ChangeLog revision 120945 
12003-05-07  Love H�rnquist �strand  <lha@it.su.se>
2
3	* gssapi.h: 1.27->1.28:
4	if __cplusplus, wrap the extern variable (just to be safe) and
5	functions in extern "C" { }
6
72003-04-30  Love H�rnquist �strand  <lha@it.su.se>
8
9	* gssapi.3: more about the des3 mic mess
10	
11	* verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the
12	mic is the correct mic or the mic that old heimdal would have
13	generated
14	
152003-04-29  Jacques Vidrine  <nectar@kth.se>
16
17	* verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification
18	fails, retry using the `old' MIC computation (with zero IV).
19	
202003-04-28  Love H�rnquist �strand  <lha@it.su.se>
21
22	* compat.c (_gss_DES3_get_mic_compat): default to use compat
23	
24	* gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and
25	[gssapi]broken_des3_mic
26
27	* compat.c: 1.2->1.4:
28	(gss_krb5_compat_des3_mci): return a value
29	(gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat
30	(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
31
32	* gssapi.h: 1.26->1.27:
33	(gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat
34	(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
35	gss_krb5_compat_des3_mic exists
36	
372003-04-23  Love H�rnquist �strand  <lha@it.su.se>
38
39	* Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use
40	libgssapi.la not ./libgssapi.la (makes make -jN work)
41	
422003-04-16  Love H�rnquist �strand  <lha@it.su.se>
43
44	* gssapi.3: spelling
45	
46	* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
47	header.h, from Thomas Klausner <wiz@netbsd.org>
48
49	
502003-04-06  Love H�rnquist �strand  <lha@it.su.se>
51
52	* gss_acquire_cred.3: spelling
53	
54	* Makefile.am: remove stuff that sneaked in with last commit
55	
56	* acquire_cred.c (acquire_initiator_cred): if the requested name
57	isn't in the ccache, also check keytab.  Extact the krbtgt for the
58	default realm to check how long the credentials will last.
59	
60	* add_cred.c (gss_add_cred): don't create a new ccache, just open
61	the old one; better check if output handle is compatible with new
62	(copied) handle
63
64	* test_acquire_cred.c: test gss_add_cred too
65	
662003-04-03  Love H�rnquist �strand  <lha@it.su.se>
67
68	* Makefile.am: build test_acquire_cred
69	
70	* test_acquire_cred.c: simple gss_acquire_cred test
71	
722003-04-02  Love H�rnquist �strand  <lha@it.su.se>
73
74	* gss_acquire_cred.3: s/gssapi/GSS-API/
75	
762003-03-19  Love H�rnquist �strand  <lha@it.su.se>
77
78	* gss_acquire_cred.3: document v1 interface (and that they are
79	obsolete)
80
812003-03-18  Love H�rnquist �strand  <lha@it.su.se>
82
83	* gss_acquire_cred.3: list supported mechanism and nametypes
84	
852003-03-16  Love H�rnquist �strand  <lha@it.su.se>
86	
87	* gss_acquire_cred.3: text about gss_display_name
88
89	* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
90	(libgssapi_la_SOURCES): add all new functions
91
92	* gssapi.3: now that we have a functions, uncomment the missing
93	ones
94
95	* gss_acquire_cred.3: now that we have a functions, uncomment the
96	missing ones
97
98	* process_context_token.c: implement gss_process_context_token
99	
100	* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
101	
102	* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
103	
104	* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
105	
106	* add_cred.c: implement gss_add_cred
107	
108	* acquire_cred.c (gss_acquire_cred): more testing of input
109	argument, make sure output arguments are ok, since we don't know
110	the time_rec (for now), set it to time_req
111	
112	* export_sec_context.c: send lifetime, also set minor_status
113	
114	* get_mic.c: set minor_status
115	
116	* import_sec_context.c (gss_import_sec_context): add error
117	checking, pick up lifetime (if there is no lifetime, use
118	GSS_C_INDEFINITE)
119
120	* init_sec_context.c: take care to set export value to something
121	sane before we start so caller will have harmless values in them
122	if then function fails
123
124	* release_buffer.c (gss_release_buffer): set minor_status
125	
126	* wrap.c: make sure minor_status get set
127	
128	* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
129	gss_verify_mic_internal and let it take the type as an argument,
130	(gss_verify_mic): call gss_verify_mic_internal
131	set minor_status
132	
133	* unwrap.c: set minor_status
134	
135	* test_oid_set_member.c (gss_test_oid_set_member): use
136	gss_oid_equal
137
138	* release_oid_set.c (gss_release_oid_set): set minor_status
139	
140	* release_name.c (gss_release_name): set minor_status
141	
142	* release_cred.c (gss_release_cred): set minor_status
143	
144	* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
145	
146	* compare_name.c (gss_compare_name): set minor_status
147	
148	* compat.c (check_compat): make sure ret have a defined value
149	
150	* context_time.c (gss_context_time): set minor_status
151	
152	* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
153	
154	* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
155	minor_status
156
157	* delete_sec_context.c (gss_delete_sec_context): set minor_status
158	
159	* display_name.c (gss_display_name): set minor_status
160	
161	* display_status.c (gss_display_status): use gss_oid_equal, handle
162	supplementary errors
163
164	* duplicate_name.c (gss_duplicate_name): set minor_status
165	
166	* inquire_context.c (gss_inquire_context): set lifetime_rec now
167	when we know it, set minor_status
168
169	* inquire_cred.c (gss_inquire_cred): take care to set export value
170	to something sane before we start so caller will have harmless
171	values in them if the function fails
172	
173	* accept_sec_context.c (gss_accept_sec_context): take care to set
174	export value to something sane before we start so caller will have
175	harmless values in them if then function fails, set lifetime from
176	ticket expiration date
177
178	* indicate_mechs.c (gss_indicate_mechs): use
179	gss_create_empty_oid_set and gss_add_oid_set_member
180
181	* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
182	since there is no ticket transfered in the exported context
183	
184	* export_name.c (gss_export_name): export name with
185	GSS_C_NT_EXPORT_NAME wrapping, not just the principal
186	
187	* import_name.c (import_export_name): new function, parses a
188	GSS_C_NT_EXPORT_NAME
189	(import_krb5_name): factor out common code of parsing krb5 name
190	(gss_oid_equal): rename from oid_equal
191
192	* gssapi_locl.h: add prototypes for gss_oid_equal and
193	gss_verify_mic_internal
194
195	* gssapi.h: comment out the argument names
196	
1972003-03-15  Love H�rnquist �strand  <lha@it.su.se>
198
199	* gssapi.3: add LIST OF FUNCTIONS and copyright/license
200
201	* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
202	
203	* Makefile.am: man_MANS += gss_aquire_cred.3
204	
2052003-03-14  Love H�rnquist �strand  <lha@it.su.se>
206
207	* gss_aquire_cred.3: the gssapi api manpage
208	
2092003-03-03  Love H�rnquist �strand  <lha@it.su.se>
210
211	* inquire_context.c: (gss_inquire_context): rename argument open
212	to open_context
213
214	* gssapi.h (gss_inquire_context): rename argument open to open_context
215
2162003-02-27  Love H�rnquist �strand  <lha@it.su.se>
217
218	* init_sec_context.c (do_delegation): remove unused variable
219	subkey
220
221	* gssapi.3: all 0.5.x version had broken token delegation
222	
2232003-02-21  Love H�rnquist �strand  <lha@it.su.se>
224
225	* (init_auth): only generate one subkey
226
2272003-01-27  Love H�rnquist �strand  <lha@it.su.se>
228
229	* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
230	to rfc (and mit kerberos), provide backward compat hook
231	
232	* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
233	mit kerberos), provide backward compat hook
234	
235	* init_sec_context.c (init_auth): check if we need compat for
236	older get_mic/verify_mic
237
238	* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
239	
240	* gssapi.h (more_flags): add COMPAT_OLD_DES3
241	
242	* Makefile.am: add gssapi.3 and compat.c
243	
244	* gssapi.3: add gssapi COMPATIBILITY documentation
245	
246	* accept_sec_context.c (gss_accept_sec_context): check if we need
247	compat for older get_mic/verify_mic
248
249	* compat.c: check for compatiblity with other heimdal's 3des
250	get_mic/verify_mic
251
2522002-10-31  Johan Danielsson  <joda@pdc.kth.se>
253
254	* check return value from gssapi_krb5_init
255	
256	* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
257
2582002-09-03  Johan Danielsson  <joda@pdc.kth.se>
259
260	* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
261
262	* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
263
2642002-09-02  Johan Danielsson  <joda@pdc.kth.se>
265
266	* init_sec_context.c: we need to generate a local subkey here
267
2682002-08-20  Jacques Vidrine <n@nectar.com>
269
270	* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
271	  credential resolution if gss_acquire_cred is called with
272	  GSS_C_NO_NAME.
273
2742002-06-20  Jacques Vidrine <n@nectar.com>
275
276	* import_name.c: Compare name types by value if pointers do
277	  not match.  Reported by: "Douglas E. Engert" <deengert@anl.gov>
278
2792002-05-20  Jacques Vidrine <n@nectar.com>
280
281	* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
282	  the qop_state parameter.  from Doug Rabson <dfr@nlsystems.com>
283
2842002-05-09  Jacques Vidrine <n@nectar.com>
285
286	* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
287
2882002-05-08  Jacques Vidrine <n@nectar.com>
289
290	* acquire_cred.c: initialize gssapi; handle null desired_name
291
2922002-03-22  Johan Danielsson  <joda@pdc.kth.se>
293
294	* Makefile.am: remove non-functional stuff accidentally committed
295
2962002-03-11  Assar Westerlund  <assar@sics.se>
297
298	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
299	* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
300	bindings
301
3022001-10-31  Jacques Vidrine <n@nectar.com>
303
304	* get_mic.c (mic_des3): MIC computation using DES3/SHA1
305	was bogusly appending the message buffer to the result,
306	overwriting a heap buffer in the process.
307
3082001-08-29  Assar Westerlund  <assar@sics.se>
309
310	* 8003.c (gssapi_krb5_verify_8003_checksum,
311	gssapi_krb5_create_8003_checksum): make more consistent by always
312	returning an gssapi error and setting minor status.  update
313	callers
314
3152001-08-28  Jacques Vidrine  <n@nectar.com>
316
317	* accept_sec_context.c: Create a cache for delegated credentials
318	  when needed.
319
3202001-08-28  Assar Westerlund  <assar@sics.se>
321
322	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
323
3242001-08-23  Assar Westerlund  <assar@sics.se>
325
326	*  *.c: handle minor_status more consistently
327
328	* display_status.c (gss_display_status): handle krb5_get_err_text
329	failing
330
3312001-08-15  Johan Danielsson  <joda@pdc.kth.se>
332
333	* gssapi_locl.h: fix prototype for gssapi_krb5_init
334
3352001-08-13  Johan Danielsson  <joda@pdc.kth.se>
336
337	* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
338	context and check return value from kt_resolve
339
340	* init.c: return error code
341
3422001-07-19  Assar Westerlund  <assar@sics.se>
343
344	* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
345
3462001-07-12  Assar Westerlund  <assar@sics.se>
347
348	* Makefile.am (libgssapi_la_LIBADD): add required library
349	dependencies
350
3512001-07-06  Assar Westerlund  <assar@sics.se>
352
353	* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
354	the keytab to be used for gss_acquire_cred too'
355
3562001-07-03  Assar Westerlund  <assar@sics.se>
357
358	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
359
3602001-06-18  Assar Westerlund  <assar@sics.se>
361
362	* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
363	and gss_krb5_get_remotekey
364	* verify_mic.c: update krb5_auth_con function names use
365	gss_krb5_get_remotekey
366	* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
367	and gss_krb5_get_remotekey
368	* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
369	add prototypes
370	* get_mic.c: update krb5_auth_con function names. use
371	gss_krb5_get_localkey
372	* accept_sec_context.c: update krb5_auth_con function names
373
3742001-05-17  Assar Westerlund  <assar@sics.se>
375
376	* Makefile.am: bump version to 3:1:2
377
3782001-05-14  Assar Westerlund  <assar@sics.se>
379
380	* address_to_krb5addr.c: adapt to new address functions
381
3822001-05-11  Assar Westerlund  <assar@sics.se>
383
384	* try to return the error string from libkrb5 where applicable
385
3862001-05-08  Assar Westerlund  <assar@sics.se>
387
388	* delete_sec_context.c (gss_delete_sec_context): remember to free
389	the memory used by the ticket itself. from <tmartin@mirapoint.com>
390
3912001-05-04  Assar Westerlund  <assar@sics.se>
392
393	* gssapi_locl.h: add config.h for completeness
394	* gssapi.h: remove config.h, this is an installed header file
395	sys/types.h is not needed either
396	
3972001-03-12  Assar Westerlund  <assar@sics.se>
398
399	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
400	Jason R Thorpe <thorpej@zembu.com>
401
4022001-02-18  Assar Westerlund  <assar@sics.se>
403
404	* accept_sec_context.c (gss_accept_sec_context): either return
405	gss_name NULL-ed or set
406
407	* import_name.c: set minor_status in some cases where it was not
408	done
409
4102001-02-15  Assar Westerlund  <assar@sics.se>
411
412	* wrap.c: use krb5_generate_random_block for the confounders
413
4142001-01-30  Assar Westerlund  <assar@sics.se>
415
416	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
417	* acquire_cred.c, init_sec_context.c, release_cred.c: add support
418	for getting creds from a keytab, from fvdl@netbsd.org
419
420	* copy_ccache.c: add gss_krb5_copy_ccache
421
4222001-01-27  Assar Westerlund  <assar@sics.se>
423
424	* get_mic.c: cast parameters to des function to non-const pointers
425 	to handle the case where these functions actually take non-const
426 	des_cblock *
427
4282001-01-09  Assar Westerlund  <assar@sics.se>
429
430	* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
431	instead of krb5_rd_cred
432
4332000-12-11  Assar Westerlund  <assar@sics.se>
434
435	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
436
4372000-12-08  Assar Westerlund  <assar@sics.se>
438
439	* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
440	sequence number
441	* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
442	the sequence number
443	* init_sec_context.c (init_auth): always zero fwd_data
444
4452000-12-06  Johan Danielsson  <joda@pdc.kth.se>
446
447	* accept_sec_context.c: de-pointerise auth_context parameter to
448	krb5_mk_rep
449
4502000-11-15  Assar Westerlund  <assar@sics.se>
451
452	* init_sec_context.c (init_auth): update to new
453	krb5_build_authenticator
454
4552000-09-19  Assar Westerlund  <assar@sics.se>
456
457	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
458
4592000-08-27  Assar Westerlund  <assar@sics.se>
460
461	* init_sec_context.c: actually pay attention to `time_req'
462	* init_sec_context.c: re-organize.  leak less memory.
463	* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
464	update prototypes add assert.h
465	* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
466	add
467	* verify_mic.c: re-organize and add 3DES code
468	* wrap.c: re-organize and add 3DES code
469	* unwrap.c: re-organize and add 3DES code
470	* get_mic.c: re-organize and add 3DES code
471	* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
472	let the caller do that.  fix the callers.
473
4742000-08-16  Assar Westerlund  <assar@sics.se>
475
476	* Makefile.am: bump version to 2:1:1
477
4782000-07-29  Assar Westerlund  <assar@sics.se>
479
480	* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
481
4822000-07-25  Johan Danielsson  <joda@pdc.kth.se>
483
484	* Makefile.am: bump version to 2:0:1
485
4862000-07-22  Assar Westerlund  <assar@sics.se>
487
488	* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
489	details from rfc2744
490
4912000-06-29  Assar Westerlund  <assar@sics.se>
492
493	* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
494	`int' instead of `sa_family_t' for the address family.
495
4962000-06-21  Assar Westerlund  <assar@sics.se>
497
498	* add support for token delegation.  From Daniel Kouril
499	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
500
5012000-05-15  Assar Westerlund  <assar@sics.se>
502
503	* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
504
5052000-04-12  Assar Westerlund  <assar@sics.se>
506
507	* release_oid_set.c (gss_release_oid_set): clear set for
508	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
509	* release_name.c (gss_release_name): reset input_name for
510	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
511	* release_buffer.c (gss_release_buffer): set value to NULL to be
512	more robust.  From GOMBAS Gabor <gombasg@inf.elte.hu>
513	* add_oid_set_member.c (gss_add_oid_set_member): actually check if
514	the oid is a member first.  leave the oid_set unchanged if realloc
515	fails.
516
5172000-02-13  Assar Westerlund  <assar@sics.se>
518
519	* Makefile.am: set version to 1:0:1
520
5212000-02-12  Assar Westerlund  <assar@sics.se>
522
523	* gssapi_locl.h: add flags for import/export
524	* import_sec_context.c (import_sec_context: add flags for what
525	fields are included.  do not include the authenticator for now.
526	* export_sec_context.c (export_sec_context: add flags for what
527	fields are included.  do not include the authenticator for now.
528	* accept_sec_context.c (gss_accept_sec_context): set target in
529	context_handle
530
5312000-02-11  Assar Westerlund  <assar@sics.se>
532
533	* delete_sec_context.c (gss_delete_sec_context): set context to
534	GSS_C_NO_CONTEXT
535
536	* Makefile.am: add {export,import}_sec_context.c
537	* export_sec_context.c: new file
538	* import_sec_context.c: new file
539	* accept_sec_context.c (gss_accept_sec_context): set trans flag
540
5412000-02-07  Assar Westerlund  <assar@sics.se>
542
543	* Makefile.am: set version to 0:5:0
544
5452000-01-26  Assar Westerlund  <assar@sics.se>
546
547	* delete_sec_context.c (gss_delete_sec_context): handle a NULL
548	output_token
549
550	* wrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
551	changes to libdes calls to make them more portable.
552	* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
553	some changes to libdes calls to make them more portable.
554	* unwrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
555	changes to libdes calls to make them more portable.
556	* get_mic.c: update to pseudo-standard APIs for md4,md5,sha.  some
557	changes to libdes calls to make them more portable.
558	* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
559
5602000-01-06  Assar Westerlund  <assar@sics.se>
561
562	* Makefile.am: set version to 0:4:0
563
5641999-12-26  Assar Westerlund  <assar@sics.se>
565
566	* accept_sec_context.c (gss_accept_sec_context): always set
567 	`output_token'
568	* init_sec_context.c (init_auth): always initialize `output_token'
569	* delete_sec_context.c (gss_delete_sec_context): always set
570 	`output_token'
571
5721999-12-06  Assar Westerlund  <assar@sics.se>
573
574	* Makefile.am: bump version to 0:3:0
575
5761999-10-20  Assar Westerlund  <assar@sics.se>
577
578	* Makefile.am: set version to 0:2:0
579
5801999-09-21  Assar Westerlund  <assar@sics.se>
581
582	* init_sec_context.c (gss_init_sec_context): initialize `ticket'
583
584	* gssapi.h (gss_ctx_id_t_desc): add ticket in here.  ick.
585
586	* delete_sec_context.c (gss_delete_sec_context): free ticket
587
588	* accept_sec_context.c (gss_accept_sec_context): stove away
589 	`krb5_ticket' in context so that ugly programs such as
590 	gss_nt_server can get at it.  uck.
591
5921999-09-20  Johan Danielsson  <joda@pdc.kth.se>
593
594	* accept_sec_context.c: set minor_status
595
5961999-08-04  Assar Westerlund  <assar@sics.se>
597
598	* display_status.c (calling_error, routine_error): right shift the
599 	code to make it possible to index into the arrays
600
6011999-07-28  Assar Westerlund  <assar@sics.se>
602
603	* gssapi.h (GSS_C_AF_INET6): add
604
605	* import_name.c (import_hostbased_name): set minor_status
606
6071999-07-26  Assar Westerlund  <assar@sics.se>
608
609	* Makefile.am: set version to 0:1:0
610
611Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
612
613	* display_status.c: set minor_status
614
615	* init_sec_context.c: set minor_status
616
617	* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
618 	directly)
619
620