ChangeLog revision 120945
12003-05-07 Love H�rnquist �strand <lha@it.su.se> 2 3 * gssapi.h: 1.27->1.28: 4 if __cplusplus, wrap the extern variable (just to be safe) and 5 functions in extern "C" { } 6 72003-04-30 Love H�rnquist �strand <lha@it.su.se> 8 9 * gssapi.3: more about the des3 mic mess 10 11 * verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the 12 mic is the correct mic or the mic that old heimdal would have 13 generated 14 152003-04-29 Jacques Vidrine <nectar@kth.se> 16 17 * verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification 18 fails, retry using the `old' MIC computation (with zero IV). 19 202003-04-28 Love H�rnquist �strand <lha@it.su.se> 21 22 * compat.c (_gss_DES3_get_mic_compat): default to use compat 23 24 * gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and 25 [gssapi]broken_des3_mic 26 27 * compat.c: 1.2->1.4: 28 (gss_krb5_compat_des3_mci): return a value 29 (gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat 30 (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too 31 32 * gssapi.h: 1.26->1.27: 33 (gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat 34 (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if 35 gss_krb5_compat_des3_mic exists 36 372003-04-23 Love H�rnquist �strand <lha@it.su.se> 38 39 * Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use 40 libgssapi.la not ./libgssapi.la (makes make -jN work) 41 422003-04-16 Love H�rnquist �strand <lha@it.su.se> 43 44 * gssapi.3: spelling 45 46 * gss_acquire_cred.3: Change .Fd #include <header.h> to .In 47 header.h, from Thomas Klausner <wiz@netbsd.org> 48 49 502003-04-06 Love H�rnquist �strand <lha@it.su.se> 51 52 * gss_acquire_cred.3: spelling 53 54 * Makefile.am: remove stuff that sneaked in with last commit 55 56 * acquire_cred.c (acquire_initiator_cred): if the requested name 57 isn't in the ccache, also check keytab. Extact the krbtgt for the 58 default realm to check how long the credentials will last. 59 60 * add_cred.c (gss_add_cred): don't create a new ccache, just open 61 the old one; better check if output handle is compatible with new 62 (copied) handle 63 64 * test_acquire_cred.c: test gss_add_cred too 65 662003-04-03 Love H�rnquist �strand <lha@it.su.se> 67 68 * Makefile.am: build test_acquire_cred 69 70 * test_acquire_cred.c: simple gss_acquire_cred test 71 722003-04-02 Love H�rnquist �strand <lha@it.su.se> 73 74 * gss_acquire_cred.3: s/gssapi/GSS-API/ 75 762003-03-19 Love H�rnquist �strand <lha@it.su.se> 77 78 * gss_acquire_cred.3: document v1 interface (and that they are 79 obsolete) 80 812003-03-18 Love H�rnquist �strand <lha@it.su.se> 82 83 * gss_acquire_cred.3: list supported mechanism and nametypes 84 852003-03-16 Love H�rnquist �strand <lha@it.su.se> 86 87 * gss_acquire_cred.3: text about gss_display_name 88 89 * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 90 (libgssapi_la_SOURCES): add all new functions 91 92 * gssapi.3: now that we have a functions, uncomment the missing 93 ones 94 95 * gss_acquire_cred.3: now that we have a functions, uncomment the 96 missing ones 97 98 * process_context_token.c: implement gss_process_context_token 99 100 * inquire_names_for_mech.c: implement gss_inquire_names_for_mech 101 102 * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name 103 104 * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech 105 106 * add_cred.c: implement gss_add_cred 107 108 * acquire_cred.c (gss_acquire_cred): more testing of input 109 argument, make sure output arguments are ok, since we don't know 110 the time_rec (for now), set it to time_req 111 112 * export_sec_context.c: send lifetime, also set minor_status 113 114 * get_mic.c: set minor_status 115 116 * import_sec_context.c (gss_import_sec_context): add error 117 checking, pick up lifetime (if there is no lifetime, use 118 GSS_C_INDEFINITE) 119 120 * init_sec_context.c: take care to set export value to something 121 sane before we start so caller will have harmless values in them 122 if then function fails 123 124 * release_buffer.c (gss_release_buffer): set minor_status 125 126 * wrap.c: make sure minor_status get set 127 128 * verify_mic.c (gss_verify_mic_internal): rename verify_mic to 129 gss_verify_mic_internal and let it take the type as an argument, 130 (gss_verify_mic): call gss_verify_mic_internal 131 set minor_status 132 133 * unwrap.c: set minor_status 134 135 * test_oid_set_member.c (gss_test_oid_set_member): use 136 gss_oid_equal 137 138 * release_oid_set.c (gss_release_oid_set): set minor_status 139 140 * release_name.c (gss_release_name): set minor_status 141 142 * release_cred.c (gss_release_cred): set minor_status 143 144 * add_oid_set_member.c (gss_add_oid_set_member): set minor_status 145 146 * compare_name.c (gss_compare_name): set minor_status 147 148 * compat.c (check_compat): make sure ret have a defined value 149 150 * context_time.c (gss_context_time): set minor_status 151 152 * copy_ccache.c (gss_krb5_copy_ccache): set minor_status 153 154 * create_emtpy_oid_set.c (gss_create_empty_oid_set): set 155 minor_status 156 157 * delete_sec_context.c (gss_delete_sec_context): set minor_status 158 159 * display_name.c (gss_display_name): set minor_status 160 161 * display_status.c (gss_display_status): use gss_oid_equal, handle 162 supplementary errors 163 164 * duplicate_name.c (gss_duplicate_name): set minor_status 165 166 * inquire_context.c (gss_inquire_context): set lifetime_rec now 167 when we know it, set minor_status 168 169 * inquire_cred.c (gss_inquire_cred): take care to set export value 170 to something sane before we start so caller will have harmless 171 values in them if the function fails 172 173 * accept_sec_context.c (gss_accept_sec_context): take care to set 174 export value to something sane before we start so caller will have 175 harmless values in them if then function fails, set lifetime from 176 ticket expiration date 177 178 * indicate_mechs.c (gss_indicate_mechs): use 179 gss_create_empty_oid_set and gss_add_oid_set_member 180 181 * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, 182 since there is no ticket transfered in the exported context 183 184 * export_name.c (gss_export_name): export name with 185 GSS_C_NT_EXPORT_NAME wrapping, not just the principal 186 187 * import_name.c (import_export_name): new function, parses a 188 GSS_C_NT_EXPORT_NAME 189 (import_krb5_name): factor out common code of parsing krb5 name 190 (gss_oid_equal): rename from oid_equal 191 192 * gssapi_locl.h: add prototypes for gss_oid_equal and 193 gss_verify_mic_internal 194 195 * gssapi.h: comment out the argument names 196 1972003-03-15 Love H�rnquist �strand <lha@it.su.se> 198 199 * gssapi.3: add LIST OF FUNCTIONS and copyright/license 200 201 * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ 202 203 * Makefile.am: man_MANS += gss_aquire_cred.3 204 2052003-03-14 Love H�rnquist �strand <lha@it.su.se> 206 207 * gss_aquire_cred.3: the gssapi api manpage 208 2092003-03-03 Love H�rnquist �strand <lha@it.su.se> 210 211 * inquire_context.c: (gss_inquire_context): rename argument open 212 to open_context 213 214 * gssapi.h (gss_inquire_context): rename argument open to open_context 215 2162003-02-27 Love H�rnquist �strand <lha@it.su.se> 217 218 * init_sec_context.c (do_delegation): remove unused variable 219 subkey 220 221 * gssapi.3: all 0.5.x version had broken token delegation 222 2232003-02-21 Love H�rnquist �strand <lha@it.su.se> 224 225 * (init_auth): only generate one subkey 226 2272003-01-27 Love H�rnquist �strand <lha@it.su.se> 228 229 * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform 230 to rfc (and mit kerberos), provide backward compat hook 231 232 * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and 233 mit kerberos), provide backward compat hook 234 235 * init_sec_context.c (init_auth): check if we need compat for 236 older get_mic/verify_mic 237 238 * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat 239 240 * gssapi.h (more_flags): add COMPAT_OLD_DES3 241 242 * Makefile.am: add gssapi.3 and compat.c 243 244 * gssapi.3: add gssapi COMPATIBILITY documentation 245 246 * accept_sec_context.c (gss_accept_sec_context): check if we need 247 compat for older get_mic/verify_mic 248 249 * compat.c: check for compatiblity with other heimdal's 3des 250 get_mic/verify_mic 251 2522002-10-31 Johan Danielsson <joda@pdc.kth.se> 253 254 * check return value from gssapi_krb5_init 255 256 * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input 257 2582002-09-03 Johan Danielsson <joda@pdc.kth.se> 259 260 * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE 261 262 * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 263 2642002-09-02 Johan Danielsson <joda@pdc.kth.se> 265 266 * init_sec_context.c: we need to generate a local subkey here 267 2682002-08-20 Jacques Vidrine <n@nectar.com> 269 270 * acquire_cred.c, inquire_cred.c, release_cred.c: Use default 271 credential resolution if gss_acquire_cred is called with 272 GSS_C_NO_NAME. 273 2742002-06-20 Jacques Vidrine <n@nectar.com> 275 276 * import_name.c: Compare name types by value if pointers do 277 not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> 278 2792002-05-20 Jacques Vidrine <n@nectar.com> 280 281 * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize 282 the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> 283 2842002-05-09 Jacques Vidrine <n@nectar.com> 285 286 * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 287 2882002-05-08 Jacques Vidrine <n@nectar.com> 289 290 * acquire_cred.c: initialize gssapi; handle null desired_name 291 2922002-03-22 Johan Danielsson <joda@pdc.kth.se> 293 294 * Makefile.am: remove non-functional stuff accidentally committed 295 2962002-03-11 Assar Westerlund <assar@sics.se> 297 298 * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 299 * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel 300 bindings 301 3022001-10-31 Jacques Vidrine <n@nectar.com> 303 304 * get_mic.c (mic_des3): MIC computation using DES3/SHA1 305 was bogusly appending the message buffer to the result, 306 overwriting a heap buffer in the process. 307 3082001-08-29 Assar Westerlund <assar@sics.se> 309 310 * 8003.c (gssapi_krb5_verify_8003_checksum, 311 gssapi_krb5_create_8003_checksum): make more consistent by always 312 returning an gssapi error and setting minor status. update 313 callers 314 3152001-08-28 Jacques Vidrine <n@nectar.com> 316 317 * accept_sec_context.c: Create a cache for delegated credentials 318 when needed. 319 3202001-08-28 Assar Westerlund <assar@sics.se> 321 322 * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 323 3242001-08-23 Assar Westerlund <assar@sics.se> 325 326 * *.c: handle minor_status more consistently 327 328 * display_status.c (gss_display_status): handle krb5_get_err_text 329 failing 330 3312001-08-15 Johan Danielsson <joda@pdc.kth.se> 332 333 * gssapi_locl.h: fix prototype for gssapi_krb5_init 334 3352001-08-13 Johan Danielsson <joda@pdc.kth.se> 336 337 * accept_sec_context.c (gsskrb5_register_acceptor_identity): init 338 context and check return value from kt_resolve 339 340 * init.c: return error code 341 3422001-07-19 Assar Westerlund <assar@sics.se> 343 344 * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 345 3462001-07-12 Assar Westerlund <assar@sics.se> 347 348 * Makefile.am (libgssapi_la_LIBADD): add required library 349 dependencies 350 3512001-07-06 Assar Westerlund <assar@sics.se> 352 353 * accept_sec_context.c (gsskrb5_register_acceptor_identity): set 354 the keytab to be used for gss_acquire_cred too' 355 3562001-07-03 Assar Westerlund <assar@sics.se> 357 358 * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 359 3602001-06-18 Assar Westerlund <assar@sics.se> 361 362 * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 363 and gss_krb5_get_remotekey 364 * verify_mic.c: update krb5_auth_con function names use 365 gss_krb5_get_remotekey 366 * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 367 and gss_krb5_get_remotekey 368 * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): 369 add prototypes 370 * get_mic.c: update krb5_auth_con function names. use 371 gss_krb5_get_localkey 372 * accept_sec_context.c: update krb5_auth_con function names 373 3742001-05-17 Assar Westerlund <assar@sics.se> 375 376 * Makefile.am: bump version to 3:1:2 377 3782001-05-14 Assar Westerlund <assar@sics.se> 379 380 * address_to_krb5addr.c: adapt to new address functions 381 3822001-05-11 Assar Westerlund <assar@sics.se> 383 384 * try to return the error string from libkrb5 where applicable 385 3862001-05-08 Assar Westerlund <assar@sics.se> 387 388 * delete_sec_context.c (gss_delete_sec_context): remember to free 389 the memory used by the ticket itself. from <tmartin@mirapoint.com> 390 3912001-05-04 Assar Westerlund <assar@sics.se> 392 393 * gssapi_locl.h: add config.h for completeness 394 * gssapi.h: remove config.h, this is an installed header file 395 sys/types.h is not needed either 396 3972001-03-12 Assar Westerlund <assar@sics.se> 398 399 * acquire_cred.c (gss_acquire_cred): remove memory leaks. from 400 Jason R Thorpe <thorpej@zembu.com> 401 4022001-02-18 Assar Westerlund <assar@sics.se> 403 404 * accept_sec_context.c (gss_accept_sec_context): either return 405 gss_name NULL-ed or set 406 407 * import_name.c: set minor_status in some cases where it was not 408 done 409 4102001-02-15 Assar Westerlund <assar@sics.se> 411 412 * wrap.c: use krb5_generate_random_block for the confounders 413 4142001-01-30 Assar Westerlund <assar@sics.se> 415 416 * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 417 * acquire_cred.c, init_sec_context.c, release_cred.c: add support 418 for getting creds from a keytab, from fvdl@netbsd.org 419 420 * copy_ccache.c: add gss_krb5_copy_ccache 421 4222001-01-27 Assar Westerlund <assar@sics.se> 423 424 * get_mic.c: cast parameters to des function to non-const pointers 425 to handle the case where these functions actually take non-const 426 des_cblock * 427 4282001-01-09 Assar Westerlund <assar@sics.se> 429 430 * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 431 instead of krb5_rd_cred 432 4332000-12-11 Assar Westerlund <assar@sics.se> 434 435 * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 436 4372000-12-08 Assar Westerlund <assar@sics.se> 438 439 * wrap.c (wrap_des3): use the checksum as ivec when encrypting the 440 sequence number 441 * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting 442 the sequence number 443 * init_sec_context.c (init_auth): always zero fwd_data 444 4452000-12-06 Johan Danielsson <joda@pdc.kth.se> 446 447 * accept_sec_context.c: de-pointerise auth_context parameter to 448 krb5_mk_rep 449 4502000-11-15 Assar Westerlund <assar@sics.se> 451 452 * init_sec_context.c (init_auth): update to new 453 krb5_build_authenticator 454 4552000-09-19 Assar Westerlund <assar@sics.se> 456 457 * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 458 4592000-08-27 Assar Westerlund <assar@sics.se> 460 461 * init_sec_context.c: actually pay attention to `time_req' 462 * init_sec_context.c: re-organize. leak less memory. 463 * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): 464 update prototypes add assert.h 465 * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): 466 add 467 * verify_mic.c: re-organize and add 3DES code 468 * wrap.c: re-organize and add 3DES code 469 * unwrap.c: re-organize and add 3DES code 470 * get_mic.c: re-organize and add 3DES code 471 * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', 472 let the caller do that. fix the callers. 473 4742000-08-16 Assar Westerlund <assar@sics.se> 475 476 * Makefile.am: bump version to 2:1:1 477 4782000-07-29 Assar Westerlund <assar@sics.se> 479 480 * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 481 4822000-07-25 Johan Danielsson <joda@pdc.kth.se> 483 484 * Makefile.am: bump version to 2:0:1 485 4862000-07-22 Assar Westerlund <assar@sics.se> 487 488 * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other 489 details from rfc2744 490 4912000-06-29 Assar Westerlund <assar@sics.se> 492 493 * address_to_krb5addr.c (gss_address_to_krb5addr): actually use 494 `int' instead of `sa_family_t' for the address family. 495 4962000-06-21 Assar Westerlund <assar@sics.se> 497 498 * add support for token delegation. From Daniel Kouril 499 <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 500 5012000-05-15 Assar Westerlund <assar@sics.se> 502 503 * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 504 5052000-04-12 Assar Westerlund <assar@sics.se> 506 507 * release_oid_set.c (gss_release_oid_set): clear set for 508 robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 509 * release_name.c (gss_release_name): reset input_name for 510 robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 511 * release_buffer.c (gss_release_buffer): set value to NULL to be 512 more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> 513 * add_oid_set_member.c (gss_add_oid_set_member): actually check if 514 the oid is a member first. leave the oid_set unchanged if realloc 515 fails. 516 5172000-02-13 Assar Westerlund <assar@sics.se> 518 519 * Makefile.am: set version to 1:0:1 520 5212000-02-12 Assar Westerlund <assar@sics.se> 522 523 * gssapi_locl.h: add flags for import/export 524 * import_sec_context.c (import_sec_context: add flags for what 525 fields are included. do not include the authenticator for now. 526 * export_sec_context.c (export_sec_context: add flags for what 527 fields are included. do not include the authenticator for now. 528 * accept_sec_context.c (gss_accept_sec_context): set target in 529 context_handle 530 5312000-02-11 Assar Westerlund <assar@sics.se> 532 533 * delete_sec_context.c (gss_delete_sec_context): set context to 534 GSS_C_NO_CONTEXT 535 536 * Makefile.am: add {export,import}_sec_context.c 537 * export_sec_context.c: new file 538 * import_sec_context.c: new file 539 * accept_sec_context.c (gss_accept_sec_context): set trans flag 540 5412000-02-07 Assar Westerlund <assar@sics.se> 542 543 * Makefile.am: set version to 0:5:0 544 5452000-01-26 Assar Westerlund <assar@sics.se> 546 547 * delete_sec_context.c (gss_delete_sec_context): handle a NULL 548 output_token 549 550 * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some 551 changes to libdes calls to make them more portable. 552 * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. 553 some changes to libdes calls to make them more portable. 554 * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some 555 changes to libdes calls to make them more portable. 556 * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some 557 changes to libdes calls to make them more portable. 558 * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 559 5602000-01-06 Assar Westerlund <assar@sics.se> 561 562 * Makefile.am: set version to 0:4:0 563 5641999-12-26 Assar Westerlund <assar@sics.se> 565 566 * accept_sec_context.c (gss_accept_sec_context): always set 567 `output_token' 568 * init_sec_context.c (init_auth): always initialize `output_token' 569 * delete_sec_context.c (gss_delete_sec_context): always set 570 `output_token' 571 5721999-12-06 Assar Westerlund <assar@sics.se> 573 574 * Makefile.am: bump version to 0:3:0 575 5761999-10-20 Assar Westerlund <assar@sics.se> 577 578 * Makefile.am: set version to 0:2:0 579 5801999-09-21 Assar Westerlund <assar@sics.se> 581 582 * init_sec_context.c (gss_init_sec_context): initialize `ticket' 583 584 * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. 585 586 * delete_sec_context.c (gss_delete_sec_context): free ticket 587 588 * accept_sec_context.c (gss_accept_sec_context): stove away 589 `krb5_ticket' in context so that ugly programs such as 590 gss_nt_server can get at it. uck. 591 5921999-09-20 Johan Danielsson <joda@pdc.kth.se> 593 594 * accept_sec_context.c: set minor_status 595 5961999-08-04 Assar Westerlund <assar@sics.se> 597 598 * display_status.c (calling_error, routine_error): right shift the 599 code to make it possible to index into the arrays 600 6011999-07-28 Assar Westerlund <assar@sics.se> 602 603 * gssapi.h (GSS_C_AF_INET6): add 604 605 * import_name.c (import_hostbased_name): set minor_status 606 6071999-07-26 Assar Westerlund <assar@sics.se> 608 609 * Makefile.am: set version to 0:1:0 610 611Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 612 613 * display_status.c: set minor_status 614 615 * init_sec_context.c: set minor_status 616 617 * lib/gssapi/init.c: remove donep (check gssapi_krb5_context 618 directly) 619 620