ChangeLog revision 127808
179543Sru2003-12-19 Love H�rnquist �strand <lha@it.su.se> 2104862Sru 318099Spst * accept_sec_context.c: 1.40->1.41: Don't require timestamp to be 418099Spst set on delegated token, its already protected by the outer token 518099Spst (and windows doesn't alway send it) Pointed out by Zi-Bin Yang 618099Spst <zbyang@decru.com> on heimdal-discuss 718099Spst 818099Spst2003-10-21 Love H�rnquist �strand <lha@it.su.se> 918099Spst 1018099Spst * add_cred.c: 1.3->1.4: If its a MEMORY cc, make a copy. We need 1118099Spst to do this since now gss_release_cred will destroy the cred. This 1218099Spst should be really be solved a better way. 1318099Spst 1418099Spst2003-10-07 Love H�rnquist �strand <lha@it.su.se> 1518099Spst 1618099Spst * release_cred.c: 1.9->1.10: 1718099Spst (gss_release_cred): if its a mcc, destroy it rather the just release it 1818099Spst Found by: "Zi-Bin Yang" <zbyang@decru.com> 19104862Sru 2018099Spst2003-09-19 Love H�rnquist �strand <lha@it.su.se> 2118099Spst 2218099Spst * arcfour.c: 1.13->1.14: remove depenency on gss_arcfour_mic_token 2318099Spst and gss_arcfour_warp_token 2418099Spst 25104862Sru * arcfour.h: 1.3->1.4: remove depenency on gss_arcfour_mic_token 2618099Spst and gss_arcfour_warp_token 2718099Spst 2818099Spst * arcfour.c: make build 2918099Spst 3018099Spst * get_mic.c, verify_mic.c, unwrap.c, wrap.c: 3118099Spst glue in arcfour support 32104862Sru 33104862Sru * gssapi_locl.h: 1.32->1.33: add _gssapi_verify_pad 3418099Spst 35104862Sru2003-09-18 Love H�rnquist �strand <lha@it.su.se> 36104862Sru 3718099Spst * encapsulate.c: add _gssapi_make_mech_header 3818099Spst 39104862Sru * gssapi_locl.h: add "arcfour.h" and prototype for 40104862Sru _gssapi_make_mech_header 4118099Spst 4218099Spst * gssapi_locl.h: add gssapi_{en,de}code_{be_,}om_uint32 4318099Spst 44104862Sru * 8003.c: 1.12->1.13: export and rename 4518099Spst encode_om_uint32/decode_om_uint32 and start to use them 4618099Spst 4718099Spst2003-08-16 Love H�rnquist �strand <lha@it.su.se> 4818099Spst 49104862Sru * verify_mic.c: 1.21->1.22: make sure minor_status is always set, 5018099Spst pointed out by Luke Howard <lukeh@PADL.COM> 5118099Spst 5218099Spst2003-08-15 Love H�rnquist �strand <lha@it.su.se> 5318099Spst 5418099Spst * context_time.c: 1.7->1.10: return time in seconds from now 5518099Spst 5618099Spst * gssapi_locl.h: add gssapi_lifetime_left 57104862Sru 5818099Spst * init_sec_context.c: part of 1.37->1.38: (init_auth): if the cred 59104862Sru is expired before we tries to create a token, fail so the peer 6018099Spst doesn't need reject us 61104862Sru (*): make sure time is returned in seconds from now, not in 62104862Sru kerberos time 6318099Spst 64104862Sru * acquire_cred.c: 1.14->1.15: (gss_aquire_cred): make sure time is 65104862Sru returned in seconds from now, not in kerberos time 66104862Sru 67104862Sru * accept_sec_context.c: 1.34->1.35: (gss_accept_sec_context): make 68104862Sru sure time is returned in seconds from now, not in kerberos time 6918099Spst 70104862Sru2003-05-07 Love H�rnquist �strand <lha@it.su.se> 71104862Sru 72104862Sru * gssapi.h: 1.27->1.28: 73104862Sru if __cplusplus, wrap the extern variable (just to be safe) and 74104862Sru functions in extern "C" { } 7518099Spst 76104862Sru2003-04-30 Love H�rnquist �strand <lha@it.su.se> 77104862Sru 78104862Sru * gssapi.3: more about the des3 mic mess 79104862Sru 80104862Sru * verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the 81104862Sru mic is the correct mic or the mic that old heimdal would have 82104862Sru generated 83104862Sru 84104862Sru2003-04-29 Jacques Vidrine <nectar@kth.se> 85104862Sru 86104862Sru * verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification 87104862Sru fails, retry using the `old' MIC computation (with zero IV). 88104862Sru 89104862Sru2003-04-28 Love H�rnquist �strand <lha@it.su.se> 90104862Sru 91104862Sru * compat.c (_gss_DES3_get_mic_compat): default to use compat 92104862Sru 93104862Sru * gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and 94104862Sru [gssapi]broken_des3_mic 95104862Sru 96104862Sru * compat.c: 1.2->1.4: 9718099Spst (gss_krb5_compat_des3_mci): return a value 9818099Spst (gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat 9918099Spst (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too 10018099Spst 101104862Sru * gssapi.h: 1.26->1.27: 10218099Spst (gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat 103104862Sru (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if 104104862Sru gss_krb5_compat_des3_mic exists 105104862Sru 106104862Sru2003-04-23 Love H�rnquist �strand <lha@it.su.se> 107104862Sru 108104862Sru * Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use 109104862Sru libgssapi.la not ./libgssapi.la (makes make -jN work) 110104862Sru 111104862Sru2003-04-16 Love H�rnquist �strand <lha@it.su.se> 11218099Spst 113104862Sru * gssapi.3: spelling 114104862Sru 115104862Sru * gss_acquire_cred.3: Change .Fd #include <header.h> to .In 116104862Sru header.h, from Thomas Klausner <wiz@netbsd.org> 117104862Sru 118104862Sru 119104862Sru2003-04-06 Love H�rnquist �strand <lha@it.su.se> 120104862Sru 121104862Sru * gss_acquire_cred.3: spelling 122104862Sru 123104862Sru * Makefile.am: remove stuff that sneaked in with last commit 124104862Sru 125104862Sru * acquire_cred.c (acquire_initiator_cred): if the requested name 126104862Sru isn't in the ccache, also check keytab. Extact the krbtgt for the 127104862Sru default realm to check how long the credentials will last. 128104862Sru 129104862Sru * add_cred.c (gss_add_cred): don't create a new ccache, just open 130104862Sru the old one; better check if output handle is compatible with new 131104862Sru (copied) handle 132104862Sru 133104862Sru * test_acquire_cred.c: test gss_add_cred too 134104862Sru 135104862Sru2003-04-03 Love H�rnquist �strand <lha@it.su.se> 136104862Sru 137104862Sru * Makefile.am: build test_acquire_cred 138104862Sru 139104862Sru * test_acquire_cred.c: simple gss_acquire_cred test 140104862Sru 141104862Sru2003-04-02 Love H�rnquist �strand <lha@it.su.se> 142104862Sru 143104862Sru * gss_acquire_cred.3: s/gssapi/GSS-API/ 144104862Sru 145104862Sru2003-03-19 Love H�rnquist �strand <lha@it.su.se> 146104862Sru 147104862Sru * gss_acquire_cred.3: document v1 interface (and that they are 148104862Sru obsolete) 149104862Sru 150104862Sru2003-03-18 Love H�rnquist �strand <lha@it.su.se> 15118099Spst 152104862Sru * gss_acquire_cred.3: list supported mechanism and nametypes 153104862Sru 154104862Sru2003-03-16 Love H�rnquist �strand <lha@it.su.se> 155104862Sru 156104862Sru * gss_acquire_cred.3: text about gss_display_name 157104862Sru 158104862Sru * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 159104862Sru (libgssapi_la_SOURCES): add all new functions 160104862Sru 161104862Sru * gssapi.3: now that we have a functions, uncomment the missing 162104862Sru ones 163104862Sru 164104862Sru * gss_acquire_cred.3: now that we have a functions, uncomment the 165104862Sru missing ones 166104862Sru 167104862Sru * process_context_token.c: implement gss_process_context_token 168104862Sru 169104862Sru * inquire_names_for_mech.c: implement gss_inquire_names_for_mech 170104862Sru 17118099Spst * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name 172104862Sru 173104862Sru * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech 174104862Sru 175104862Sru * add_cred.c: implement gss_add_cred 176104862Sru 177104862Sru * acquire_cred.c (gss_acquire_cred): more testing of input 178104862Sru argument, make sure output arguments are ok, since we don't know 17918099Spst the time_rec (for now), set it to time_req 180104862Sru 181104862Sru * export_sec_context.c: send lifetime, also set minor_status 182104862Sru 183104862Sru * get_mic.c: set minor_status 184104862Sru 185104862Sru * import_sec_context.c (gss_import_sec_context): add error 18675584Sru checking, pick up lifetime (if there is no lifetime, use 18775584Sru GSS_C_INDEFINITE) 18875584Sru 18975584Sru * init_sec_context.c: take care to set export value to something 190104862Sru sane before we start so caller will have harmless values in them 19175584Sru if then function fails 192104862Sru 19375584Sru * release_buffer.c (gss_release_buffer): set minor_status 19475584Sru 195104862Sru * wrap.c: make sure minor_status get set 196104862Sru 197104862Sru * verify_mic.c (gss_verify_mic_internal): rename verify_mic to 198104862Sru gss_verify_mic_internal and let it take the type as an argument, 19918099Spst (gss_verify_mic): call gss_verify_mic_internal 200104862Sru set minor_status 201104862Sru 202104862Sru * unwrap.c: set minor_status 203104862Sru 204104862Sru * test_oid_set_member.c (gss_test_oid_set_member): use 20518099Spst gss_oid_equal 206104862Sru 207104862Sru * release_oid_set.c (gss_release_oid_set): set minor_status 208104862Sru 209104862Sru * release_name.c (gss_release_name): set minor_status 210104862Sru 211104862Sru * release_cred.c (gss_release_cred): set minor_status 21218099Spst 21318099Spst * add_oid_set_member.c (gss_add_oid_set_member): set minor_status 21418099Spst 21518099Spst * compare_name.c (gss_compare_name): set minor_status 21618099Spst 217104862Sru * compat.c (check_compat): make sure ret have a defined value 21818099Spst 21918099Spst * context_time.c (gss_context_time): set minor_status 220104862Sru 22118099Spst * copy_ccache.c (gss_krb5_copy_ccache): set minor_status 222104862Sru 22318099Spst * create_emtpy_oid_set.c (gss_create_empty_oid_set): set 22418099Spst minor_status 225104862Sru 22618099Spst * delete_sec_context.c (gss_delete_sec_context): set minor_status 227104862Sru 22818099Spst * display_name.c (gss_display_name): set minor_status 229104862Sru 230104862Sru * display_status.c (gss_display_status): use gss_oid_equal, handle 231104862Sru supplementary errors 232104862Sru 233104862Sru * duplicate_name.c (gss_duplicate_name): set minor_status 234104862Sru 235104862Sru * inquire_context.c (gss_inquire_context): set lifetime_rec now 236104862Sru when we know it, set minor_status 237104862Sru 238104862Sru * inquire_cred.c (gss_inquire_cred): take care to set export value 239104862Sru to something sane before we start so caller will have harmless 240104862Sru values in them if the function fails 241104862Sru 242104862Sru * accept_sec_context.c (gss_accept_sec_context): take care to set 243104862Sru export value to something sane before we start so caller will have 244104862Sru harmless values in them if then function fails, set lifetime from 245104862Sru ticket expiration date 246104862Sru 247104862Sru * indicate_mechs.c (gss_indicate_mechs): use 24818099Spst gss_create_empty_oid_set and gss_add_oid_set_member 24918099Spst 25018099Spst * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, 25118099Spst since there is no ticket transfered in the exported context 25218099Spst 253104862Sru * export_name.c (gss_export_name): export name with 25418099Spst GSS_C_NT_EXPORT_NAME wrapping, not just the principal 255104862Sru 256104862Sru * import_name.c (import_export_name): new function, parses a 257104862Sru GSS_C_NT_EXPORT_NAME 258104862Sru (import_krb5_name): factor out common code of parsing krb5 name 259104862Sru (gss_oid_equal): rename from oid_equal 260104862Sru 261104862Sru * gssapi_locl.h: add prototypes for gss_oid_equal and 26218099Spst gss_verify_mic_internal 263104862Sru 264104862Sru * gssapi.h: comment out the argument names 265104862Sru 266104862Sru2003-03-15 Love H�rnquist �strand <lha@it.su.se> 267104862Sru 268104862Sru * gssapi.3: add LIST OF FUNCTIONS and copyright/license 26918099Spst 27069626Sru * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ 27169626Sru 27269626Sru * Makefile.am: man_MANS += gss_aquire_cred.3 273104862Sru 27469626Sru2003-03-14 Love H�rnquist �strand <lha@it.su.se> 275104862Sru 276104862Sru * gss_aquire_cred.3: the gssapi api manpage 277104862Sru 278104862Sru2003-03-03 Love H�rnquist �strand <lha@it.su.se> 279104862Sru 280104862Sru * inquire_context.c: (gss_inquire_context): rename argument open 281104862Sru to open_context 282104862Sru 283104862Sru * gssapi.h (gss_inquire_context): rename argument open to open_context 284104862Sru 28575584Sru2003-02-27 Love H�rnquist �strand <lha@it.su.se> 286104862Sru 287104862Sru * init_sec_context.c (do_delegation): remove unused variable 288104862Sru subkey 28918099Spst 29018099Spst * gssapi.3: all 0.5.x version had broken token delegation 29118099Spst 29218099Spst2003-02-21 Love H�rnquist �strand <lha@it.su.se> 293104862Sru 29469626Sru * (init_auth): only generate one subkey 29569626Sru 29669626Sru2003-01-27 Love H�rnquist �strand <lha@it.su.se> 29769626Sru 29869626Sru * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform 29969626Sru to rfc (and mit kerberos), provide backward compat hook 30069626Sru 301104862Sru * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and 302104862Sru mit kerberos), provide backward compat hook 30318099Spst 304104862Sru * init_sec_context.c (init_auth): check if we need compat for 305104862Sru older get_mic/verify_mic 306104862Sru 30718099Spst * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat 30818099Spst 30918099Spst * gssapi.h (more_flags): add COMPAT_OLD_DES3 310104862Sru 31118099Spst * Makefile.am: add gssapi.3 and compat.c 31218099Spst 31318099Spst * gssapi.3: add gssapi COMPATIBILITY documentation 31418099Spst 315104862Sru * accept_sec_context.c (gss_accept_sec_context): check if we need 31618099Spst compat for older get_mic/verify_mic 31718099Spst 31818099Spst * compat.c: check for compatiblity with other heimdal's 3des 31969626Sru get_mic/verify_mic 32069626Sru 32118099Spst2002-10-31 Johan Danielsson <joda@pdc.kth.se> 32218099Spst 323104862Sru * check return value from gssapi_krb5_init 32418099Spst 32518099Spst * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input 32618099Spst 327104862Sru2002-09-03 Johan Danielsson <joda@pdc.kth.se> 32818099Spst 329104862Sru * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE 33018099Spst 331104862Sru * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 332104862Sru 333104862Sru2002-09-02 Johan Danielsson <joda@pdc.kth.se> 334104862Sru 335104862Sru * init_sec_context.c: we need to generate a local subkey here 336104862Sru 337104862Sru2002-08-20 Jacques Vidrine <n@nectar.com> 338104862Sru 339104862Sru * acquire_cred.c, inquire_cred.c, release_cred.c: Use default 340104862Sru credential resolution if gss_acquire_cred is called with 341104862Sru GSS_C_NO_NAME. 342104862Sru 343104862Sru2002-06-20 Jacques Vidrine <n@nectar.com> 344104862Sru 345104862Sru * import_name.c: Compare name types by value if pointers do 346104862Sru not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> 347104862Sru 348104862Sru2002-05-20 Jacques Vidrine <n@nectar.com> 34918099Spst 35018099Spst * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize 35118099Spst the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> 35218099Spst 35318099Spst2002-05-09 Jacques Vidrine <n@nectar.com> 35418099Spst 355104862Sru * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 35618099Spst 35718099Spst2002-05-08 Jacques Vidrine <n@nectar.com> 35818099Spst 35918099Spst * acquire_cred.c: initialize gssapi; handle null desired_name 36018099Spst 361104862Sru2002-03-22 Johan Danielsson <joda@pdc.kth.se> 36218099Spst 36318099Spst * Makefile.am: remove non-functional stuff accidentally committed 36418099Spst 36518099Spst2002-03-11 Assar Westerlund <assar@sics.se> 366104862Sru 36718099Spst * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 36818099Spst * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel 369104862Sru bindings 37018099Spst 37118099Spst2001-10-31 Jacques Vidrine <n@nectar.com> 37218099Spst 37318099Spst * get_mic.c (mic_des3): MIC computation using DES3/SHA1 37418099Spst was bogusly appending the message buffer to the result, 37518099Spst overwriting a heap buffer in the process. 376104862Sru 37718099Spst2001-08-29 Assar Westerlund <assar@sics.se> 378104862Sru 37918099Spst * 8003.c (gssapi_krb5_verify_8003_checksum, 380104862Sru gssapi_krb5_create_8003_checksum): make more consistent by always 38118099Spst returning an gssapi error and setting minor status. update 38218099Spst callers 38318099Spst 38418099Spst2001-08-28 Jacques Vidrine <n@nectar.com> 385104862Sru 38618099Spst * accept_sec_context.c: Create a cache for delegated credentials 38718099Spst when needed. 38818099Spst 389104862Sru2001-08-28 Assar Westerlund <assar@sics.se> 39018099Spst 391104862Sru * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 39218099Spst 393104862Sru2001-08-23 Assar Westerlund <assar@sics.se> 394104862Sru 395104862Sru * *.c: handle minor_status more consistently 396104862Sru 39718099Spst * display_status.c (gss_display_status): handle krb5_get_err_text 39869626Sru failing 39969626Sru 40069626Sru2001-08-15 Johan Danielsson <joda@pdc.kth.se> 40169626Sru 402104862Sru * gssapi_locl.h: fix prototype for gssapi_krb5_init 40318099Spst 40418099Spst2001-08-13 Johan Danielsson <joda@pdc.kth.se> 40518099Spst 40618099Spst * accept_sec_context.c (gsskrb5_register_acceptor_identity): init 40718099Spst context and check return value from kt_resolve 40818099Spst 40918099Spst * init.c: return error code 41018099Spst 41118099Spst2001-07-19 Assar Westerlund <assar@sics.se> 41218099Spst 413104862Sru * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 41418099Spst 415104862Sru2001-07-12 Assar Westerlund <assar@sics.se> 416104862Sru 41718099Spst * Makefile.am (libgssapi_la_LIBADD): add required library 418104862Sru dependencies 419104862Sru 420104862Sru2001-07-06 Assar Westerlund <assar@sics.se> 42118099Spst 42218099Spst * accept_sec_context.c (gsskrb5_register_acceptor_identity): set 423104862Sru the keytab to be used for gss_acquire_cred too' 424104862Sru 425104862Sru2001-07-03 Assar Westerlund <assar@sics.se> 426104862Sru 427104862Sru * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 428104862Sru 429104862Sru2001-06-18 Assar Westerlund <assar@sics.se> 430104862Sru 431104862Sru * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 432104862Sru and gss_krb5_get_remotekey 433104862Sru * verify_mic.c: update krb5_auth_con function names use 434104862Sru gss_krb5_get_remotekey 435104862Sru * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 436104862Sru and gss_krb5_get_remotekey 437104862Sru * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): 438104862Sru add prototypes 439104862Sru * get_mic.c: update krb5_auth_con function names. use 440104862Sru gss_krb5_get_localkey 44118099Spst * accept_sec_context.c: update krb5_auth_con function names 44218099Spst 44318099Spst2001-05-17 Assar Westerlund <assar@sics.se> 444104862Sru 445104862Sru * Makefile.am: bump version to 3:1:2 44618099Spst 44718099Spst2001-05-14 Assar Westerlund <assar@sics.se> 44818099Spst 44918099Spst * address_to_krb5addr.c: adapt to new address functions 450104862Sru 45118099Spst2001-05-11 Assar Westerlund <assar@sics.se> 45218099Spst 45318099Spst * try to return the error string from libkrb5 where applicable 45418099Spst 455104862Sru2001-05-08 Assar Westerlund <assar@sics.se> 45618099Spst 45718099Spst * delete_sec_context.c (gss_delete_sec_context): remember to free 458104862Sru the memory used by the ticket itself. from <tmartin@mirapoint.com> 459104862Sru 46018099Spst2001-05-04 Assar Westerlund <assar@sics.se> 46118099Spst 46218099Spst * gssapi_locl.h: add config.h for completeness 463104862Sru * gssapi.h: remove config.h, this is an installed header file 46418099Spst sys/types.h is not needed either 46518099Spst 46618099Spst2001-03-12 Assar Westerlund <assar@sics.se> 46718099Spst 468104862Sru * acquire_cred.c (gss_acquire_cred): remove memory leaks. from 46918099Spst Jason R Thorpe <thorpej@zembu.com> 47018099Spst 47118099Spst2001-02-18 Assar Westerlund <assar@sics.se> 47218099Spst 473104862Sru * accept_sec_context.c (gss_accept_sec_context): either return 47418099Spst gss_name NULL-ed or set 475104862Sru 47618099Spst * import_name.c: set minor_status in some cases where it was not 477104862Sru done 47818099Spst 479104862Sru2001-02-15 Assar Westerlund <assar@sics.se> 48018099Spst 48118099Spst * wrap.c: use krb5_generate_random_block for the confounders 48218099Spst 48318099Spst2001-01-30 Assar Westerlund <assar@sics.se> 48418099Spst 48518099Spst * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 48618099Spst * acquire_cred.c, init_sec_context.c, release_cred.c: add support 48718099Spst for getting creds from a keytab, from fvdl@netbsd.org 488104862Sru 489104862Sru * copy_ccache.c: add gss_krb5_copy_ccache 490104862Sru 491104862Sru2001-01-27 Assar Westerlund <assar@sics.se> 492104862Sru 49318099Spst * get_mic.c: cast parameters to des function to non-const pointers 49469626Sru to handle the case where these functions actually take non-const 49569626Sru des_cblock * 49669626Sru 49769626Sru2001-01-09 Assar Westerlund <assar@sics.se> 498104862Sru 49969626Sru * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 50069626Sru instead of krb5_rd_cred 501104862Sru 502104862Sru2000-12-11 Assar Westerlund <assar@sics.se> 503104862Sru 504104862Sru * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 50518099Spst 50669626Sru2000-12-08 Assar Westerlund <assar@sics.se> 50769626Sru 508104862Sru * wrap.c (wrap_des3): use the checksum as ivec when encrypting the 50969626Sru sequence number 51018099Spst * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting 51118099Spst the sequence number 512104862Sru * init_sec_context.c (init_auth): always zero fwd_data 513104862Sru 514104862Sru2000-12-06 Johan Danielsson <joda@pdc.kth.se> 51518099Spst 516104862Sru * accept_sec_context.c: de-pointerise auth_context parameter to 517104862Sru krb5_mk_rep 518104862Sru 519104862Sru2000-11-15 Assar Westerlund <assar@sics.se> 52018099Spst 52118099Spst * init_sec_context.c (init_auth): update to new 522104862Sru krb5_build_authenticator 52318099Spst 524104862Sru2000-09-19 Assar Westerlund <assar@sics.se> 52518099Spst 526104862Sru * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 52718099Spst 52818099Spst2000-08-27 Assar Westerlund <assar@sics.se> 52918099Spst 53018099Spst * init_sec_context.c: actually pay attention to `time_req' 531104862Sru * init_sec_context.c: re-organize. leak less memory. 53218099Spst * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): 53318099Spst update prototypes add assert.h 53418099Spst * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): 535104862Sru add 53618099Spst * verify_mic.c: re-organize and add 3DES code 53718099Spst * wrap.c: re-organize and add 3DES code 53818099Spst * unwrap.c: re-organize and add 3DES code 53918099Spst * get_mic.c: re-organize and add 3DES code 54018099Spst * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', 541104862Sru let the caller do that. fix the callers. 54218099Spst 54318099Spst2000-08-16 Assar Westerlund <assar@sics.se> 54418099Spst 54518099Spst * Makefile.am: bump version to 2:1:1 54618099Spst 54718099Spst2000-07-29 Assar Westerlund <assar@sics.se> 54818099Spst 549104862Sru * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 55018099Spst 551104862Sru2000-07-25 Johan Danielsson <joda@pdc.kth.se> 55218099Spst 55318099Spst * Makefile.am: bump version to 2:0:1 55418099Spst 555104862Sru2000-07-22 Assar Westerlund <assar@sics.se> 55618099Spst 557104862Sru * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other 55818099Spst details from rfc2744 55918099Spst 56018099Spst2000-06-29 Assar Westerlund <assar@sics.se> 561104862Sru 56218099Spst * address_to_krb5addr.c (gss_address_to_krb5addr): actually use 563104862Sru `int' instead of `sa_family_t' for the address family. 56418099Spst 56518099Spst2000-06-21 Assar Westerlund <assar@sics.se> 566104862Sru 56718099Spst * add support for token delegation. From Daniel Kouril 568104862Sru <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 56918099Spst 57018099Spst2000-05-15 Assar Westerlund <assar@sics.se> 571104862Sru 57218099Spst * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 57318099Spst 57418099Spst2000-04-12 Assar Westerlund <assar@sics.se> 575104862Sru 57618099Spst * release_oid_set.c (gss_release_oid_set): clear set for 57718099Spst robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 57818099Spst * release_name.c (gss_release_name): reset input_name for 57918099Spst robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 58018099Spst * release_buffer.c (gss_release_buffer): set value to NULL to be 581104862Sru more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> 58218099Spst * add_oid_set_member.c (gss_add_oid_set_member): actually check if 58318099Spst the oid is a member first. leave the oid_set unchanged if realloc 58418099Spst fails. 58518099Spst 586104862Sru2000-02-13 Assar Westerlund <assar@sics.se> 58718099Spst 588104862Sru * Makefile.am: set version to 1:0:1 58918099Spst 590104862Sru2000-02-12 Assar Westerlund <assar@sics.se> 591104862Sru 59218099Spst * gssapi_locl.h: add flags for import/export 59318099Spst * import_sec_context.c (import_sec_context: add flags for what 59418099Spst fields are included. do not include the authenticator for now. 59518099Spst * export_sec_context.c (export_sec_context: add flags for what 59618099Spst fields are included. do not include the authenticator for now. 59718099Spst * accept_sec_context.c (gss_accept_sec_context): set target in 59818099Spst context_handle 599104862Sru 60018099Spst2000-02-11 Assar Westerlund <assar@sics.se> 60118099Spst 602104862Sru * delete_sec_context.c (gss_delete_sec_context): set context to 603104862Sru GSS_C_NO_CONTEXT 60418099Spst 605104862Sru * Makefile.am: add {export,import}_sec_context.c 60618099Spst * export_sec_context.c: new file 60718099Spst * import_sec_context.c: new file 60818099Spst * accept_sec_context.c (gss_accept_sec_context): set trans flag 60918099Spst 610104862Sru2000-02-07 Assar Westerlund <assar@sics.se> 61118099Spst 61218099Spst * Makefile.am: set version to 0:5:0 61318099Spst 61418099Spst2000-01-26 Assar Westerlund <assar@sics.se> 61518099Spst 61618099Spst * delete_sec_context.c (gss_delete_sec_context): handle a NULL 617104862Sru output_token 618104862Sru 61918099Spst * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some 620104862Sru changes to libdes calls to make them more portable. 62118099Spst * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. 62218099Spst some changes to libdes calls to make them more portable. 62379543Sru * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some 62479543Sru changes to libdes calls to make them more portable. 62579543Sru * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some 62679543Sru changes to libdes calls to make them more portable. 627 * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 628 6292000-01-06 Assar Westerlund <assar@sics.se> 630 631 * Makefile.am: set version to 0:4:0 632 6331999-12-26 Assar Westerlund <assar@sics.se> 634 635 * accept_sec_context.c (gss_accept_sec_context): always set 636 `output_token' 637 * init_sec_context.c (init_auth): always initialize `output_token' 638 * delete_sec_context.c (gss_delete_sec_context): always set 639 `output_token' 640 6411999-12-06 Assar Westerlund <assar@sics.se> 642 643 * Makefile.am: bump version to 0:3:0 644 6451999-10-20 Assar Westerlund <assar@sics.se> 646 647 * Makefile.am: set version to 0:2:0 648 6491999-09-21 Assar Westerlund <assar@sics.se> 650 651 * init_sec_context.c (gss_init_sec_context): initialize `ticket' 652 653 * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. 654 655 * delete_sec_context.c (gss_delete_sec_context): free ticket 656 657 * accept_sec_context.c (gss_accept_sec_context): stove away 658 `krb5_ticket' in context so that ugly programs such as 659 gss_nt_server can get at it. uck. 660 6611999-09-20 Johan Danielsson <joda@pdc.kth.se> 662 663 * accept_sec_context.c: set minor_status 664 6651999-08-04 Assar Westerlund <assar@sics.se> 666 667 * display_status.c (calling_error, routine_error): right shift the 668 code to make it possible to index into the arrays 669 6701999-07-28 Assar Westerlund <assar@sics.se> 671 672 * gssapi.h (GSS_C_AF_INET6): add 673 674 * import_name.c (import_hostbased_name): set minor_status 675 6761999-07-26 Assar Westerlund <assar@sics.se> 677 678 * Makefile.am: set version to 0:1:0 679 680Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 681 682 * display_status.c: set minor_status 683 684 * init_sec_context.c: set minor_status 685 686 * lib/gssapi/init.c: remove donep (check gssapi_krb5_context 687 directly) 688 689