl.com> 1783178825Sdfr 1784178825Sdfr * init_sec_context.c (spnego_reply): use 1785178825Sdfr _gss_spnego_require_mechlist_mic to figure out if we need to check 1786178825Sdfr MechListMIC; From: Luke Howard <lukeh@padl.com> 1787178825Sdfr 1788178825Sdfr * accept_sec_context.c (send_accept): use 1789178825Sdfr _gss_spnego_require_mechlist_mic to figure out if we need to send 1790178825Sdfr MechListMIC; From: Luke Howard <lukeh@padl.com> 1791178825Sdfr 1792178825Sdfr * gssapi_locl.h: add _gss_spnego_require_mechlist_mic 1793178825Sdfr From: Luke Howard <lukeh@padl.com> 1794178825Sdfr 1795178825Sdfr * compat.c: add _gss_spnego_require_mechlist_mic for compatibility 1796178825Sdfr with MS SPNEGO, From: Luke Howard <lukeh@padl.com> 1797178825Sdfr 1798233294Sstas2004-04-05 Love H��rnquist ��strand <lha@it.su.se> 1799178825Sdfr 1800178825Sdfr * accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is 1801178825Sdfr an enctype, not keytype 1802178825Sdfr 1803178825Sdfr * accept_sec_context.c: use ASN1_MALLOC_ENCODE 1804178825Sdfr 1805178825Sdfr * init_sec_context.c: avoid the malloc loop and just allocate the 1806178825Sdfr propper amount of data 1807178825Sdfr 1808178825Sdfr * init_sec_context.c (spnego_initial): handle mech_token better 1809178825Sdfr 1810233294Sstas2004-03-19 Love H��rnquist ��strand <lha@it.su.se> 1811178825Sdfr 1812178825Sdfr * gssapi.h: add gss_krb5_get_tkt_flags 1813178825Sdfr 1814178825Sdfr * Makefile.am: add ticket_flags.c 1815178825Sdfr 1816178825Sdfr * ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke 1817178825Sdfr Howard <lukeh@PADL.COM> 1818178825Sdfr 1819178825Sdfr * gss_acquire_cred.3: document gss_krb5_get_tkt_flags 1820178825Sdfr 1821233294Sstas2004-03-14 Love H��rnquist ��strand <lha@it.su.se> 1822178825Sdfr 1823178825Sdfr * acquire_cred.c (gss_acquire_cred): check usage before even 1824178825Sdfr bothering to process it, add both keytab and initial tgt if 1825178825Sdfr requested 1826178825Sdfr 1827178825Sdfr * wrap.c: support cfx, try to handle acceptor asserted subkey 1828178825Sdfr 1829178825Sdfr * unwrap.c: support cfx, try to handle acceptor asserted subkey 1830178825Sdfr 1831178825Sdfr * verify_mic.c: support cfx 1832178825Sdfr 1833178825Sdfr * get_mic.c: support cfx 1834178825Sdfr 1835178825Sdfr * test_sequence.c: handle changed signature of 1836178825Sdfr gssapi_msg_order_create 1837178825Sdfr 1838178825Sdfr * import_sec_context.c: handle acceptor asserted subkey 1839178825Sdfr 1840178825Sdfr * init_sec_context.c: handle acceptor asserted subkey 1841178825Sdfr 1842178825Sdfr * accept_sec_context.c: handle acceptor asserted subkey 1843178825Sdfr 1844178825Sdfr * sequence.c: add dummy use_64 argument to gssapi_msg_order_create 1845178825Sdfr 1846178825Sdfr * gssapi_locl.h: add partial support for CFX 1847178825Sdfr 1848178825Sdfr * Makefile.am (noinst_PROGRAMS) += test_cred 1849178825Sdfr 1850178825Sdfr * test_cred.c: gssapi credential testing 1851178825Sdfr 1852178825Sdfr * test_acquire_cred.c: fix comment 1853178825Sdfr 1854233294Sstas2004-03-07 Love H��rnquist ��strand <lha@it.su.se> 1855178825Sdfr 1856178825Sdfr * arcfour.h: drop structures for message formats, no longer used 1857178825Sdfr 1858178825Sdfr * arcfour.c: comment describing message formats 1859178825Sdfr 1860178825Sdfr * accept_sec_context.c (spnego_accept_sec_context): make sure the 1861178825Sdfr length of the choice element doesn't overrun us 1862178825Sdfr 1863178825Sdfr * init_sec_context.c (spnego_reply): make sure the length of the 1864178825Sdfr choice element doesn't overrun us 1865178825Sdfr 1866178825Sdfr * spnego.asn1: move NegotiationToken to avoid warning 1867178825Sdfr 1868178825Sdfr * spnego.asn1: uncomment NegotiationToken 1869178825Sdfr 1870178825Sdfr * Makefile.am: spnego_files += asn1_NegotiationToken.x 1871178825Sdfr 1872233294Sstas2004-01-25 Love H��rnquist ��strand <lha@it.su.se> 1873178825Sdfr 1874178825Sdfr * gssapi.h: add gss_krb5_ccache_name 1875178825Sdfr 1876178825Sdfr * Makefile.am (libgssapi_la_SOURCES): += ccache_name.c 1877178825Sdfr 1878178825Sdfr * ccache_name.c (gss_krb5_ccache_name): help function enable to 1879178825Sdfr set krb5 name, using out_name argument makes function no longer 1880178825Sdfr thread-safe 1881178825Sdfr 1882178825Sdfr * gssapi.3: add missing gss_krb5_ references 1883178825Sdfr 1884178825Sdfr * gss_acquire_cred.3: document gss_krb5_ccache_name 1885178825Sdfr 1886233294Sstas2003-12-12 Love H��rnquist ��strand <lha@it.su.se> 1887178825Sdfr 1888178825Sdfr * cfx.c: make rrc a modulus operation if its longer then the 1889178825Sdfr length of the message, noticed by Sam Hartman 1890178825Sdfr 1891233294Sstas2003-12-07 Love H��rnquist ��strand <lha@it.su.se> 1892178825Sdfr 1893178825Sdfr * accept_sec_context.c: use krb5_auth_con_addflags 1894178825Sdfr 1895233294Sstas2003-12-05 Love H��rnquist ��strand <lha@it.su.se> 1896178825Sdfr 1897178825Sdfr * cfx.c: Wrap token id was in wrong order, found by Sam Hartman 1898178825Sdfr 1899233294Sstas2003-12-04 Love H��rnquist ��strand <lha@it.su.se> 1900178825Sdfr 1901178825Sdfr * cfx.c: add AcceptorSubkey (but no code understand it yet) ignore 1902178825Sdfr unknown token flags 1903178825Sdfr 1904233294Sstas2003-11-22 Love H��rnquist ��strand <lha@it.su.se> 1905178825Sdfr 1906178825Sdfr * accept_sec_context.c: Don't require timestamp to be set on 1907178825Sdfr delegated token, its already protected by the outer token (and 1908178825Sdfr windows doesn't alway send it) Pointed out by Zi-Bin Yang 1909127808Snectar <zbyang@decru.com> on heimdal-discuss 1910127808Snectar 1911233294Sstas2003-11-14 Love H��rnquist ��strand <lha@it.su.se> 1912127808Snectar 1913178825Sdfr * cfx.c: fix {} error, pointed out by Liqiang Zhu 1914127808Snectar 1915233294Sstas2003-11-10 Love H��rnquist ��strand <lha@it.su.se> 1916178825Sdfr 1917178825Sdfr * cfx.c: Sequence number should be stored in bigendian order From: 1918178825Sdfr Luke Howard <lukeh@padl.com> 1919178825Sdfr 1920233294Sstas2003-11-09 Love H��rnquist ��strand <lha@it.su.se> 1921178825Sdfr 1922178825Sdfr * delete_sec_context.c (gss_delete_sec_context): don't free 1923178825Sdfr ticket, krb5_free_ticket does that now 1924178825Sdfr 1925233294Sstas2003-11-06 Love H��rnquist ��strand <lha@it.su.se> 1926178825Sdfr 1927178825Sdfr * cfx.c: checksum the header last in MIC token, update to -03 1928178825Sdfr From: Luke Howard <lukeh@padl.com> 1929178825Sdfr 1930233294Sstas2003-10-07 Love H��rnquist ��strand <lha@it.su.se> 1931127808Snectar 1932178825Sdfr * add_cred.c: If its a MEMORY cc, make a copy. We need to do this 1933178825Sdfr since now gss_release_cred will destroy the cred. This should be 1934178825Sdfr really be solved a better way. 1935178825Sdfr 1936178825Sdfr * acquire_cred.c (gss_release_cred): if its a mcc, destroy it 1937178825Sdfr rather the just release it Found by: "Zi-Bin Yang" 1938178825Sdfr <zbyang@decru.com> 1939178825Sdfr 1940178825Sdfr * acquire_cred.c (acquire_initiator_cred): use kret instead of ret 1941178825Sdfr where appropriate 1942178825Sdfr 1943233294Sstas2003-09-30 Love H��rnquist ��strand <lha@it.su.se> 1944178825Sdfr 1945178825Sdfr * gss_acquire_cred.3: spelling 1946178825Sdfr From: jmc <jmc@prioris.mini.pw.edu.pl> 1947127808Snectar 1948233294Sstas2003-09-23 Love H��rnquist ��strand <lha@it.su.se> 1949178825Sdfr 1950178825Sdfr * cfx.c: - EC and RRC are big-endian, not little-endian - The 1951178825Sdfr default is now to rotate regardless of GSS_C_DCE_STYLE. There are 1952178825Sdfr no longer any references to GSS_C_DCE_STYLE. - rrc_rotate() 1953178825Sdfr avoids allocating memory on the heap if rrc <= 256 1954178825Sdfr From: Luke Howard <lukeh@padl.com> 1955178825Sdfr 1956233294Sstas2003-09-22 Love H��rnquist ��strand <lha@it.su.se> 1957178825Sdfr 1958178825Sdfr * cfx.[ch]: rrc_rotate() was untested and broken, fix it. 1959178825Sdfr Set and verify wrap Token->Filler. 1960178825Sdfr Correct token ID for wrap tokens, 1961178825Sdfr were accidentally swapped with delete tokens. 1962178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1963178825Sdfr 1964233294Sstas2003-09-21 Love H��rnquist ��strand <lha@it.su.se> 1965178825Sdfr 1966178825Sdfr * cfx.[ch]: no ASN.1-ish header on per-message tokens 1967178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1968178825Sdfr 1969233294Sstas2003-09-19 Love H��rnquist ��strand <lha@it.su.se> 1970127808Snectar 1971178825Sdfr * arcfour.h: remove depenency on gss_arcfour_mic_token and 1972178825Sdfr gss_arcfour_warp_token 1973178825Sdfr 1974178825Sdfr * arcfour.c: remove depenency on gss_arcfour_mic_token and 1975178825Sdfr gss_arcfour_warp_token 1976178825Sdfr 1977233294Sstas2003-09-18 Love H��rnquist ��strand <lha@it.su.se> 1978178825Sdfr 1979178825Sdfr * 8003.c: remove #if 0'ed code 1980127808Snectar 1981233294Sstas2003-09-17 Love H��rnquist ��strand <lha@it.su.se> 1982127808Snectar 1983178825Sdfr * accept_sec_context.c (gsskrb5_accept_sec_context): set sequence 1984178825Sdfr number when not requesting mutual auth From: Luke Howard 1985178825Sdfr <lukeh@PADL.COM> 1986178825Sdfr 1987178825Sdfr * init_sec_context.c (init_auth): set sequence number when not 1988178825Sdfr requesting mutual auth From: Luke Howard <lukeh@PADL.COM> 1989127808Snectar 1990233294Sstas2003-09-16 Love H��rnquist ��strand <lha@it.su.se> 1991127808Snectar 1992178825Sdfr * arcfour.c (*): set minor_status 1993178825Sdfr (gss_wrap): set conf_state to conf_req_flags on success 1994178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1995127808Snectar 1996178825Sdfr * wrap.c (gss_wrap_size_limit): use existing function From: Luke 1997178825Sdfr Howard <lukeh@PADL.COM> 1998178825Sdfr 1999233294Sstas2003-09-12 Love H��rnquist ��strand <lha@it.su.se> 2000127808Snectar 2001178825Sdfr * indicate_mechs.c (gss_indicate_mechs): in case of error, free 2002178825Sdfr mech_set 2003178825Sdfr 2004178825Sdfr * indicate_mechs.c (gss_indicate_mechs): add SPNEGO 2005178825Sdfr 2006233294Sstas2003-09-10 Love H��rnquist ��strand <lha@it.su.se> 2007178825Sdfr 2008178825Sdfr * init_sec_context.c (spnego_initial): catch errors and return 2009178825Sdfr them 2010178825Sdfr 2011178825Sdfr * init_sec_context.c (spnego_initial): add #if 0 out version of 2012178825Sdfr the CHOICE branch encoding, also where here, free no longer used 2013178825Sdfr memory 2014178825Sdfr 2015233294Sstas2003-09-09 Love H��rnquist ��strand <lha@it.su.se> 2016178825Sdfr 2017178825Sdfr * gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM 2018127808Snectar 2019178825Sdfr * accept_sec_context.c: SPNEGO doesn't include gss wrapping on 2020178825Sdfr SubsequentContextToken like the Kerberos 5 mech does. 2021178825Sdfr 2022178825Sdfr * init_sec_context.c (spnego_reply): SPNEGO doesn't include gss 2023178825Sdfr wrapping on SubsequentContextToken like the Kerberos 5 mech 2024178825Sdfr does. Lets check for it anyway. 2025178825Sdfr 2026178825Sdfr * accept_sec_context.c: Add support for SPNEGO on the initator 2027178825Sdfr side. Implementation initially from Assar Westerlund, passes 2028178825Sdfr though quite a lot of hands before I commited it. 2029178825Sdfr 2030178825Sdfr * init_sec_context.c: Add support for SPNEGO on the initator side. 2031178825Sdfr Tested with ldap server on a Windows 2000 DC. Implementation 2032178825Sdfr initially from Assar Westerlund, passes though quite a lot of 2033178825Sdfr hands before I commited it. 2034178825Sdfr 2035178825Sdfr * gssapi.h: export GSS_SPNEGO_MECHANISM 2036178825Sdfr 2037178825Sdfr * gssapi_locl.h: include spnego_as.h add prototype for 2038178825Sdfr gssapi_krb5_get_mech 2039178825Sdfr 2040178825Sdfr * decapsulate.c (gssapi_krb5_get_mech): make non static 2041178825Sdfr 2042178825Sdfr * Makefile.am: build SPNEGO file 2043178825Sdfr 2044233294Sstas2003-09-08 Love H��rnquist ��strand <lha@it.su.se> 2045127808Snectar 2046178825Sdfr * external.c: SPENGO and IAKERB oids 2047127808Snectar 2048178825Sdfr * spnego.asn1: SPENGO ASN1 2049127808Snectar 2050233294Sstas2003-09-05 Love H��rnquist ��strand <lha@it.su.se> 2051127808Snectar 2052178825Sdfr * cfx.c: RRC also need to be zero before wraping them 2053178825Sdfr From: Luke Howard <lukeh@PADL.COM> 2054127808Snectar 2055233294Sstas2003-09-04 Love H��rnquist ��strand <lha@it.su.se> 2056127808Snectar 2057178825Sdfr * encapsulate.c (gssapi_krb5_encap_length): don't return void 2058127808Snectar 2059233294Sstas2003-09-03 Love H��rnquist ��strand <lha@it.su.se> 2060178825Sdfr 2061178825Sdfr * verify_mic.c: switch from the des_ to the DES_ api 2062127808Snectar 2063178825Sdfr * get_mic.c: switch from the des_ to the DES_ api 2064178825Sdfr 2065178825Sdfr * unwrap.c: switch from the des_ to the DES_ api 2066178825Sdfr 2067178825Sdfr * wrap.c: switch from the des_ to the DES_ api 2068178825Sdfr 2069178825Sdfr * cfx.c: EC is not included in the checksum since the length might 2070178825Sdfr change depending on the data. From: Luke Howard <lukeh@PADL.COM> 2071178825Sdfr 2072178825Sdfr * acquire_cred.c: use 2073178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 2074127808Snectar 2075233294Sstas2003-09-01 Love H��rnquist ��strand <lha@it.su.se> 2076178825Sdfr 2077178825Sdfr * copy_ccache.c: rename 2078178825Sdfr gss_krb5_extract_authz_data_from_sec_context to 2079178825Sdfr gsskrb5_extract_authz_data_from_sec_context 2080178825Sdfr 2081178825Sdfr * gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to 2082178825Sdfr gsskrb5_extract_authz_data_from_sec_context 2083178825Sdfr 2084233294Sstas2003-08-31 Love H��rnquist ��strand <lha@it.su.se> 2085178825Sdfr 2086178825Sdfr * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context): 2087178825Sdfr check that we have a ticket before we start to use it 2088178825Sdfr 2089178825Sdfr * gss_acquire_cred.3: document 2090178825Sdfr gss_krb5_extract_authz_data_from_sec_context 2091178825Sdfr 2092178825Sdfr * gssapi.h (gss_krb5_extract_authz_data_from_sec_context): 2093178825Sdfr return the kerberos authorizationdata, from idea of Luke Howard 2094178825Sdfr 2095178825Sdfr * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context): 2096178825Sdfr return the kerberos authorizationdata, from idea of Luke Howard 2097178825Sdfr 2098178825Sdfr * verify_mic.c (gss_verify_mic_internal): switch type and key 2099178825Sdfr argument 2100178825Sdfr 2101233294Sstas2003-08-30 Love H��rnquist ��strand <lha@it.su.se> 2102178825Sdfr 2103178825Sdfr * cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation 2104178825Sdfr From: Luke Howard <lukeh@PADL.COM> 2105178825Sdfr 2106233294Sstas2003-08-28 Love H��rnquist ��strand <lha@it.su.se> 2107178825Sdfr 2108178825Sdfr * arcfour.c (arcfour_mic_cksum): use free_Checksum to free the 2109178825Sdfr checksum 2110178825Sdfr 2111178825Sdfr * arcfour.h: swap two last arguments to verify_mic for consistency 2112178825Sdfr with des3 2113178825Sdfr 2114178825Sdfr * wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h: 2115178825Sdfr prefix cfx symbols with _gssapi_ 2116178825Sdfr 2117178825Sdfr * arcfour.c: release the right buffer 2118178825Sdfr 2119178825Sdfr * arcfour.c: rename token structure in consistency with rest of 2120178825Sdfr GSS-API From: Luke Howard <lukeh@PADL.COM> 2121178825Sdfr 2122178825Sdfr * unwrap.c (unwrap_des3): use _gssapi_verify_pad 2123178825Sdfr (unwrap_des): use _gssapi_verify_pad 2124178825Sdfr 2125178825Sdfr * arcfour.c (_gssapi_wrap_arcfour): set the correct padding 2126178825Sdfr (_gssapi_unwrap_arcfour): verify and strip padding 2127178825Sdfr 2128178825Sdfr * gssapi_locl.h: added _gssapi_verify_pad 2129178825Sdfr 2130178825Sdfr * decapsulate.c (_gssapi_verify_pad): verify padding of a gss 2131178825Sdfr wrapped message and return its length 2132178825Sdfr 2133178825Sdfr * arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard 2134178825Sdfr <lukeh@PADL.COM> 2135178825Sdfr 2136178825Sdfr * arcfour.c: use right seal alg, inherit keytype from parent key 2137178825Sdfr 2138178825Sdfr * arcfour.c: include the confounder in the checksum use the right 2139178825Sdfr key usage number for warped/unwraped tokens 2140178825Sdfr 2141178825Sdfr * gssapi.h: add gss_krb5_nt_general_name as an mit compat glue 2142178825Sdfr (same as GSS_KRB5_NT_PRINCIPAL_NAME) 2143178825Sdfr 2144178825Sdfr * unwrap.c: hook in arcfour unwrap 2145178825Sdfr 2146178825Sdfr * wrap.c: hook in arcfour wrap 2147178825Sdfr 2148178825Sdfr * verify_mic.c: hook in arcfour verify_mic 2149178825Sdfr 2150178825Sdfr * get_mic.c: hook in arcfour get_mic 2151178825Sdfr 2152178825Sdfr * arcfour.c: implement wrap/unwarp 2153178825Sdfr 2154178825Sdfr * gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32 2155178825Sdfr 2156178825Sdfr * 8003.c: add gssapi_{en,de}code_be_om_uint32 2157178825Sdfr 2158233294Sstas2003-08-27 Love H��rnquist ��strand <lha@it.su.se> 2159178825Sdfr 2160178825Sdfr * arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right 2161178825Sdfr area. Swap filler check, it was reversed. 2162178825Sdfr 2163178825Sdfr * Makefile.am (libgssapi_la_SOURCES): += arcfour.c 2164178825Sdfr 2165178825Sdfr * gssapi_locl.h: include "arcfour.h" 2166178825Sdfr 2167178825Sdfr * arcfour.c: arcfour gss-api mech, get_mic/verify_mic working 2168178825Sdfr 2169178825Sdfr * arcfour.h: arcfour gss-api mech, get_mic/verify_mic working 2170178825Sdfr 2171233294Sstas2003-08-26 Love H��rnquist ��strand <lha@it.su.se> 2172178825Sdfr 2173178825Sdfr * gssapi_locl.h: always include cfx.h add prototype for 2174178825Sdfr _gssapi_decapsulate 2175178825Sdfr 2176178825Sdfr * cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt 2177178825Sdfr from Luke Howard <lukeh@PADL.COM> 2178178825Sdfr 2179178825Sdfr * decapsulate.c: add _gssapi_decapsulate, from Luke Howard 2180178825Sdfr <lukeh@PADL.COM> 2181178825Sdfr 2182233294Sstas2003-08-25 Love H��rnquist ��strand <lha@it.su.se> 2183178825Sdfr 2184178825Sdfr * unwrap.c: encap/decap now takes a oid if the enctype/keytype is 2185178825Sdfr arcfour, return error add hook for cfx 2186178825Sdfr 2187178825Sdfr * verify_mic.c: encap/decap now takes a oid if the enctype/keytype 2188178825Sdfr is arcfour, return error add hook for cfx 2189178825Sdfr 2190178825Sdfr * get_mic.c: encap/decap now takes a oid if the enctype/keytype is 2191178825Sdfr arcfour, return error add hook for cfx 2192178825Sdfr 2193178825Sdfr * accept_sec_context.c: encap/decap now takes a oid 2194178825Sdfr 2195178825Sdfr * init_sec_context.c: encap/decap now takes a oid 2196178825Sdfr 2197178825Sdfr * gssapi_locl.h: include cfx.h if we need it lifetime is a 2198178825Sdfr OM_uint32, depend on gssapi interface add all new encap/decap 2199178825Sdfr functions 2200178825Sdfr 2201178825Sdfr * decapsulate.c: add decap functions that doesn't take the token 2202178825Sdfr type also make all decap function take the oid mech that they 2203178825Sdfr should use 2204178825Sdfr 2205178825Sdfr * encapsulate.c: add encap functions that doesn't take the token 2206178825Sdfr type also make all encap function take the oid mech that they 2207178825Sdfr should use 2208178825Sdfr 2209178825Sdfr * sequence.c (elem_insert): fix a off by one index counter 2210178825Sdfr 2211178825Sdfr * inquire_cred.c (gss_inquire_cred): handle cred_handle being 2212178825Sdfr GSS_C_NO_CREDENTIAL and use the default cred then. 2213178825Sdfr 2214233294Sstas2003-08-19 Love H��rnquist ��strand <lha@it.su.se> 2215178825Sdfr 2216178825Sdfr * gss_acquire_cred.3: break out extensions and document 2217178825Sdfr gsskrb5_register_acceptor_identity 2218178825Sdfr 2219233294Sstas2003-08-18 Love H��rnquist ��strand <lha@it.su.se> 2220178825Sdfr 2221178825Sdfr * test_acquire_cred.c (print_time): time is returned in seconds 2222178825Sdfr from now, not unix time 2223178825Sdfr 2224233294Sstas2003-08-17 Love H��rnquist ��strand <lha@it.su.se> 2225178825Sdfr 2226178825Sdfr * compat.c (check_compat): avoid leaking principal when finding a 2227178825Sdfr match 2228178825Sdfr 2229178825Sdfr * address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is 2230178825Sdfr a krb5_socklen_t 2231178825Sdfr 2232178825Sdfr * acquire_cred.c (gss_acquire_cred): 4th argument to 2233178825Sdfr gss_test_oid_set_member is a int 2234178825Sdfr 2235233294Sstas2003-07-22 Love H��rnquist ��strand <lha@it.su.se> 2236178825Sdfr 2237178825Sdfr * init_sec_context.c (repl_mutual): don't set kerberos error where 2238178825Sdfr there was no kerberos error 2239178825Sdfr 2240178825Sdfr * gssapi_locl.h: Add destruction/creation prototypes and structure 2241178825Sdfr for the thread specific storage. 2242178825Sdfr 2243178825Sdfr * display_status.c: use thread specific storage to set/get the 2244178825Sdfr kerberos error message 2245178825Sdfr 2246178825Sdfr * init.c: Provide locking around the creation of the global 2247178825Sdfr krb5_context. Add destruction/creation functions for the thread 2248178825Sdfr specific storage that the error string handling is using. 2249178825Sdfr 2250233294Sstas2003-07-20 Love H��rnquist ��strand <lha@it.su.se> 2251178825Sdfr 2252178825Sdfr * gss_acquire_cred.3: add missing prototype and missing .Ft 2253178825Sdfr arguments 2254178825Sdfr 2255233294Sstas2003-06-17 Love H��rnquist ��strand <lha@it.su.se> 2256178825Sdfr 2257178825Sdfr * verify_mic.c: reorder code so sequence numbers can can be used 2258178825Sdfr 2259178825Sdfr * unwrap.c: reorder code so sequence numbers can can be used 2260178825Sdfr 2261178825Sdfr * sequence.c: remove unused function, indent, add 2262178825Sdfr gssapi_msg_order_f that filter gss flags to gss_msg_order flags 2263178825Sdfr 2264178825Sdfr * gssapi_locl.h: prototypes for 2265178825Sdfr gssapi_{encode_om_uint32,decode_om_uint32} add sequence number 2266178825Sdfr verifier prototypes 2267178825Sdfr 2268178825Sdfr * delete_sec_context.c: destroy sequence number verifier 2269178825Sdfr 2270178825Sdfr * init_sec_context.c: remember to free data use sequence number 2271178825Sdfr verifier 2272178825Sdfr 2273178825Sdfr * accept_sec_context.c: don't clear output_token twice remember to 2274178825Sdfr free data use sequence number verifier 2275178825Sdfr 2276178825Sdfr * 8003.c: export and rename encode_om_uint32/decode_om_uint32 and 2277178825Sdfr start to use them 2278178825Sdfr 2279178825Sdfr2003-06-09 Johan Danielsson <joda@pdc.kth.se> 2280178825Sdfr 2281178825Sdfr * Makefile.am: can't have sequence.c in two different places 2282178825Sdfr 2283233294Sstas2003-06-06 Love H��rnquist ��strand <lha@it.su.se> 2284178825Sdfr 2285178825Sdfr * test_sequence.c: check rollover, print summery 2286178825Sdfr 2287178825Sdfr * wrap.c (sub_wrap_size): gss_wrap_size_limit() has 2288178825Sdfr req_output_size and max_input_size around the wrong way -- it 2289178825Sdfr returns the output token size for a given input size, rather than 2290178825Sdfr the maximum input size for a given output token size. 2291178825Sdfr 2292178825Sdfr From: Luke Howard <lukeh@PADL.COM> 2293178825Sdfr 2294233294Sstas2003-06-05 Love H��rnquist ��strand <lha@it.su.se> 2295178825Sdfr 2296178825Sdfr * gssapi_locl.h: add prototypes for sequence.c 2297178825Sdfr 2298178825Sdfr * Makefile.am (libgssapi_la_SOURCES): add sequence.c 2299178825Sdfr (test_sequence): build 2300178825Sdfr 2301178825Sdfr * sequence.c: sequence number checks, order and replay 2302178825Sdfr * test_sequence.c: sequence number checks, order and replay 2303178825Sdfr 2304233294Sstas2003-06-03 Love H��rnquist ��strand <lha@it.su.se> 2305178825Sdfr 2306178825Sdfr * accept_sec_context.c (gss_accept_sec_context): make sure time is 2307127808Snectar returned in seconds from now, not in kerberos time 2308127808Snectar 2309178825Sdfr * acquire_cred.c (gss_aquire_cred): make sure time is returned in 2310178825Sdfr seconds from now, not in kerberos time 2311127808Snectar 2312178825Sdfr * init_sec_context.c (init_auth): if the cred is expired before we 2313178825Sdfr tries to create a token, fail so the peer doesn't need reject us 2314178825Sdfr (*): make sure time is returned in seconds from now, 2315178825Sdfr not in kerberos time 2316178825Sdfr (repl_mutual): remember to unlock the context mutex 2317120945Snectar 2318178825Sdfr * context_time.c (gss_context_time): remove unused variable 2319178825Sdfr 2320178825Sdfr * verify_mic.c: make sure minor_status is always set, pointed out 2321178825Sdfr by Luke Howard <lukeh@PADL.COM> 2322120945Snectar 2323233294Sstas2003-05-21 Love H��rnquist ��strand <lha@it.su.se> 2324178825Sdfr 2325178825Sdfr * *.[ch]: do some basic locking (no reference counting so contexts 2326178825Sdfr can be removed while still used) 2327178825Sdfr - don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct 2328178825Sdfr - make sure all lifetime are returned in seconds left until expired, 2329178825Sdfr not in unix epoch 2330178825Sdfr 2331178825Sdfr * gss_acquire_cred.3: document argument lifetime_rec to function 2332178825Sdfr gss_inquire_context 2333178825Sdfr 2334233294Sstas2003-05-17 Love H��rnquist ��strand <lha@it.su.se> 2335178825Sdfr 2336178825Sdfr * test_acquire_cred.c: test gss_add_cred more then once 2337178825Sdfr 2338233294Sstas2003-05-06 Love H��rnquist ��strand <lha@it.su.se> 2339178825Sdfr 2340178825Sdfr * gssapi.h: if __cplusplus, wrap the extern variable (just to be 2341178825Sdfr safe) and functions in extern "C" { } 2342178825Sdfr 2343233294Sstas2003-04-30 Love H��rnquist ��strand <lha@it.su.se> 2344120945Snectar 2345120945Snectar * gssapi.3: more about the des3 mic mess 2346120945Snectar 2347178825Sdfr * verify_mic.c (verify_mic_des3): always check if the mic is the 2348178825Sdfr correct mic or the mic that old heimdal would have generated 2349120945Snectar 2350178825Sdfr2003-04-28 Jacques Vidrine <nectar@kth.se> 2351120945Snectar 2352178825Sdfr * verify_mic.c (verify_mic_des3): If MIC verification fails, 2353178825Sdfr retry using the `old' MIC computation (with zero IV). 2354178825Sdfr 2355233294Sstas2003-04-26 Love H��rnquist ��strand <lha@it.su.se> 2356178825Sdfr 2357178825Sdfr * gss_acquire_cred.3: more about difference between comparing IN 2358178825Sdfr and MN 2359178825Sdfr 2360178825Sdfr * gss_acquire_cred.3: more about name type and access control 2361120945Snectar 2362233294Sstas2003-04-25 Love H��rnquist ��strand <lha@it.su.se> 2363120945Snectar 2364178825Sdfr * gss_acquire_cred.3: document gss_context_time 2365120945Snectar 2366178825Sdfr * context_time.c: if lifetime of context have expired, set 2367178825Sdfr time_rec to 0 and return GSS_S_CONTEXT_EXPIRED 2368178825Sdfr 2369178825Sdfr * gssapi.3: document [gssapi]correct_des3_mic 2370120945Snectar [gssapi]broken_des3_mic 2371120945Snectar 2372178825Sdfr * gss_acquire_cred.3: document gss_krb5_compat_des3_mic 2373178825Sdfr 2374178825Sdfr * compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3 2375178825Sdfr mic compat 2376120945Snectar (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too 2377120945Snectar 2378178825Sdfr * gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off 2379178825Sdfr des3 mic compat 2380120945Snectar (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if 2381120945Snectar gss_krb5_compat_des3_mic exists 2382120945Snectar 2383233294Sstas2003-04-24 Love H��rnquist ��strand <lha@it.su.se> 2384178825Sdfr 2385178825Sdfr * Makefile.am: (libgssapi_la_LDFLAGS): update major 2386178825Sdfr version of gssapi for incompatiblity in 3des getmic support 2387178825Sdfr 2388233294Sstas2003-04-23 Love H��rnquist ��strand <lha@it.su.se> 2389120945Snectar 2390178825Sdfr * Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not 2391178825Sdfr ./libgssapi.la (make make -jN work) 2392178825Sdfr 2393233294Sstas2003-04-16 Love H��rnquist ��strand <lha@it.su.se> 2394120945Snectar 2395120945Snectar * gssapi.3: spelling 2396120945Snectar 2397120945Snectar * gss_acquire_cred.3: Change .Fd #include <header.h> to .In 2398120945Snectar header.h, from Thomas Klausner <wiz@netbsd.org> 2399120945Snectar 2400120945Snectar 2401233294Sstas2003-04-06 Love H��rnquist ��strand <lha@it.su.se> 2402120945Snectar 2403120945Snectar * gss_acquire_cred.3: spelling 2404120945Snectar 2405120945Snectar * Makefile.am: remove stuff that sneaked in with last commit 2406120945Snectar 2407120945Snectar * acquire_cred.c (acquire_initiator_cred): if the requested name 2408120945Snectar isn't in the ccache, also check keytab. Extact the krbtgt for the 2409120945Snectar default realm to check how long the credentials will last. 2410120945Snectar 2411120945Snectar * add_cred.c (gss_add_cred): don't create a new ccache, just open 2412120945Snectar the old one; better check if output handle is compatible with new 2413120945Snectar (copied) handle 2414120945Snectar 2415120945Snectar * test_acquire_cred.c: test gss_add_cred too 2416120945Snectar 2417233294Sstas2003-04-03 Love H��rnquist ��strand <lha@it.su.se> 2418120945Snectar 2419120945Snectar * Makefile.am: build test_acquire_cred 2420120945Snectar 2421120945Snectar * test_acquire_cred.c: simple gss_acquire_cred test 2422120945Snectar 2423233294Sstas2003-04-02 Love H��rnquist ��strand <lha@it.su.se> 2424120945Snectar 2425120945Snectar * gss_acquire_cred.3: s/gssapi/GSS-API/ 2426120945Snectar 2427233294Sstas2003-03-19 Love H��rnquist ��strand <lha@it.su.se> 2428120945Snectar 2429120945Snectar * gss_acquire_cred.3: document v1 interface (and that they are 2430120945Snectar obsolete) 2431120945Snectar 2432233294Sstas2003-03-18 Love H��rnquist ��strand <lha@it.su.se> 2433120945Snectar 2434120945Snectar * gss_acquire_cred.3: list supported mechanism and nametypes 2435120945Snectar 2436233294Sstas2003-03-16 Love H��rnquist ��strand <lha@it.su.se> 2437120945Snectar 2438120945Snectar * gss_acquire_cred.3: text about gss_display_name 2439120945Snectar 2440120945Snectar * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 2441120945Snectar (libgssapi_la_SOURCES): add all new functions 2442120945Snectar 2443120945Snectar * gssapi.3: now that we have a functions, uncomment the missing 2444120945Snectar ones 2445120945Snectar 2446120945Snectar * gss_acquire_cred.3: now that we have a functions, uncomment the 2447120945Snectar missing ones 2448120945Snectar 2449120945Snectar * process_context_token.c: implement gss_process_context_token 2450120945Snectar 2451120945Snectar * inquire_names_for_mech.c: implement gss_inquire_names_for_mech 2452120945Snectar 2453120945Snectar * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name 2454120945Snectar 2455120945Snectar * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech 2456120945Snectar 2457120945Snectar * add_cred.c: implement gss_add_cred 2458120945Snectar 2459120945Snectar * acquire_cred.c (gss_acquire_cred): more testing of input 2460120945Snectar argument, make sure output arguments are ok, since we don't know 2461120945Snectar the time_rec (for now), set it to time_req 2462120945Snectar 2463120945Snectar * export_sec_context.c: send lifetime, also set minor_status 2464120945Snectar 2465120945Snectar * get_mic.c: set minor_status 2466120945Snectar 2467120945Snectar * import_sec_context.c (gss_import_sec_context): add error 2468120945Snectar checking, pick up lifetime (if there is no lifetime, use 2469120945Snectar GSS_C_INDEFINITE) 2470120945Snectar 2471120945Snectar * init_sec_context.c: take care to set export value to something 2472120945Snectar sane before we start so caller will have harmless values in them 2473120945Snectar if then function fails 2474120945Snectar 2475120945Snectar * release_buffer.c (gss_release_buffer): set minor_status 2476120945Snectar 2477120945Snectar * wrap.c: make sure minor_status get set 2478120945Snectar 2479120945Snectar * verify_mic.c (gss_verify_mic_internal): rename verify_mic to 2480120945Snectar gss_verify_mic_internal and let it take the type as an argument, 2481120945Snectar (gss_verify_mic): call gss_verify_mic_internal 2482120945Snectar set minor_status 2483120945Snectar 2484120945Snectar * unwrap.c: set minor_status 2485120945Snectar 2486120945Snectar * test_oid_set_member.c (gss_test_oid_set_member): use 2487120945Snectar gss_oid_equal 2488120945Snectar 2489120945Snectar * release_oid_set.c (gss_release_oid_set): set minor_status 2490120945Snectar 2491120945Snectar * release_name.c (gss_release_name): set minor_status 2492120945Snectar 2493120945Snectar * release_cred.c (gss_release_cred): set minor_status 2494120945Snectar 2495120945Snectar * add_oid_set_member.c (gss_add_oid_set_member): set minor_status 2496120945Snectar 2497120945Snectar * compare_name.c (gss_compare_name): set minor_status 2498120945Snectar 2499120945Snectar * compat.c (check_compat): make sure ret have a defined value 2500120945Snectar 2501120945Snectar * context_time.c (gss_context_time): set minor_status 2502120945Snectar 2503120945Snectar * copy_ccache.c (gss_krb5_copy_ccache): set minor_status 2504120945Snectar 2505120945Snectar * create_emtpy_oid_set.c (gss_create_empty_oid_set): set 2506120945Snectar minor_status 2507120945Snectar 2508120945Snectar * delete_sec_context.c (gss_delete_sec_context): set minor_status 2509120945Snectar 2510120945Snectar * display_name.c (gss_display_name): set minor_status 2511120945Snectar 2512120945Snectar * display_status.c (gss_display_status): use gss_oid_equal, handle 2513120945Snectar supplementary errors 2514120945Snectar 2515120945Snectar * duplicate_name.c (gss_duplicate_name): set minor_status 2516120945Snectar 2517120945Snectar * inquire_context.c (gss_inquire_context): set lifetime_rec now 2518120945Snectar when we know it, set minor_status 2519120945Snectar 2520120945Snectar * inquire_cred.c (gss_inquire_cred): take care to set export value 2521120945Snectar to something sane before we start so caller will have harmless 2522120945Snectar values in them if the function fails 2523120945Snectar 2524120945Snectar * accept_sec_context.c (gss_accept_sec_context): take care to set 2525120945Snectar export value to something sane before we start so caller will have 2526120945Snectar harmless values in them if then function fails, set lifetime from 2527120945Snectar ticket expiration date 2528120945Snectar 2529120945Snectar * indicate_mechs.c (gss_indicate_mechs): use 2530120945Snectar gss_create_empty_oid_set and gss_add_oid_set_member 2531120945Snectar 2532120945Snectar * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, 2533120945Snectar since there is no ticket transfered in the exported context 2534120945Snectar 2535120945Snectar * export_name.c (gss_export_name): export name with 2536120945Snectar GSS_C_NT_EXPORT_NAME wrapping, not just the principal 2537120945Snectar 2538120945Snectar * import_name.c (import_export_name): new function, parses a 2539120945Snectar GSS_C_NT_EXPORT_NAME 2540120945Snectar (import_krb5_name): factor out common code of parsing krb5 name 2541120945Snectar (gss_oid_equal): rename from oid_equal 2542120945Snectar 2543120945Snectar * gssapi_locl.h: add prototypes for gss_oid_equal and 2544120945Snectar gss_verify_mic_internal 2545120945Snectar 2546120945Snectar * gssapi.h: comment out the argument names 2547120945Snectar 2548233294Sstas2003-03-15 Love H��rnquist ��strand <lha@it.su.se> 2549120945Snectar 2550120945Snectar * gssapi.3: add LIST OF FUNCTIONS and copyright/license 2551120945Snectar 2552120945Snectar * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ 2553120945Snectar 2554120945Snectar * Makefile.am: man_MANS += gss_aquire_cred.3 2555120945Snectar 2556233294Sstas2003-03-14 Love H��rnquist ��strand <lha@it.su.se> 2557120945Snectar 2558120945Snectar * gss_aquire_cred.3: the gssapi api manpage 2559120945Snectar 2560233294Sstas2003-03-03 Love H��rnquist ��strand <lha@it.su.se> 2561120945Snectar 2562120945Snectar * inquire_context.c: (gss_inquire_context): rename argument open 2563120945Snectar to open_context 2564120945Snectar 2565120945Snectar * gssapi.h (gss_inquire_context): rename argument open to open_context 2566120945Snectar 2567233294Sstas2003-02-27 Love H��rnquist ��strand <lha@it.su.se> 2568120945Snectar 2569120945Snectar * init_sec_context.c (do_delegation): remove unused variable 2570120945Snectar subkey 2571120945Snectar 2572120945Snectar * gssapi.3: all 0.5.x version had broken token delegation 2573120945Snectar 2574233294Sstas2003-02-21 Love H��rnquist ��strand <lha@it.su.se> 2575120945Snectar 2576120945Snectar * (init_auth): only generate one subkey 2577120945Snectar 2578233294Sstas2003-01-27 Love H��rnquist ��strand <lha@it.su.se> 2579120945Snectar 2580120945Snectar * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform 2581120945Snectar to rfc (and mit kerberos), provide backward compat hook 2582120945Snectar 2583120945Snectar * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and 2584120945Snectar mit kerberos), provide backward compat hook 2585120945Snectar 2586120945Snectar * init_sec_context.c (init_auth): check if we need compat for 2587120945Snectar older get_mic/verify_mic 2588120945Snectar 2589120945Snectar * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat 2590120945Snectar 2591120945Snectar * gssapi.h (more_flags): add COMPAT_OLD_DES3 2592120945Snectar 2593120945Snectar * Makefile.am: add gssapi.3 and compat.c 2594120945Snectar 2595120945Snectar * gssapi.3: add gssapi COMPATIBILITY documentation 2596120945Snectar 2597120945Snectar * accept_sec_context.c (gss_accept_sec_context): check if we need 2598120945Snectar compat for older get_mic/verify_mic 2599120945Snectar 2600120945Snectar * compat.c: check for compatiblity with other heimdal's 3des 2601120945Snectar get_mic/verify_mic 2602120945Snectar 2603120945Snectar2002-10-31 Johan Danielsson <joda@pdc.kth.se> 2604120945Snectar 2605120945Snectar * check return value from gssapi_krb5_init 2606120945Snectar 2607120945Snectar * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input 2608120945Snectar 2609103423Snectar2002-09-03 Johan Danielsson <joda@pdc.kth.se> 2610103423Snectar 2611103423Snectar * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE 2612103423Snectar 2613103423Snectar * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 2614103423Snectar 2615103423Snectar2002-09-02 Johan Danielsson <joda@pdc.kth.se> 2616103423Snectar 2617103423Snectar * init_sec_context.c: we need to generate a local subkey here 2618103423Snectar 2619102644Snectar2002-08-20 Jacques Vidrine <n@nectar.com> 2620102644Snectar 2621102644Snectar * acquire_cred.c, inquire_cred.c, release_cred.c: Use default 2622102644Snectar credential resolution if gss_acquire_cred is called with 2623102644Snectar GSS_C_NO_NAME. 2624102644Snectar 2625102644Snectar2002-06-20 Jacques Vidrine <n@nectar.com> 2626102644Snectar 2627102644Snectar * import_name.c: Compare name types by value if pointers do 2628102644Snectar not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> 2629102644Snectar 2630102644Snectar2002-05-20 Jacques Vidrine <n@nectar.com> 2631102644Snectar 2632102644Snectar * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize 2633102644Snectar the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> 2634102644Snectar 2635102644Snectar2002-05-09 Jacques Vidrine <n@nectar.com> 2636102644Snectar 2637102644Snectar * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 2638102644Snectar 2639102644Snectar2002-05-08 Jacques Vidrine <n@nectar.com> 2640102644Snectar 2641102644Snectar * acquire_cred.c: initialize gssapi; handle null desired_name 2642102644Snectar 2643102644Snectar2002-03-22 Johan Danielsson <joda@pdc.kth.se> 2644102644Snectar 2645102644Snectar * Makefile.am: remove non-functional stuff accidentally committed 2646102644Snectar 2647102644Snectar2002-03-11 Assar Westerlund <assar@sics.se> 2648102644Snectar 2649102644Snectar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 2650102644Snectar * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel 2651102644Snectar bindings 2652102644Snectar 265390926Snectar2001-10-31 Jacques Vidrine <n@nectar.com> 265490926Snectar 265590926Snectar * get_mic.c (mic_des3): MIC computation using DES3/SHA1 265690926Snectar was bogusly appending the message buffer to the result, 265790926Snectar overwriting a heap buffer in the process. 265890926Snectar 265990926Snectar2001-08-29 Assar Westerlund <assar@sics.se> 266090926Snectar 266190926Snectar * 8003.c (gssapi_krb5_verify_8003_checksum, 266290926Snectar gssapi_krb5_create_8003_checksum): make more consistent by always 266390926Snectar returning an gssapi error and setting minor status. update 266490926Snectar callers 266590926Snectar 266690926Snectar2001-08-28 Jacques Vidrine <n@nectar.com> 266790926Snectar 266890926Snectar * accept_sec_context.c: Create a cache for delegated credentials 266990926Snectar when needed. 267090926Snectar 267190926Snectar2001-08-28 Assar Westerlund <assar@sics.se> 267290926Snectar 267390926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 267490926Snectar 267590926Snectar2001-08-23 Assar Westerlund <assar@sics.se> 267690926Snectar 267790926Snectar * *.c: handle minor_status more consistently 267890926Snectar 267990926Snectar * display_status.c (gss_display_status): handle krb5_get_err_text 268090926Snectar failing 268190926Snectar 268290926Snectar2001-08-15 Johan Danielsson <joda@pdc.kth.se> 268390926Snectar 268490926Snectar * gssapi_locl.h: fix prototype for gssapi_krb5_init 268590926Snectar 268690926Snectar2001-08-13 Johan Danielsson <joda@pdc.kth.se> 268790926Snectar 268890926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): init 268990926Snectar context and check return value from kt_resolve 269090926Snectar 269190926Snectar * init.c: return error code 269290926Snectar 269390926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 269490926Snectar 269590926Snectar * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 269690926Snectar 269790926Snectar2001-07-12 Assar Westerlund <assar@sics.se> 269890926Snectar 269990926Snectar * Makefile.am (libgssapi_la_LIBADD): add required library 270090926Snectar dependencies 270190926Snectar 270290926Snectar2001-07-06 Assar Westerlund <assar@sics.se> 270390926Snectar 270490926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): set 270590926Snectar the keytab to be used for gss_acquire_cred too' 270690926Snectar 270790926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 270890926Snectar 270990926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 271090926Snectar 271190926Snectar2001-06-18 Assar Westerlund <assar@sics.se> 271290926Snectar 271390926Snectar * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 271490926Snectar and gss_krb5_get_remotekey 271590926Snectar * verify_mic.c: update krb5_auth_con function names use 271690926Snectar gss_krb5_get_remotekey 271790926Snectar * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 271890926Snectar and gss_krb5_get_remotekey 271990926Snectar * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): 272090926Snectar add prototypes 272190926Snectar * get_mic.c: update krb5_auth_con function names. use 272290926Snectar gss_krb5_get_localkey 272390926Snectar * accept_sec_context.c: update krb5_auth_con function names 272490926Snectar 272578527Sassar2001-05-17 Assar Westerlund <assar@sics.se> 272678527Sassar 272778527Sassar * Makefile.am: bump version to 3:1:2 272878527Sassar 272978527Sassar2001-05-14 Assar Westerlund <assar@sics.se> 273078527Sassar 273178527Sassar * address_to_krb5addr.c: adapt to new address functions 273278527Sassar 273378527Sassar2001-05-11 Assar Westerlund <assar@sics.se> 273478527Sassar 273578527Sassar * try to return the error string from libkrb5 where applicable 273678527Sassar 273778527Sassar2001-05-08 Assar Westerlund <assar@sics.se> 273878527Sassar 273978527Sassar * delete_sec_context.c (gss_delete_sec_context): remember to free 274078527Sassar the memory used by the ticket itself. from <tmartin@mirapoint.com> 274178527Sassar 274278527Sassar2001-05-04 Assar Westerlund <assar@sics.se> 274378527Sassar 274478527Sassar * gssapi_locl.h: add config.h for completeness 274578527Sassar * gssapi.h: remove config.h, this is an installed header file 274678527Sassar sys/types.h is not needed either 274778527Sassar 274878527Sassar2001-03-12 Assar Westerlund <assar@sics.se> 274978527Sassar 275078527Sassar * acquire_cred.c (gss_acquire_cred): remove memory leaks. from 275178527Sassar Jason R Thorpe <thorpej@zembu.com> 275278527Sassar 275378527Sassar2001-02-18 Assar Westerlund <assar@sics.se> 275478527Sassar 275578527Sassar * accept_sec_context.c (gss_accept_sec_context): either return 275678527Sassar gss_name NULL-ed or set 275778527Sassar 275878527Sassar * import_name.c: set minor_status in some cases where it was not 275978527Sassar done 276078527Sassar 276178527Sassar2001-02-15 Assar Westerlund <assar@sics.se> 276278527Sassar 276378527Sassar * wrap.c: use krb5_generate_random_block for the confounders 276478527Sassar 276572445Sassar2001-01-30 Assar Westerlund <assar@sics.se> 276672445Sassar 276772445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 276872445Sassar * acquire_cred.c, init_sec_context.c, release_cred.c: add support 276972445Sassar for getting creds from a keytab, from fvdl@netbsd.org 277072445Sassar 277172445Sassar * copy_ccache.c: add gss_krb5_copy_ccache 277272445Sassar 277372445Sassar2001-01-27 Assar Westerlund <assar@sics.se> 277472445Sassar 277572445Sassar * get_mic.c: cast parameters to des function to non-const pointers 277672445Sassar to handle the case where these functions actually take non-const 277772445Sassar des_cblock * 277872445Sassar 277972445Sassar2001-01-09 Assar Westerlund <assar@sics.se> 278072445Sassar 278172445Sassar * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 278272445Sassar instead of krb5_rd_cred 278372445Sassar 278472445Sassar2000-12-11 Assar Westerlund <assar@sics.se> 278572445Sassar 278672445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 278772445Sassar 278872445Sassar2000-12-08 Assar Westerlund <assar@sics.se> 278972445Sassar 279072445Sassar * wrap.c (wrap_des3): use the checksum as ivec when encrypting the 279172445Sassar sequence number 279272445Sassar * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting 279372445Sassar the sequence number 279472445Sassar * init_sec_context.c (init_auth): always zero fwd_data 279572445Sassar 279672445Sassar2000-12-06 Johan Danielsson <joda@pdc.kth.se> 279772445Sassar 279872445Sassar * accept_sec_context.c: de-pointerise auth_context parameter to 279972445Sassar krb5_mk_rep 280072445Sassar 280172445Sassar2000-11-15 Assar Westerlund <assar@sics.se> 280272445Sassar 280372445Sassar * init_sec_context.c (init_auth): update to new 280472445Sassar krb5_build_authenticator 280572445Sassar 280672445Sassar2000-09-19 Assar Westerlund <assar@sics.se> 280772445Sassar 280872445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 280972445Sassar 281072445Sassar2000-08-27 Assar Westerlund <assar@sics.se> 281172445Sassar 281272445Sassar * init_sec_context.c: actually pay attention to `time_req' 281372445Sassar * init_sec_context.c: re-organize. leak less memory. 281472445Sassar * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): 281572445Sassar update prototypes add assert.h 281672445Sassar * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): 281772445Sassar add 281872445Sassar * verify_mic.c: re-organize and add 3DES code 281972445Sassar * wrap.c: re-organize and add 3DES code 282072445Sassar * unwrap.c: re-organize and add 3DES code 282172445Sassar * get_mic.c: re-organize and add 3DES code 282272445Sassar * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', 282372445Sassar let the caller do that. fix the callers. 282472445Sassar 282572445Sassar2000-08-16 Assar Westerlund <assar@sics.se> 282672445Sassar 282772445Sassar * Makefile.am: bump version to 2:1:1 282872445Sassar 282972445Sassar2000-07-29 Assar Westerlund <assar@sics.se> 283072445Sassar 283172445Sassar * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 283272445Sassar 283372445Sassar2000-07-25 Johan Danielsson <joda@pdc.kth.se> 283472445Sassar 283572445Sassar * Makefile.am: bump version to 2:0:1 283672445Sassar 283772445Sassar2000-07-22 Assar Westerlund <assar@sics.se> 283872445Sassar 283972445Sassar * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other 284072445Sassar details from rfc2744 284172445Sassar 284272445Sassar2000-06-29 Assar Westerlund <assar@sics.se> 284372445Sassar 284472445Sassar * address_to_krb5addr.c (gss_address_to_krb5addr): actually use 284572445Sassar `int' instead of `sa_family_t' for the address family. 284672445Sassar 284772445Sassar2000-06-21 Assar Westerlund <assar@sics.se> 284872445Sassar 284972445Sassar * add support for token delegation. From Daniel Kouril 285072445Sassar <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 285172445Sassar 285272445Sassar2000-05-15 Assar Westerlund <assar@sics.se> 285372445Sassar 285472445Sassar * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 285572445Sassar 285672445Sassar2000-04-12 Assar Westerlund <assar@sics.se> 285772445Sassar 285872445Sassar * release_oid_set.c (gss_release_oid_set): clear set for 285972445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 286072445Sassar * release_name.c (gss_release_name): reset input_name for 286172445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 286272445Sassar * release_buffer.c (gss_release_buffer): set value to NULL to be 286372445Sassar more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> 286472445Sassar * add_oid_set_member.c (gss_add_oid_set_member): actually check if 286572445Sassar the oid is a member first. leave the oid_set unchanged if realloc 286672445Sassar fails. 286772445Sassar 286857419Smarkm2000-02-13 Assar Westerlund <assar@sics.se> 286957419Smarkm 287057419Smarkm * Makefile.am: set version to 1:0:1 287157419Smarkm 287257419Smarkm2000-02-12 Assar Westerlund <assar@sics.se> 287357419Smarkm 287457419Smarkm * gssapi_locl.h: add flags for import/export 287557419Smarkm * import_sec_context.c (import_sec_context: add flags for what 287657419Smarkm fields are included. do not include the authenticator for now. 287757419Smarkm * export_sec_context.c (export_sec_context: add flags for what 287857419Smarkm fields are included. do not include the authenticator for now. 287957419Smarkm * accept_sec_context.c (gss_accept_sec_context): set target in 288057419Smarkm context_handle 288157419Smarkm 288257419Smarkm2000-02-11 Assar Westerlund <assar@sics.se> 288357419Smarkm 288457419Smarkm * delete_sec_context.c (gss_delete_sec_context): set context to 288557419Smarkm GSS_C_NO_CONTEXT 288657419Smarkm 288757419Smarkm * Makefile.am: add {export,import}_sec_context.c 288857419Smarkm * export_sec_context.c: new file 288957419Smarkm * import_sec_context.c: new file 289057419Smarkm * accept_sec_context.c (gss_accept_sec_context): set trans flag 289157419Smarkm 289257416Smarkm2000-02-07 Assar Westerlund <assar@sics.se> 289357416Smarkm 289457416Smarkm * Makefile.am: set version to 0:5:0 289557416Smarkm 289657416Smarkm2000-01-26 Assar Westerlund <assar@sics.se> 289757416Smarkm 289857416Smarkm * delete_sec_context.c (gss_delete_sec_context): handle a NULL 289957416Smarkm output_token 290057416Smarkm 290157416Smarkm * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some 290257416Smarkm changes to libdes calls to make them more portable. 290357416Smarkm * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. 290457416Smarkm some changes to libdes calls to make them more portable. 290557416Smarkm * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some 290657416Smarkm changes to libdes calls to make them more portable. 290757416Smarkm * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some 290857416Smarkm changes to libdes calls to make them more portable. 290957416Smarkm * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 291057416Smarkm 291155682Smarkm2000-01-06 Assar Westerlund <assar@sics.se> 291255682Smarkm 291355682Smarkm * Makefile.am: set version to 0:4:0 291455682Smarkm 291555682Smarkm1999-12-26 Assar Westerlund <assar@sics.se> 291655682Smarkm 291755682Smarkm * accept_sec_context.c (gss_accept_sec_context): always set 291855682Smarkm `output_token' 291955682Smarkm * init_sec_context.c (init_auth): always initialize `output_token' 292055682Smarkm * delete_sec_context.c (gss_delete_sec_context): always set 292155682Smarkm `output_token' 292255682Smarkm 292355682Smarkm1999-12-06 Assar Westerlund <assar@sics.se> 292455682Smarkm 292555682Smarkm * Makefile.am: bump version to 0:3:0 292655682Smarkm 292755682Smarkm1999-10-20 Assar Westerlund <assar@sics.se> 292855682Smarkm 292955682Smarkm * Makefile.am: set version to 0:2:0 293055682Smarkm 293155682Smarkm1999-09-21 Assar Westerlund <assar@sics.se> 293255682Smarkm 293355682Smarkm * init_sec_context.c (gss_init_sec_context): initialize `ticket' 293455682Smarkm 293555682Smarkm * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. 293655682Smarkm 293755682Smarkm * delete_sec_context.c (gss_delete_sec_context): free ticket 293855682Smarkm 293955682Smarkm * accept_sec_context.c (gss_accept_sec_context): stove away 294055682Smarkm `krb5_ticket' in context so that ugly programs such as 294155682Smarkm gss_nt_server can get at it. uck. 294255682Smarkm 294355682Smarkm1999-09-20 Johan Danielsson <joda@pdc.kth.se> 294455682Smarkm 294555682Smarkm * accept_sec_context.c: set minor_status 294655682Smarkm 294755682Smarkm1999-08-04 Assar Westerlund <assar@sics.se> 294855682Smarkm 294955682Smarkm * display_status.c (calling_error, routine_error): right shift the 295055682Smarkm code to make it possible to index into the arrays 295155682Smarkm 295255682Smarkm1999-07-28 Assar Westerlund <assar@sics.se> 295355682Smarkm 295455682Smarkm * gssapi.h (GSS_C_AF_INET6): add 295555682Smarkm 295655682Smarkm * import_name.c (import_hostbased_name): set minor_status 295755682Smarkm 295855682Smarkm1999-07-26 Assar Westerlund <assar@sics.se> 295955682Smarkm 296055682Smarkm * Makefile.am: set version to 0:1:0 296155682Smarkm 296255682SmarkmWed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 296355682Smarkm 296455682Smarkm * display_status.c: set minor_status 296555682Smarkm 296655682Smarkm * init_sec_context.c: set minor_status 296755682Smarkm 296855682Smarkm * lib/gssapi/init.c: remove donep (check gssapi_krb5_context 296955682Smarkm directly) 297055682Smarkm 2971