ChangeLog revision 103423
1103423Snectar2002-09-03 Johan Danielsson <joda@pdc.kth.se> 2103423Snectar 3103423Snectar * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE 4103423Snectar 5103423Snectar * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 6103423Snectar 7103423Snectar2002-09-02 Johan Danielsson <joda@pdc.kth.se> 8103423Snectar 9103423Snectar * init_sec_context.c: we need to generate a local subkey here 10103423Snectar 11102644Snectar2002-08-20 Jacques Vidrine <n@nectar.com> 12102644Snectar 13102644Snectar * acquire_cred.c, inquire_cred.c, release_cred.c: Use default 14102644Snectar credential resolution if gss_acquire_cred is called with 15102644Snectar GSS_C_NO_NAME. 16102644Snectar 17102644Snectar2002-06-20 Jacques Vidrine <n@nectar.com> 18102644Snectar 19102644Snectar * import_name.c: Compare name types by value if pointers do 20102644Snectar not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> 21102644Snectar 22102644Snectar2002-05-20 Jacques Vidrine <n@nectar.com> 23102644Snectar 24102644Snectar * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize 25102644Snectar the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> 26102644Snectar 27102644Snectar2002-05-09 Jacques Vidrine <n@nectar.com> 28102644Snectar 29102644Snectar * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 30102644Snectar 31102644Snectar2002-05-08 Jacques Vidrine <n@nectar.com> 32102644Snectar 33102644Snectar * acquire_cred.c: initialize gssapi; handle null desired_name 34102644Snectar 35102644Snectar2002-03-22 Johan Danielsson <joda@pdc.kth.se> 36102644Snectar 37102644Snectar * Makefile.am: remove non-functional stuff accidentally committed 38102644Snectar 39102644Snectar2002-03-11 Assar Westerlund <assar@sics.se> 40102644Snectar 41102644Snectar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 42102644Snectar * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel 43102644Snectar bindings 44102644Snectar 4590926Snectar2001-10-31 Jacques Vidrine <n@nectar.com> 4690926Snectar 4790926Snectar * get_mic.c (mic_des3): MIC computation using DES3/SHA1 4890926Snectar was bogusly appending the message buffer to the result, 4990926Snectar overwriting a heap buffer in the process. 5090926Snectar 5190926Snectar2001-08-29 Assar Westerlund <assar@sics.se> 5290926Snectar 5390926Snectar * 8003.c (gssapi_krb5_verify_8003_checksum, 5490926Snectar gssapi_krb5_create_8003_checksum): make more consistent by always 5590926Snectar returning an gssapi error and setting minor status. update 5690926Snectar callers 5790926Snectar 5890926Snectar2001-08-28 Jacques Vidrine <n@nectar.com> 5990926Snectar 6090926Snectar * accept_sec_context.c: Create a cache for delegated credentials 6190926Snectar when needed. 6290926Snectar 6390926Snectar2001-08-28 Assar Westerlund <assar@sics.se> 6490926Snectar 6590926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 6690926Snectar 6790926Snectar2001-08-23 Assar Westerlund <assar@sics.se> 6890926Snectar 6990926Snectar * *.c: handle minor_status more consistently 7090926Snectar 7190926Snectar * display_status.c (gss_display_status): handle krb5_get_err_text 7290926Snectar failing 7390926Snectar 7490926Snectar2001-08-15 Johan Danielsson <joda@pdc.kth.se> 7590926Snectar 7690926Snectar * gssapi_locl.h: fix prototype for gssapi_krb5_init 7790926Snectar 7890926Snectar2001-08-13 Johan Danielsson <joda@pdc.kth.se> 7990926Snectar 8090926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): init 8190926Snectar context and check return value from kt_resolve 8290926Snectar 8390926Snectar * init.c: return error code 8490926Snectar 8590926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 8690926Snectar 8790926Snectar * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 8890926Snectar 8990926Snectar2001-07-12 Assar Westerlund <assar@sics.se> 9090926Snectar 9190926Snectar * Makefile.am (libgssapi_la_LIBADD): add required library 9290926Snectar dependencies 9390926Snectar 9490926Snectar2001-07-06 Assar Westerlund <assar@sics.se> 9590926Snectar 9690926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): set 9790926Snectar the keytab to be used for gss_acquire_cred too' 9890926Snectar 9990926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 10090926Snectar 10190926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 10290926Snectar 10390926Snectar2001-06-18 Assar Westerlund <assar@sics.se> 10490926Snectar 10590926Snectar * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 10690926Snectar and gss_krb5_get_remotekey 10790926Snectar * verify_mic.c: update krb5_auth_con function names use 10890926Snectar gss_krb5_get_remotekey 10990926Snectar * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 11090926Snectar and gss_krb5_get_remotekey 11190926Snectar * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): 11290926Snectar add prototypes 11390926Snectar * get_mic.c: update krb5_auth_con function names. use 11490926Snectar gss_krb5_get_localkey 11590926Snectar * accept_sec_context.c: update krb5_auth_con function names 11690926Snectar 11778527Sassar2001-05-17 Assar Westerlund <assar@sics.se> 11878527Sassar 11978527Sassar * Makefile.am: bump version to 3:1:2 12078527Sassar 12178527Sassar2001-05-14 Assar Westerlund <assar@sics.se> 12278527Sassar 12378527Sassar * address_to_krb5addr.c: adapt to new address functions 12478527Sassar 12578527Sassar2001-05-11 Assar Westerlund <assar@sics.se> 12678527Sassar 12778527Sassar * try to return the error string from libkrb5 where applicable 12878527Sassar 12978527Sassar2001-05-08 Assar Westerlund <assar@sics.se> 13078527Sassar 13178527Sassar * delete_sec_context.c (gss_delete_sec_context): remember to free 13278527Sassar the memory used by the ticket itself. from <tmartin@mirapoint.com> 13378527Sassar 13478527Sassar2001-05-04 Assar Westerlund <assar@sics.se> 13578527Sassar 13678527Sassar * gssapi_locl.h: add config.h for completeness 13778527Sassar * gssapi.h: remove config.h, this is an installed header file 13878527Sassar sys/types.h is not needed either 13978527Sassar 14078527Sassar2001-03-12 Assar Westerlund <assar@sics.se> 14178527Sassar 14278527Sassar * acquire_cred.c (gss_acquire_cred): remove memory leaks. from 14378527Sassar Jason R Thorpe <thorpej@zembu.com> 14478527Sassar 14578527Sassar2001-02-18 Assar Westerlund <assar@sics.se> 14678527Sassar 14778527Sassar * accept_sec_context.c (gss_accept_sec_context): either return 14878527Sassar gss_name NULL-ed or set 14978527Sassar 15078527Sassar * import_name.c: set minor_status in some cases where it was not 15178527Sassar done 15278527Sassar 15378527Sassar2001-02-15 Assar Westerlund <assar@sics.se> 15478527Sassar 15578527Sassar * wrap.c: use krb5_generate_random_block for the confounders 15678527Sassar 15772445Sassar2001-01-30 Assar Westerlund <assar@sics.se> 15872445Sassar 15972445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 16072445Sassar * acquire_cred.c, init_sec_context.c, release_cred.c: add support 16172445Sassar for getting creds from a keytab, from fvdl@netbsd.org 16272445Sassar 16372445Sassar * copy_ccache.c: add gss_krb5_copy_ccache 16472445Sassar 16572445Sassar2001-01-27 Assar Westerlund <assar@sics.se> 16672445Sassar 16772445Sassar * get_mic.c: cast parameters to des function to non-const pointers 16872445Sassar to handle the case where these functions actually take non-const 16972445Sassar des_cblock * 17072445Sassar 17172445Sassar2001-01-09 Assar Westerlund <assar@sics.se> 17272445Sassar 17372445Sassar * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 17472445Sassar instead of krb5_rd_cred 17572445Sassar 17672445Sassar2000-12-11 Assar Westerlund <assar@sics.se> 17772445Sassar 17872445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 17972445Sassar 18072445Sassar2000-12-08 Assar Westerlund <assar@sics.se> 18172445Sassar 18272445Sassar * wrap.c (wrap_des3): use the checksum as ivec when encrypting the 18372445Sassar sequence number 18472445Sassar * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting 18572445Sassar the sequence number 18672445Sassar * init_sec_context.c (init_auth): always zero fwd_data 18772445Sassar 18872445Sassar2000-12-06 Johan Danielsson <joda@pdc.kth.se> 18972445Sassar 19072445Sassar * accept_sec_context.c: de-pointerise auth_context parameter to 19172445Sassar krb5_mk_rep 19272445Sassar 19372445Sassar2000-11-15 Assar Westerlund <assar@sics.se> 19472445Sassar 19572445Sassar * init_sec_context.c (init_auth): update to new 19672445Sassar krb5_build_authenticator 19772445Sassar 19872445Sassar2000-09-19 Assar Westerlund <assar@sics.se> 19972445Sassar 20072445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 20172445Sassar 20272445Sassar2000-08-27 Assar Westerlund <assar@sics.se> 20372445Sassar 20472445Sassar * init_sec_context.c: actually pay attention to `time_req' 20572445Sassar * init_sec_context.c: re-organize. leak less memory. 20672445Sassar * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): 20772445Sassar update prototypes add assert.h 20872445Sassar * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): 20972445Sassar add 21072445Sassar * verify_mic.c: re-organize and add 3DES code 21172445Sassar * wrap.c: re-organize and add 3DES code 21272445Sassar * unwrap.c: re-organize and add 3DES code 21372445Sassar * get_mic.c: re-organize and add 3DES code 21472445Sassar * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', 21572445Sassar let the caller do that. fix the callers. 21672445Sassar 21772445Sassar2000-08-16 Assar Westerlund <assar@sics.se> 21872445Sassar 21972445Sassar * Makefile.am: bump version to 2:1:1 22072445Sassar 22172445Sassar2000-07-29 Assar Westerlund <assar@sics.se> 22272445Sassar 22372445Sassar * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 22472445Sassar 22572445Sassar2000-07-25 Johan Danielsson <joda@pdc.kth.se> 22672445Sassar 22772445Sassar * Makefile.am: bump version to 2:0:1 22872445Sassar 22972445Sassar2000-07-22 Assar Westerlund <assar@sics.se> 23072445Sassar 23172445Sassar * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other 23272445Sassar details from rfc2744 23372445Sassar 23472445Sassar2000-06-29 Assar Westerlund <assar@sics.se> 23572445Sassar 23672445Sassar * address_to_krb5addr.c (gss_address_to_krb5addr): actually use 23772445Sassar `int' instead of `sa_family_t' for the address family. 23872445Sassar 23972445Sassar2000-06-21 Assar Westerlund <assar@sics.se> 24072445Sassar 24172445Sassar * add support for token delegation. From Daniel Kouril 24272445Sassar <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 24372445Sassar 24472445Sassar2000-05-15 Assar Westerlund <assar@sics.se> 24572445Sassar 24672445Sassar * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 24772445Sassar 24872445Sassar2000-04-12 Assar Westerlund <assar@sics.se> 24972445Sassar 25072445Sassar * release_oid_set.c (gss_release_oid_set): clear set for 25172445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 25272445Sassar * release_name.c (gss_release_name): reset input_name for 25372445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 25472445Sassar * release_buffer.c (gss_release_buffer): set value to NULL to be 25572445Sassar more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> 25672445Sassar * add_oid_set_member.c (gss_add_oid_set_member): actually check if 25772445Sassar the oid is a member first. leave the oid_set unchanged if realloc 25872445Sassar fails. 25972445Sassar 26057419Smarkm2000-02-13 Assar Westerlund <assar@sics.se> 26157419Smarkm 26257419Smarkm * Makefile.am: set version to 1:0:1 26357419Smarkm 26457419Smarkm2000-02-12 Assar Westerlund <assar@sics.se> 26557419Smarkm 26657419Smarkm * gssapi_locl.h: add flags for import/export 26757419Smarkm * import_sec_context.c (import_sec_context: add flags for what 26857419Smarkm fields are included. do not include the authenticator for now. 26957419Smarkm * export_sec_context.c (export_sec_context: add flags for what 27057419Smarkm fields are included. do not include the authenticator for now. 27157419Smarkm * accept_sec_context.c (gss_accept_sec_context): set target in 27257419Smarkm context_handle 27357419Smarkm 27457419Smarkm2000-02-11 Assar Westerlund <assar@sics.se> 27557419Smarkm 27657419Smarkm * delete_sec_context.c (gss_delete_sec_context): set context to 27757419Smarkm GSS_C_NO_CONTEXT 27857419Smarkm 27957419Smarkm * Makefile.am: add {export,import}_sec_context.c 28057419Smarkm * export_sec_context.c: new file 28157419Smarkm * import_sec_context.c: new file 28257419Smarkm * accept_sec_context.c (gss_accept_sec_context): set trans flag 28357419Smarkm 28457416Smarkm2000-02-07 Assar Westerlund <assar@sics.se> 28557416Smarkm 28657416Smarkm * Makefile.am: set version to 0:5:0 28757416Smarkm 28857416Smarkm2000-01-26 Assar Westerlund <assar@sics.se> 28957416Smarkm 29057416Smarkm * delete_sec_context.c (gss_delete_sec_context): handle a NULL 29157416Smarkm output_token 29257416Smarkm 29357416Smarkm * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some 29457416Smarkm changes to libdes calls to make them more portable. 29557416Smarkm * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. 29657416Smarkm some changes to libdes calls to make them more portable. 29757416Smarkm * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some 29857416Smarkm changes to libdes calls to make them more portable. 29957416Smarkm * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some 30057416Smarkm changes to libdes calls to make them more portable. 30157416Smarkm * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 30257416Smarkm 30355682Smarkm2000-01-06 Assar Westerlund <assar@sics.se> 30455682Smarkm 30555682Smarkm * Makefile.am: set version to 0:4:0 30655682Smarkm 30755682Smarkm1999-12-26 Assar Westerlund <assar@sics.se> 30855682Smarkm 30955682Smarkm * accept_sec_context.c (gss_accept_sec_context): always set 31055682Smarkm `output_token' 31155682Smarkm * init_sec_context.c (init_auth): always initialize `output_token' 31255682Smarkm * delete_sec_context.c (gss_delete_sec_context): always set 31355682Smarkm `output_token' 31455682Smarkm 31555682Smarkm1999-12-06 Assar Westerlund <assar@sics.se> 31655682Smarkm 31755682Smarkm * Makefile.am: bump version to 0:3:0 31855682Smarkm 31955682Smarkm1999-10-20 Assar Westerlund <assar@sics.se> 32055682Smarkm 32155682Smarkm * Makefile.am: set version to 0:2:0 32255682Smarkm 32355682Smarkm1999-09-21 Assar Westerlund <assar@sics.se> 32455682Smarkm 32555682Smarkm * init_sec_context.c (gss_init_sec_context): initialize `ticket' 32655682Smarkm 32755682Smarkm * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. 32855682Smarkm 32955682Smarkm * delete_sec_context.c (gss_delete_sec_context): free ticket 33055682Smarkm 33155682Smarkm * accept_sec_context.c (gss_accept_sec_context): stove away 33255682Smarkm `krb5_ticket' in context so that ugly programs such as 33355682Smarkm gss_nt_server can get at it. uck. 33455682Smarkm 33555682Smarkm1999-09-20 Johan Danielsson <joda@pdc.kth.se> 33655682Smarkm 33755682Smarkm * accept_sec_context.c: set minor_status 33855682Smarkm 33955682Smarkm1999-08-04 Assar Westerlund <assar@sics.se> 34055682Smarkm 34155682Smarkm * display_status.c (calling_error, routine_error): right shift the 34255682Smarkm code to make it possible to index into the arrays 34355682Smarkm 34455682Smarkm1999-07-28 Assar Westerlund <assar@sics.se> 34555682Smarkm 34655682Smarkm * gssapi.h (GSS_C_AF_INET6): add 34755682Smarkm 34855682Smarkm * import_name.c (import_hostbased_name): set minor_status 34955682Smarkm 35055682Smarkm1999-07-26 Assar Westerlund <assar@sics.se> 35155682Smarkm 35255682Smarkm * Makefile.am: set version to 0:1:0 35355682Smarkm 35455682SmarkmWed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 35555682Smarkm 35655682Smarkm * display_status.c: set minor_status 35755682Smarkm 35855682Smarkm * init_sec_context.c: set minor_status 35955682Smarkm 36055682Smarkm * lib/gssapi/init.c: remove donep (check gssapi_krb5_context 36155682Smarkm directly) 36255682Smarkm 363