1178825Sdfr2008-01-13 Love H�rnquist �strand <lha@it.su.se> 2127808Snectar 3178825Sdfr * test_ntlm.c: Test source name (and make the acceptor in ntlm gss 4178825Sdfr mech useful). 5178825Sdfr 6178825Sdfr2007-12-30 Love H�rnquist �strand <lha@it.su.se> 7178825Sdfr 8178825Sdfr * ntlm/init_sec_context.c: Don't confuse target name and source 9178825Sdfr name, make regressiont tests pass again. 10178825Sdfr 11178825Sdfr2007-12-29 Love H�rnquist �strand <lha@it.su.se> 12178825Sdfr 13178825Sdfr * ntlm: clean up name handling 14178825Sdfr 15178825Sdfr2007-12-04 Love H�rnquist �strand <lha@it.su.se> 16178825Sdfr 17178825Sdfr * ntlm/init_sec_context.c: Use credential if it was passed in. 18178825Sdfr 19178825Sdfr * ntlm/acquire_cred.c: Check if there is initial creds with 20178825Sdfr _gss_ntlm_get_user_cred(). 21178825Sdfr 22178825Sdfr * ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that 23178825Sdfr return the user info so it can be used by external modules. 24178825Sdfr 25178825Sdfr * ntlm/inquire_cred.c: use the right error code. 26178825Sdfr 27178825Sdfr * ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no 28178825Sdfr credential, ntlm have (not yet) a default credential. 29178825Sdfr 30178825Sdfr * mech/gss_release_oid_set.c: Avoid trying to deref NULL, from 31178825Sdfr Phil Fisher. 32178825Sdfr 33178825Sdfr2007-12-03 Love H�rnquist �strand <lha@it.su.se> 34178825Sdfr 35178825Sdfr * test_acquire_cred.c: Always try to fetch cred (even with 36178825Sdfr GSS_C_NO_NAME). 37178825Sdfr 38178825Sdfr2007-08-09 Love H�rnquist �strand <lha@it.su.se> 39178825Sdfr 40178825Sdfr * mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags. 41178825Sdfr 42178825Sdfr2007-08-08 Love H�rnquist �strand <lha@it.su.se> 43178825Sdfr 44178825Sdfr * spnego/compat.c (_gss_spnego_internal_delete_sec_context): 45178825Sdfr release ctx->target_name too From Rafal Malinowski. 46178825Sdfr 47178825Sdfr2007-07-26 Love H�rnquist �strand <lha@it.su.se> 48178825Sdfr 49178825Sdfr * mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't 50178825Sdfr have dlopen. From Rune of Chalmers. 51178825Sdfr 52178825Sdfr2007-07-10 Love H�rnquist �strand <lha@it.su.se> 53178825Sdfr 54178825Sdfr * mech/gss_duplicate_name.c: New signature of _gss_find_mn. 55178825Sdfr 56178825Sdfr * mech/gss_init_sec_context.c: New signature of _gss_find_mn. 57178825Sdfr 58178825Sdfr * mech/gss_acquire_cred.c: New signature of _gss_find_mn. 59178825Sdfr 60178825Sdfr * mech/name.h: New signature of _gss_find_mn. 61178825Sdfr 62178825Sdfr * mech/gss_canonicalize_name.c: New signature of _gss_find_mn. 63178825Sdfr 64178825Sdfr * mech/gss_compare_name.c: New signature of _gss_find_mn. 65178825Sdfr 66178825Sdfr * mech/gss_add_cred.c: New signature of _gss_find_mn. 67178825Sdfr 68178825Sdfr * mech/gss_names.c (_gss_find_mn): Return an error code for 69178825Sdfr caller. 70178825Sdfr 71178825Sdfr * spnego/accept_sec_context.c: remove checks that are done by the 72178825Sdfr previous function. 73178825Sdfr 74178825Sdfr * Makefile.am: New library version. 75178825Sdfr 76178825Sdfr2007-07-04 Love H�rnquist �strand <lha@it.su.se> 77178825Sdfr 78178825Sdfr * mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from 79178825Sdfr Rafal Malinowski. 80178825Sdfr 81178825Sdfr * spnego/spnego.asn1: Indent and make NegTokenInit and 82178825Sdfr NegTokenResp extendable. 83178825Sdfr 84178825Sdfr2007-06-21 Love H�rnquist �strand <lha@it.su.se> 85178825Sdfr 86178825Sdfr * ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred. 87178825Sdfr 88178825Sdfr * mech/gss_display_status.c: Provide message for GSS_S_COMPLETE. 89178825Sdfr 90178825Sdfr * mech/context.c: If the canned string is "", its no use to the 91178825Sdfr user, make it fall back to the default error string. 92178825Sdfr 93178825Sdfr2007-06-20 Love H�rnquist �strand <lha@it.su.se> 94178825Sdfr 95178825Sdfr * mech/gss_display_name.c (gss_display_name): no name -> 96178825Sdfr fail. From Rafal Malinswski. 97178825Sdfr 98178825Sdfr * spnego/accept_sec_context.c: Wrap name in a spnego_name instead 99178825Sdfr of just a copy of the underlaying object. From Rafal Malinswski. 100178825Sdfr 101178825Sdfr * spnego/accept_sec_context.c: Handle underlaying mech not 102178825Sdfr returning mn. 103178825Sdfr 104178825Sdfr * mech/gss_accept_sec_context.c: Handle underlaying mech not 105178825Sdfr returning mn. 106178825Sdfr 107178825Sdfr * spnego/accept_sec_context.c: Make sure src_name is always set to 108178825Sdfr GSS_C_NO_NAME when returning. 109178825Sdfr 110178825Sdfr * krb5/acquire_cred.c (acquire_acceptor_cred): don't claim 111178825Sdfr everything is well on failure. From Phil Fisher. 112178825Sdfr 113178825Sdfr * mech/gss_duplicate_name.c: catch error (and ignore it) 114178825Sdfr 115178825Sdfr * ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess. 116178825Sdfr 117178825Sdfr * mech/gss_accept_sec_context.c: Only wrap the delegated cred if 118178825Sdfr we got a delegated mech cred. From Rafal Malinowski. 119178825Sdfr 120178825Sdfr * spnego/accept_sec_context.c: Only wrap the delegated cred if we 121178825Sdfr are going to return it to the consumer. From Rafal Malinowski. 122178825Sdfr 123178825Sdfr * spnego/accept_sec_context.c: Fixed memory leak pointed out by 124178825Sdfr Rafal Malinowski, also while here moved to use NegotiationToken 125178825Sdfr for decoding. 126178825Sdfr 127178825Sdfr2007-06-18 Love H�rnquist �strand <lha@it.su.se> 128178825Sdfr 129178825Sdfr * krb5/prf.c (_gsskrb5_pseudo_random): add missing break. 130178825Sdfr 131178825Sdfr * krb5/release_name.c: Set *minor_status unconditionallty, its 132178825Sdfr done later anyway. 133178825Sdfr 134178825Sdfr * spnego/accept_sec_context.c: Init get_mic to 0. 135178825Sdfr 136178825Sdfr * mech/gss_set_cred_option.c: Free memory in failure case, found 137178825Sdfr by beam. 138178825Sdfr 139178825Sdfr * mech/gss_inquire_context.c: Handle mech_type being NULL. 140178825Sdfr 141178825Sdfr * mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL. 142178825Sdfr 143178825Sdfr * mech/gss_krb5.c: Free memory in error case, found by beam. 144178825Sdfr 145178825Sdfr2007-06-12 Love H�rnquist �strand <lha@it.su.se> 146178825Sdfr 147178825Sdfr * ntlm/inquire_context.c: Use ctx->gssflags for flags. 148178825Sdfr 149178825Sdfr * krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is 150178825Sdfr not ment for machine consumption. 151178825Sdfr 152178825Sdfr2007-06-09 Love H�rnquist �strand <lha@it.su.se> 153178825Sdfr 154178825Sdfr * ntlm/digest.c (kdc_alloc): free memory on failure, pointed out 155178825Sdfr by Rafal Malinowski. 156178825Sdfr 157178825Sdfr * ntlm/digest.c (kdc_destroy): free context when done, pointed out 158178825Sdfr by Rafal Malinowski. 159178825Sdfr 160178825Sdfr * spnego/context_stubs.c (_gss_spnego_display_name): if input_name 161178825Sdfr is null, fail. From Rafal Malinowski. 162178825Sdfr 163178825Sdfr2007-06-04 Love H�rnquist �strand <lha@it.su.se> 164178825Sdfr 165178825Sdfr * ntlm/digest.c: Free memory when done. 166178825Sdfr 167178825Sdfr2007-06-02 Love H�rnquist �strand <lha@it.su.se> 168178825Sdfr 169178825Sdfr * test_ntlm.c: Test both with and without keyex. 170178825Sdfr 171178825Sdfr * ntlm/digest.c: If we didn't set session key, don't expect one 172178825Sdfr back. 173178825Sdfr 174178825Sdfr * test_ntlm.c: Set keyex flag and calculate session key. 175178825Sdfr 176178825Sdfr2007-05-31 Love H�rnquist �strand <lha@it.su.se> 177178825Sdfr 178178825Sdfr * spnego/accept_sec_context.c: Use the return value before is 179178825Sdfr overwritten by later calls. From Rafal Malinowski 180178825Sdfr 181178825Sdfr * krb5/release_cred.c: Give an minor_status argument to 182178825Sdfr gss_release_oid_set. From Rafal Malinowski 183178825Sdfr 184178825Sdfr2007-05-30 Love H�rnquist �strand <lha@it.su.se> 185178825Sdfr 186178825Sdfr * ntlm/accept_sec_context.c: Catch errors and return the up the 187178825Sdfr stack. 188178825Sdfr 189178825Sdfr * test_kcred.c: more testing of lifetimes 190178825Sdfr 191178825Sdfr2007-05-17 Love H�rnquist �strand <lha@it.su.se> 192178825Sdfr 193178825Sdfr * Makefile.am: Drop the gss oid_set function for the krb5 mech, 194178825Sdfr use the mech glue versions instead. Pointed out by Rafal 195178825Sdfr Malinowski. 196178825Sdfr 197178825Sdfr * krb5: Use gss oid_set functions from mechglue 198178825Sdfr 199178825Sdfr2007-05-14 Love H�rnquist �strand <lha@it.su.se> 200178825Sdfr 201178825Sdfr * ntlm/accept_sec_context.c: Set session key only if we are 202178825Sdfr returned a session key. Found by David Love. 203178825Sdfr 204178825Sdfr2007-05-13 Love H�rnquist �strand <lha@it.su.se> 205178825Sdfr 206178825Sdfr * krb5/prf.c: switched MIN to min to make compile on solaris, 207178825Sdfr pointed out by David Love. 208178825Sdfr 209178825Sdfr2007-05-09 Love H�rnquist �strand <lha@it.su.se> 210178825Sdfr 211178825Sdfr * krb5/inquire_cred_by_mech.c: Fill in all of the variables if 212178825Sdfr they are passed in. Pointed out by Phil Fisher. 213178825Sdfr 214178825Sdfr2007-05-08 Love H�rnquist �strand <lha@it.su.se> 215178825Sdfr 216178825Sdfr * krb5/inquire_cred.c: Fix copy and paste error, bug spotted by 217178825Sdfr from Phil Fisher. 218178825Sdfr 219178825Sdfr * mech: dont keep track of gc_usage, just figure it out at 220178825Sdfr gss_inquire_cred() time 221178825Sdfr 222178825Sdfr * mech/gss_mech_switch.c (add_builtin): ok for 223178825Sdfr __gss_mech_initialize() to return NULL 224178825Sdfr 225178825Sdfr * test_kcred.c: more correct tests 226178825Sdfr 227178825Sdfr * spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a 228178825Sdfr spnego_name. 229178825Sdfr 230178825Sdfr * ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now, 231178825Sdfr need to find default cred and friends. 232178825Sdfr 233178825Sdfr * krb5/inquire_cred_by_mech.c: reimplement 234178825Sdfr 235178825Sdfr2007-05-07 Love H�rnquist �strand <lha@it.su.se> 236178825Sdfr 237178825Sdfr * ntlm/acquire_cred.c: drop unused variable. 238178825Sdfr 239178825Sdfr * ntlm/acquire_cred.c: Reimplement. 240178825Sdfr 241178825Sdfr * Makefile.am: add ntlm/digest.c 242178825Sdfr 243178825Sdfr * ntlm: split out backend ntlm server processing 244178825Sdfr 245178825Sdfr2007-04-24 Love H�rnquist �strand <lha@it.su.se> 246178825Sdfr 247178825Sdfr * ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free 248178825Sdfr credcache when done 249178825Sdfr 250178825Sdfr2007-04-22 Love H�rnquist �strand <lha@it.su.se> 251178825Sdfr 252178825Sdfr * ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @ 253178825Sdfr 254178825Sdfr * ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm 255178825Sdfr creds from the krb5 credential cache. 256178825Sdfr 257178825Sdfr2007-04-21 Love H�rnquist �strand <lha@it.su.se> 258178825Sdfr 259178825Sdfr * ntlm/delete_sec_context.c: free the key stored in the context 260178825Sdfr 261178825Sdfr * ntlm/ntlm.h: switch password for a key 262178825Sdfr 263178825Sdfr * test_oid.c: Switch oid to one that is exported. 264178825Sdfr 265178825Sdfr2007-04-20 Love H�rnquist �strand <lha@it.su.se> 266178825Sdfr 267178825Sdfr * ntlm/init_sec_context.c: move where hash is calculated to make 268178825Sdfr it easier to add ccache support. 269178825Sdfr 270178825Sdfr * Makefile.am: Add version-script.map to EXTRA_DIST. 271178825Sdfr 272178825Sdfr2007-04-19 Love H�rnquist �strand <lha@it.su.se> 273178825Sdfr 274178825Sdfr * Makefile.am: Unconfuse newer versions of automake that doesn't 275178825Sdfr know the diffrence between depenences and setting variables. foo: 276178825Sdfr vs foo=. 277178825Sdfr 278178825Sdfr * test_ntlm.c: delete sec context when done. 279178825Sdfr 280178825Sdfr * version-script.map: export more symbols. 281178825Sdfr 282178825Sdfr * Makefile.am: add version script if ld supports it 283178825Sdfr 284178825Sdfr * version-script.map: add version script if ld supports it 285178825Sdfr 286178825Sdfr2007-04-18 Love H�rnquist �strand <lha@it.su.se> 287178825Sdfr 288178825Sdfr * Makefile.am: test_acquire_cred need test_common.[ch] 289178825Sdfr 290178825Sdfr * test_acquire_cred.c: add more test options. 291178825Sdfr 292178825Sdfr * krb5/external.c: add GSS_KRB5_CCACHE_NAME_X 293178825Sdfr 294178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X 295178825Sdfr 296178825Sdfr * krb5/set_sec_context_option.c: refactor code, implement 297178825Sdfr GSS_KRB5_CCACHE_NAME_X 298178825Sdfr 299178825Sdfr * mech/gss_krb5.c: reimplement gss_krb5_ccache_name 300178825Sdfr 301178825Sdfr2007-04-17 Love H�rnquist �strand <lha@it.su.se> 302178825Sdfr 303178825Sdfr * spnego/cred_stubs.c: Need to import spnego name before we can 304178825Sdfr use it as a gss_name_t. 305178825Sdfr 306178825Sdfr * test_acquire_cred.c: use this test as part of the regression 307178825Sdfr suite. 308178825Sdfr 309178825Sdfr * mech/gss_acquire_cred.c (gss_acquire_cred): dont init 310178825Sdfr cred->gc_mc every time in the loop. 311178825Sdfr 312178825Sdfr2007-04-15 Love H�rnquist �strand <lha@it.su.se> 313178825Sdfr 314178825Sdfr * Makefile.am: add test_common.h 315178825Sdfr 316178825Sdfr2007-02-16 Love H�rnquist �strand <lha@it.su.se> 317178825Sdfr 318178825Sdfr * gss_acquire_cred.3: Add link for 319178825Sdfr gsskrb5_register_acceptor_identity. 320178825Sdfr 321178825Sdfr2007-02-08 Love H�rnquist �strand <lha@it.su.se> 322178825Sdfr 323178825Sdfr * krb5/copy_ccache.c: Try to leak less memory in the failure case. 324178825Sdfr 325178825Sdfr2007-01-31 Love H�rnquist �strand <lha@it.su.se> 326178825Sdfr 327178825Sdfr * mech/gss_display_status.c: Use right printf formater. 328178825Sdfr 329178825Sdfr * test_*.[ch]: split out the error printing function and try to 330178825Sdfr return better errors 331178825Sdfr 332178825Sdfr2007-01-30 Love H�rnquist �strand <lha@it.su.se> 333178825Sdfr 334178825Sdfr * krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on 335178825Sdfr GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. 336178825Sdfr 337178825Sdfr This is because Kerberos always support INT|CONF, matches behavior 338178825Sdfr with MS and MIT. The creates problems for the GSS-SPNEGO mech. 339178825Sdfr 340178825Sdfr2007-01-24 Love H�rnquist �strand <lha@it.su.se> 341178825Sdfr 342178825Sdfr * krb5/prf.c: constrain desired_output_len 343178825Sdfr 344178825Sdfr * krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random 345178825Sdfr 346178825Sdfr * mech/gss_pseudo_random.c: Catch error from underlaying mech on 347178825Sdfr failure. 348178825Sdfr 349178825Sdfr * Makefile.am: Add krb5/prf.c 350178825Sdfr 351178825Sdfr * krb5/prf.c: gss_pseudo_random for krb5 352178825Sdfr 353178825Sdfr * test_context.c: Checks for gss_pseudo_random. 354178825Sdfr 355178825Sdfr * krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG 356178825Sdfr 357178825Sdfr * Makefile.am: Add mech/gss_pseudo_random.c 358178825Sdfr 359178825Sdfr * gssapi/gssapi.h: try to load pseudo_random 360178825Sdfr 361178825Sdfr * mech/gss_mech_switch.c: try to load pseudo_random 362178825Sdfr 363178825Sdfr * mech/gss_pseudo_random.c: Add gss_pseudo_random. 364178825Sdfr 365178825Sdfr * gssapi_mech.h: Add hook for gm_pseudo_random. 366178825Sdfr 367178825Sdfr2007-01-17 Love H�rnquist �strand <lha@it.su.se> 368178825Sdfr 369178825Sdfr * test_context.c: Don't assume bufer from gss_display_status is 370178825Sdfr ok. 371178825Sdfr 372178825Sdfr * mech/gss_wrap_size_limit.c: Reset out variables. 373178825Sdfr 374178825Sdfr * mech/gss_wrap.c: Reset out variables. 375178825Sdfr 376178825Sdfr * mech/gss_verify_mic.c: Reset out variables. 377178825Sdfr 378178825Sdfr * mech/gss_utils.c: Reset out variables. 379178825Sdfr 380178825Sdfr * mech/gss_release_oid_set.c: Reset out variables. 381178825Sdfr 382178825Sdfr * mech/gss_release_cred.c: Reset out variables. 383178825Sdfr 384178825Sdfr * mech/gss_release_buffer.c: Reset variables. 385178825Sdfr 386178825Sdfr * mech/gss_oid_to_str.c: Reset out variables. 387178825Sdfr 388178825Sdfr * mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables. 389178825Sdfr 390178825Sdfr * mech/gss_mech_switch.c: Reset out variables. 391178825Sdfr 392178825Sdfr * mech/gss_inquire_sec_context_by_oid.c: Reset out variables. 393178825Sdfr 394178825Sdfr * mech/gss_inquire_names_for_mech.c: Reset out variables. 395178825Sdfr 396178825Sdfr * mech/gss_inquire_cred_by_oid.c: Reset out variables. 397178825Sdfr 398178825Sdfr * mech/gss_inquire_cred_by_oid.c: Reset out variables. 399178825Sdfr 400178825Sdfr * mech/gss_inquire_cred_by_mech.c: Reset out variables. 401178825Sdfr 402178825Sdfr * mech/gss_inquire_cred.c: Reset out variables, fix memory leak. 403178825Sdfr 404178825Sdfr * mech/gss_inquire_context.c: Reset out variables. 405178825Sdfr 406178825Sdfr * mech/gss_init_sec_context.c: Zero out outbuffer on failure. 407178825Sdfr 408178825Sdfr * mech/gss_import_name.c: Reset out variables. 409178825Sdfr 410178825Sdfr * mech/gss_import_name.c: Reset out variables. 411178825Sdfr 412178825Sdfr * mech/gss_get_mic.c: Reset out variables. 413178825Sdfr 414178825Sdfr * mech/gss_export_name.c: Reset out variables. 415178825Sdfr 416178825Sdfr * mech/gss_encapsulate_token.c: Reset out variables. 417178825Sdfr 418178825Sdfr * mech/gss_duplicate_oid.c: Reset out variables. 419178825Sdfr 420178825Sdfr * mech/gss_duplicate_oid.c: Reset out variables. 421178825Sdfr 422178825Sdfr * mech/gss_duplicate_name.c: Reset out variables. 423178825Sdfr 424178825Sdfr * mech/gss_display_status.c: Reset out variables. 425178825Sdfr 426178825Sdfr * mech/gss_display_name.c: Reset out variables. 427178825Sdfr 428178825Sdfr * mech/gss_delete_sec_context.c: Reset out variables using propper 429178825Sdfr macros. 430178825Sdfr 431178825Sdfr * mech/gss_decapsulate_token.c: Reset out variables using propper 432178825Sdfr macros. 433178825Sdfr 434178825Sdfr * mech/gss_add_cred.c: Reset out variables. 435178825Sdfr 436178825Sdfr * mech/gss_acquire_cred.c: Reset out variables. 437178825Sdfr 438178825Sdfr * mech/gss_accept_sec_context.c: Reset out variables using propper 439178825Sdfr macros. 440178825Sdfr 441178825Sdfr * mech/gss_init_sec_context.c: Reset out variables. 442178825Sdfr 443178825Sdfr * mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a 444178825Sdfr gss_buffer_t 445178825Sdfr 446178825Sdfr2007-01-16 Love H�rnquist �strand <lha@it.su.se> 447178825Sdfr 448178825Sdfr * mech: sprinkel _gss_mg_error 449178825Sdfr 450178825Sdfr * mech/gss_display_status.c (gss_display_status): use 451178825Sdfr _gss_mg_get_error to fetch the error from underlaying mech, if it 452178825Sdfr failes, let do the regular dance for GSS-CODE version and a 453178825Sdfr generic print-the-error code for MECH-CODE. 454178825Sdfr 455178825Sdfr * mech/gss_oid_to_str.c: Don't include the NUL in the length of 456178825Sdfr the string. 457178825Sdfr 458178825Sdfr * mech/context.h: Protoypes for _gss_mg_. 459178825Sdfr 460178825Sdfr * mech/context.c: Glue to catch the error from the lower gss-api 461178825Sdfr layer and save that for later so gss_display_status() can show the 462178825Sdfr error. 463178825Sdfr 464178825Sdfr * gss.c: Detect NTLM. 465178825Sdfr 466178825Sdfr2007-01-11 Love H�rnquist �strand <lha@it.su.se> 467178825Sdfr 468178825Sdfr * mech/gss_accept_sec_context.c: spelling 469178825Sdfr 470178825Sdfr2007-01-04 Love H�rnquist �strand <lha@it.su.se> 471178825Sdfr 472178825Sdfr * Makefile.am: Include build (private) prototypes header files. 473178825Sdfr 474178825Sdfr * Makefile.am (ntlmsrc): add ntlm/ntlm-private.h 475178825Sdfr 476178825Sdfr2006-12-28 Love H�rnquist �strand <lha@it.su.se> 477178825Sdfr 478178825Sdfr * ntlm/accept_sec_context.c: Pass signseal argument to 479178825Sdfr _gss_ntlm_set_key. 480178825Sdfr 481178825Sdfr * ntlm/init_sec_context.c: Pass signseal argument to 482178825Sdfr _gss_ntlm_set_key. 483178825Sdfr 484178825Sdfr * ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument 485178825Sdfr 486178825Sdfr * test_ntlm.c: add ntlmv2 test 487178825Sdfr 488178825Sdfr * ntlm/ntlm.h: break out struct ntlmv2_key; 489178825Sdfr 490178825Sdfr * ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys. 491178825Sdfr 492178825Sdfr * ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI. 493178825Sdfr 494178825Sdfr * ntlm/ntlm.h: NTLMv2 keys. 495178825Sdfr 496178825Sdfr * ntlm/crypto.c: NTLMv2 sign and verify. 497178825Sdfr 498178825Sdfr2006-12-20 Love H�rnquist �strand <lha@it.su.se> 499178825Sdfr 500178825Sdfr * ntlm/accept_sec_context.c: Don't send targetinfo now. 501178825Sdfr 502178825Sdfr * ntlm/init_sec_context.c: Build ntlmv2 answer buffer. 503178825Sdfr 504178825Sdfr * ntlm/init_sec_context.c: Leak less memory. 505178825Sdfr 506178825Sdfr * ntlm/init_sec_context.c: Announce that we support key exchange. 507178825Sdfr 508178825Sdfr * ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2 509178825Sdfr session security (disable because missing sign and seal). 510178825Sdfr 511178825Sdfr2006-12-19 Love H�rnquist �strand <lha@it.su.se> 512178825Sdfr 513178825Sdfr * ntlm/accept_sec_context.c: split RC4 send and recv keystreams 514178825Sdfr 515178825Sdfr * ntlm/init_sec_context.c: split RC4 send and recv keystreams 516178825Sdfr 517178825Sdfr * ntlm/ntlm.h: split RC4 send and recv keystreams 518178825Sdfr 519178825Sdfr * ntlm/crypto.c: Implement SEAL. 520178825Sdfr 521178825Sdfr * ntlm/crypto.c: move gss_wrap/gss_unwrap here 522178825Sdfr 523178825Sdfr * test_context.c: request INT and CONF from the gss layer, test 524178825Sdfr get and verify MIC. 525178825Sdfr 526178825Sdfr * ntlm/ntlm.h: add crypto bits. 527178825Sdfr 528178825Sdfr * ntlm/accept_sec_context.c: Save session master key. 529178825Sdfr 530178825Sdfr * Makefile.am: Move get and verify mic to the same file (crypto.c) 531178825Sdfr since they share code. 532178825Sdfr 533178825Sdfr * ntlm/crypto.c: Move get and verify mic to the same file since 534178825Sdfr they share code, implement NTLM v1 and dummy signatures. 535178825Sdfr 536178825Sdfr * ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and 537178825Sdfr GSS_C_INTEG_FLAG, save the session master key 538178825Sdfr 539178825Sdfr * spnego/accept_sec_context.c: try using gss_accept_sec_context() 540178825Sdfr on the opportunistic token instead of guessing the acceptor name 541178825Sdfr and do gss_acquire_cred, this make SPNEGO work like before. 542178825Sdfr 543178825Sdfr2006-12-18 Love H�rnquist �strand <lha@it.su.se> 544178825Sdfr 545178825Sdfr * ntlm/init_sec_context.c: Calculate the NTLM version 1 "master" 546178825Sdfr key. 547178825Sdfr 548178825Sdfr * spnego/accept_sec_context.c: Resurect negHints for the acceptor 549178825Sdfr sends first packet. 550178825Sdfr 551178825Sdfr * Makefile.am: Add "windows" versions of the NegTokenInitWin and 552178825Sdfr friends. 553178825Sdfr 554178825Sdfr * test_context.c: add --wrapunwrap flag 555178825Sdfr 556178825Sdfr * spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to 557178825Sdfr compat.c, use the sequence types of MechTypeList, make 558178825Sdfr add_mech_type() static. 559178825Sdfr 560178825Sdfr * spnego/accept_sec_context.c: move 561178825Sdfr _gss_spnego_indicate_mechtypelist() to compat.c 562178825Sdfr 563178825Sdfr * Makefile.am: Generate sequence code for MechTypeList 564178825Sdfr 565178825Sdfr * spnego: check that the generated acceptor mechlist is acceptable too 566178825Sdfr 567178825Sdfr * spnego/init_sec_context.c: Abstract out the initiator filter 568178825Sdfr function, it will be needed for the acceptor too. 569178825Sdfr 570178825Sdfr * spnego/accept_sec_context.c: Abstract out the initiator filter 571178825Sdfr function, it will be needed for the acceptor too. Remove negHints. 572178825Sdfr 573178825Sdfr * test_context.c: allow asserting return mech 574178825Sdfr 575178825Sdfr * ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx 576178825Sdfr 577178825Sdfr * ntlm/acquire_cred.c: Check that the KDC seem to there and 578178825Sdfr answering us, we can't do better then that wen checking if we will 579178825Sdfr accept the credential. 580178825Sdfr 581178825Sdfr * ntlm/get_mic.c: return GSS_S_UNAVAILABLE 582178825Sdfr 583178825Sdfr * mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid 584178825Sdfr 585178825Sdfr * mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid 586178825Sdfr 587178825Sdfr * spnego/spnego.asn1: Its very sad, but NegHints its are not part 588178825Sdfr of the NegTokenInit, this makes SPNEGO acceptor life a lot harder. 589178825Sdfr 590178825Sdfr * spnego: try harder to handle names better. handle missing 591178825Sdfr acceptor and initator creds better (ie dont propose/accept mech 592178825Sdfr that there are no credentials for) split NegTokenInit and 593178825Sdfr NegTokenResp in acceptor 594178825Sdfr 595178825Sdfr2006-12-16 Love H�rnquist �strand <lha@it.su.se> 596178825Sdfr 597178825Sdfr * ntlm/import_name.c: Allocate the buffer from the right length. 598178825Sdfr 599178825Sdfr2006-12-15 Love H�rnquist �strand <lha@it.su.se> 600178825Sdfr 601178825Sdfr * ntlm/init_sec_context.c (init_sec_context): Tell the other side 602178825Sdfr what domain we think we are talking to. 603178825Sdfr 604178825Sdfr * ntlm/delete_sec_context.c: free username and password 605178825Sdfr 606178825Sdfr * ntlm/release_name.c (_gss_ntlm_release_name): free name. 607178825Sdfr 608178825Sdfr * ntlm/import_name.c (_gss_ntlm_import_name): add support for 609178825Sdfr GSS_C_NT_HOSTBASED_SERVICE names 610178825Sdfr 611178825Sdfr * ntlm/ntlm.h: Add ntlm_name. 612178825Sdfr 613178825Sdfr * test_context.c: allow testing of ntlm. 614178825Sdfr 615178825Sdfr * gssapi_mech.h: add __gss_ntlm_initialize 616178825Sdfr 617178825Sdfr * ntlm/accept_sec_context.c (handle_type3): verify that the kdc 618178825Sdfr approved of the ntlm exchange too 619178825Sdfr 620178825Sdfr * mech/gss_mech_switch.c: Add the builtin ntlm mech 621178825Sdfr 622178825Sdfr * test_ntlm.c: NTLM test app. 623178825Sdfr 624178825Sdfr * mech/gss_accept_sec_context.c: Add detection of NTLMSSP. 625178825Sdfr 626178825Sdfr * gssapi/gssapi.h: add ntlm mech oid 627178825Sdfr 628178825Sdfr * ntlm/external.c: Switch OID to the ms ntlmssp oid 629178825Sdfr 630178825Sdfr * Makefile.am: Add ntlm gss-api module. 631178825Sdfr 632178825Sdfr * ntlm/accept_sec_context.c: Catch more error errors. 633178825Sdfr 634178825Sdfr * ntlm/accept_sec_context.c: Check after a credential to use. 635178825Sdfr 636178825Sdfr2006-12-14 Love H�rnquist �strand <lha@it.su.se> 637178825Sdfr 638178825Sdfr * krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X): 639178825Sdfr don't fail on success. Bug report from Stefan Metzmacher. 640178825Sdfr 641178825Sdfr2006-12-13 Love H�rnquist �strand <lha@it.su.se> 642178825Sdfr 643178825Sdfr * krb5/init_sec_context.c (init_auth): only turn on 644178825Sdfr GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it. 645178825Sdfr From Stefan Metzmacher. 646178825Sdfr 647178825Sdfr2006-12-11 Love H�rnquist �strand <lha@it.su.se> 648178825Sdfr 649178825Sdfr * Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h 650178825Sdfr spnego_asn1.h. 651178825Sdfr 652178825Sdfr2006-11-20 Love H�rnquist �strand <lha@it.su.se> 653178825Sdfr 654178825Sdfr * krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a 655178825Sdfr context argument. 656178825Sdfr 657178825Sdfr2006-11-16 Love H�rnquist �strand <lha@it.su.se> 658178825Sdfr 659178825Sdfr * test_context.c: Test that token keys are the same, return 660178825Sdfr actual_mech. 661178825Sdfr 662178825Sdfr2006-11-15 Love H�rnquist �strand <lha@it.su.se> 663178825Sdfr 664178825Sdfr * spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open. 665178825Sdfr 666178825Sdfr * spnego/accept_sec_context.c: Use ASN.1 encoder functions to 667178825Sdfr encode CHOICE structure now that we can handle it. 668178825Sdfr 669178825Sdfr * spnego/init_sec_context.c: Use ASN.1 encoder functions to encode 670178825Sdfr CHOICE structure now that we can handle it. 671178825Sdfr 672178825Sdfr * spnego/accept_sec_context.c (_gss_spnego_accept_sec_context): 673178825Sdfr send back ad accept_completed when the security context is ->open, 674178825Sdfr w/o this the client doesn't know that the server have completed 675178825Sdfr the transaction. 676178825Sdfr 677178825Sdfr * test_context.c: Add delegate flag and check that the delegated 678178825Sdfr cred works. 679178825Sdfr 680178825Sdfr * spnego/init_sec_context.c: Keep track of the opportunistic token 681178825Sdfr in the inital message, it might be a complete gss-api context, in 682178825Sdfr that case we'll get back accept_completed without any token. With 683178825Sdfr this change, krb5 w/o mutual authentication works. 684178825Sdfr 685178825Sdfr * spnego/accept_sec_context.c: Use ASN.1 encoder functions to 686178825Sdfr encode CHOICE structure now that we can handle it. 687178825Sdfr 688178825Sdfr * spnego/accept_sec_context.c: Filter out SPNEGO from the out 689178825Sdfr supported mechs list and make sure we don't select that for the 690178825Sdfr preferred mechamism. 691178825Sdfr 692178825Sdfr2006-11-14 Love H�rnquist �strand <lha@it.su.se> 693178825Sdfr 694178825Sdfr * mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the 695178825Sdfr cred finding to its own function 696178825Sdfr 697178825Sdfr * krb5/wrap.c: Better error strings, from Andrew Bartlet. 698178825Sdfr 699178825Sdfr2006-11-13 Love H�rnquist �strand <lha@it.su.se> 700178825Sdfr 701178825Sdfr * test_context.c: Create our own krb5_context. 702178825Sdfr 703178825Sdfr * krb5: Switch from using a specific error message context in the 704178825Sdfr TLS to have a whole krb5_context in TLS. This have some 705178825Sdfr interestion side-effekts for the configruration setting options 706178825Sdfr since they operate on per-thread basis now. 707178825Sdfr 708178825Sdfr * mech/gss_set_cred_option.c: When calling ->gm_set_cred_option 709178825Sdfr and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet. 710178825Sdfr 711178825Sdfr2006-11-12 Love H�rnquist �strand <lha@it.su.se> 712178825Sdfr 713178825Sdfr * Makefile.am: Help solaris make even more. 714178825Sdfr 715178825Sdfr * Makefile.am: Help solaris make. 716178825Sdfr 717178825Sdfr2006-11-09 Love H�rnquist �strand <lha@it.su.se> 718178825Sdfr 719178825Sdfr * Makefile.am: remove include $(srcdir)/Makefile-digest.am for now 720178825Sdfr 721178825Sdfr * mech/gss_accept_sec_context.c: Try better guessing what is mech 722178825Sdfr we are going to select by looking harder at the input_token, idea 723178825Sdfr from Luke Howard's mechglue branch. 724178825Sdfr 725178825Sdfr * Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h 726178825Sdfr 727178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X 728178825Sdfr 729178825Sdfr * mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes 730178825Sdfr 731178825Sdfr * gssapi/gssapi.h: GSS_KRB5_S_ 732178825Sdfr 733178825Sdfr * krb5/gsskrb5_locl.h: Include <gkrb5_err.h>. 734178825Sdfr 735178825Sdfr * gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes. 736178825Sdfr 737178825Sdfr * Makefile.am: Build and install gkrb5_err.h 738178825Sdfr 739178825Sdfr * krb5/gkrb5_err.et: Move the GSS_KRB5_S error here. 740178825Sdfr 741178825Sdfr2006-11-08 Love H�rnquist �strand <lha@it.su.se> 742178825Sdfr 743178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_default_realm. 744178825Sdfr 745178825Sdfr * krb5/set_sec_context_option.c: Support 746178825Sdfr GSS_KRB5_SET_DEFAULT_REALM_X. 747178825Sdfr 748178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X 749178825Sdfr 750178825Sdfr * krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X 751178825Sdfr 752178825Sdfr2006-11-07 Love H�rnquist �strand <lha@it.su.se> 753178825Sdfr 754178825Sdfr * test_context.c: rename krb5_[gs]et_time_wrap to 755178825Sdfr krb5_[gs]et_max_time_skew 756178825Sdfr 757178825Sdfr * krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context 758178825Sdfr no longer used, bye bye 759178825Sdfr 760178825Sdfr * mech/gss_krb5.c: No depenency of the krb5 gssapi mech. 761178825Sdfr 762178825Sdfr * mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use 763178825Sdfr _gsskrb5_decode_om_uint32. From Andrew Bartlet. 764178825Sdfr 765178825Sdfr * mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for 766178825Sdfr now. 767178825Sdfr 768178825Sdfr * spnego/spnego_locl.h: Include <roken.h> for compatiblity. 769178825Sdfr 770178825Sdfr * krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in 771178825Sdfr DCE-STYLE, don't try to use to. From Andrew Bartlett. 772178825Sdfr 773178825Sdfr * test_context.c: test wrap/unwrap, add flag for dce-style and 774178825Sdfr mutual auth, also support multi-roundtrip sessions 775178825Sdfr 776178825Sdfr * krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro. 777178825Sdfr 778178825Sdfr * krb5/accept_sec_context.c (gsskrb5_acceptor_start): use 779178825Sdfr krb5_rd_req_ctx 780178825Sdfr 781178825Sdfr * mech/gss_krb5.c (gsskrb5_get_subkey): return the per message 782178825Sdfr token subkey 783178825Sdfr 784178825Sdfr * krb5/inquire_sec_context_by_oid.c: check if there is any key at 785178825Sdfr all 786178825Sdfr 787178825Sdfr2006-11-06 Love H�rnquist �strand <lha@it.su.se> 788178825Sdfr 789178825Sdfr * krb5/inquire_sec_context_by_oid.c: Set more error strings, use 790178825Sdfr right enum for acceptor subkey. From Andrew Bartlett. 791178825Sdfr 792178825Sdfr2006-11-04 Love H�rnquist �strand <lha@it.su.se> 793178825Sdfr 794178825Sdfr * test_context.c: Test gsskrb5_extract_service_keyblock, needed in 795178825Sdfr PAC valication. From Andrew Bartlett 796178825Sdfr 797178825Sdfr * mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context 798178825Sdfr and keyblock extraction functions. 799178825Sdfr 800178825Sdfr * gssapi/gssapi_krb5.h: Add extraction of keyblock function, from 801178825Sdfr Andrew Bartlett. 802178825Sdfr 803178825Sdfr * krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X 804178825Sdfr 805178825Sdfr2006-11-03 Love H�rnquist �strand <lha@it.su.se> 806178825Sdfr 807178825Sdfr * test_context.c: Rename various routines and constants from 808178825Sdfr canonize to canonicalize. From Andrew Bartlett 809178825Sdfr 810178825Sdfr * mech/gss_krb5.c: Rename various routines and constants from 811178825Sdfr canonize to canonicalize. From Andrew Bartlett 812178825Sdfr 813178825Sdfr * krb5/set_sec_context_option.c: Rename various routines and 814178825Sdfr constants from canonize to canonicalize. From Andrew Bartlett 815178825Sdfr 816178825Sdfr * krb5/external.c: Rename various routines and constants from 817178825Sdfr canonize to canonicalize. From Andrew Bartlett 818178825Sdfr 819178825Sdfr * gssapi/gssapi_krb5.h: Rename various routines and constants from 820178825Sdfr canonize to canonicalize. From Andrew Bartlett 821178825Sdfr 822178825Sdfr2006-10-25 Love H�rnquist �strand <lha@it.su.se> 823178825Sdfr 824178825Sdfr * krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need 825178825Sdfr to free ccache 826178825Sdfr 827178825Sdfr2006-10-24 Love H�rnquist �strand <lha@it.su.se> 828178825Sdfr 829178825Sdfr * test_context.c (loop): free target_name 830178825Sdfr 831178825Sdfr * mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc' 832178825Sdfr 833178825Sdfr * mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 834178825Sdfr 835178825Sdfr * krb5/init_sec_context.c: Avoid leaking memory. 836178825Sdfr 837178825Sdfr * mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the 838178825Sdfr ->elements memory. 839178825Sdfr 840178825Sdfr * test_context.c: make compile 841178825Sdfr 842178825Sdfr * krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context. 843178825Sdfr 844178825Sdfr * krb5/set_cred_option.c (import_cred): free sp 845178825Sdfr 846178825Sdfr2006-10-22 Love H�rnquist �strand <lha@it.su.se> 847178825Sdfr 848178825Sdfr * mech/gss_add_oid_set_member.c: Use old implementation of 849178825Sdfr gss_add_oid_set_member, it leaks less memory. 850178825Sdfr 851178825Sdfr * krb5/test_cfx.c: free krb5_crypto. 852178825Sdfr 853178825Sdfr * krb5/test_cfx.c: free krb5_context 854178825Sdfr 855178825Sdfr * mech/gss_release_name.c (gss_release_name): free input_name 856178825Sdfr it-self. 857178825Sdfr 858178825Sdfr2006-10-21 Love H�rnquist �strand <lha@it.su.se> 859178825Sdfr 860178825Sdfr * test_context.c: Call setprogname. 861178825Sdfr 862178825Sdfr * mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context. 863178825Sdfr 864178825Sdfr * gssapi/gssapi_krb5.h: add 865178825Sdfr gsskrb5_extract_authtime_from_sec_context 866178825Sdfr 867178825Sdfr2006-10-20 Love H�rnquist �strand <lha@it.su.se> 868178825Sdfr 869178825Sdfr * krb5/inquire_sec_context_by_oid.c: Add get_authtime. 870178825Sdfr 871178825Sdfr * krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X 872178825Sdfr 873178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X 874178825Sdfr 875178825Sdfr * krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X. 876178825Sdfr 877178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc 878178825Sdfr 879178825Sdfr * gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and 880178825Sdfr gsskrb5_set_send_to_kdc 881178825Sdfr 882178825Sdfr * krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X 883178825Sdfr 884178825Sdfr * Makefile.am: more files 885178825Sdfr 886178825Sdfr2006-10-19 Love H�rnquist �strand <lha@it.su.se> 887178825Sdfr 888178825Sdfr * Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/ 889178825Sdfr 890178825Sdfr * test_context.c: Allow specifing mech. 891178825Sdfr 892178825Sdfr * krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now) 893178825Sdfr 894178825Sdfr * gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to 895178825Sdfr GSS_SASL_DIGEST_MD5_MECHANISM 896178825Sdfr 897178825Sdfr2006-10-18 Love H�rnquist �strand <lha@it.su.se> 898178825Sdfr 899178825Sdfr * mech/gssapi.asn1: Make it into a heim_any_set, its doesn't 900178825Sdfr except a tag. 901178825Sdfr 902178825Sdfr * mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE 903178825Sdfr 904178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X 905178825Sdfr 906178825Sdfr * krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X. 907178825Sdfr 908178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and 909178825Sdfr GSS_KRB5_GET_SUBKEY_X 910178825Sdfr 911178825Sdfr * krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X, 912178825Sdfr GSS_KRB5_GET_SUBKEY_X 913178825Sdfr 914178825Sdfr2006-10-17 Love H�rnquist �strand <lha@it.su.se> 915178825Sdfr 916178825Sdfr * test_context.c: Support switching on name type oid's 917178825Sdfr 918178825Sdfr * test_context.c: add test for dns canon flag 919178825Sdfr 920178825Sdfr * mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize. 921178825Sdfr 922178825Sdfr * gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic 923178825Sdfr 924178825Sdfr * gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize. 925178825Sdfr 926178825Sdfr * krb5/set_sec_context_option.c: implement 927178825Sdfr GSS_KRB5_SET_DNS_CANONIZE_X 928178825Sdfr 929178825Sdfr * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X 930178825Sdfr 931178825Sdfr * krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X 932178825Sdfr 933178825Sdfr * mech/gss_krb5.c: add bits to make lucid context work 934178825Sdfr 935178825Sdfr2006-10-14 Love H�rnquist �strand <lha@it.su.se> 936178825Sdfr 937178825Sdfr * mech/gss_oid_to_str.c: Prefix der primitives with der_. 938178825Sdfr 939178825Sdfr * krb5/inquire_sec_context_by_oid.c: Prefix der primitives with 940178825Sdfr der_. 941178825Sdfr 942178825Sdfr * krb5/encapsulate.c: Prefix der primitives with der_. 943178825Sdfr 944178825Sdfr * mech/gss_oid_to_str.c: New der_print_heim_oid signature. 945178825Sdfr 946178825Sdfr2006-10-12 Love H�rnquist �strand <lha@it.su.se> 947178825Sdfr 948178825Sdfr * Makefile.am: add test_context 949178825Sdfr 950178825Sdfr * krb5/inquire_sec_context_by_oid.c: Make it work. 951178825Sdfr 952178825Sdfr * test_oid.c: Test lucid oid. 953178825Sdfr 954178825Sdfr * gssapi/gssapi.h: Add OM_uint64_t. 955178825Sdfr 956178825Sdfr * krb5/inquire_sec_context_by_oid.c: Add lucid interface. 957178825Sdfr 958178825Sdfr * krb5/external.c: Add lucid interface, renumber oids to my 959178825Sdfr delegated space. 960178825Sdfr 961178825Sdfr * mech/gss_krb5.c: Add lucid interface. 962178825Sdfr 963178825Sdfr * gssapi/gssapi_krb5.h: Add lucid interface. 964178825Sdfr 965178825Sdfr * spnego/spnego_locl.h: Maybe include <netdb.h>. 966178825Sdfr 967178825Sdfr2006-10-09 Love H�rnquist �strand <lha@it.su.se> 968178825Sdfr 969178825Sdfr * mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined. 970178825Sdfr 971178825Sdfr2006-10-08 Love H�rnquist �strand <lha@it.su.se> 972178825Sdfr 973178825Sdfr * Makefile.am: install gssapi_krb5.H and gssapi_spnego.h 974178825Sdfr 975178825Sdfr * gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>. 976178825Sdfr 977178825Sdfr * gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>. 978178825Sdfr 979178825Sdfr * Makefile.am: Drop some -I no longer needed. 980178825Sdfr 981178825Sdfr * gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here. 982178825Sdfr 983178825Sdfr * krb5: reference all include files using 'krb5/' 984178825Sdfr 985178825Sdfr2006-10-07 Love H�rnquist �strand <lha@it.su.se> 986178825Sdfr 987178825Sdfr * gssapi.h: Add file inclusion protection. 988178825Sdfr 989178825Sdfr * gssapi/gssapi.h: Correct header file inclusion protection. 990178825Sdfr 991178825Sdfr * gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to 992178825Sdfr lib/gssapi/gssapi/ to please automake. 993178825Sdfr 994178825Sdfr * spnego/spnego_locl.h: Maybe include <sys/types.h>. 995178825Sdfr 996178825Sdfr * mech/mech_locl.h: Include <roken.h>. 997178825Sdfr 998178825Sdfr * Makefile.am: split build files into dist_ and noinst_ SOURCES 999178825Sdfr 1000178825Sdfr2006-10-06 Love H�rnquist �strand <lha@it.su.se> 1001178825Sdfr 1002178825Sdfr * gss.c: #if 0 out unused code. 1003178825Sdfr 1004178825Sdfr * mech/gss_mech_switch.c: Cast argument to ctype(3) functions 1005178825Sdfr to (unsigned char). 1006178825Sdfr 1007178825Sdfr2006-10-05 Love H�rnquist �strand <lha@it.su.se> 1008178825Sdfr 1009178825Sdfr * mech/name.h: remove <sys/queue.h> 1010178825Sdfr 1011178825Sdfr * mech/mech_switch.h: remove <sys/queue.h> 1012178825Sdfr 1013178825Sdfr * mech/cred.h: remove <sys/queue.h> 1014178825Sdfr 1015178825Sdfr2006-10-02 Love H�rnquist �strand <lha@it.su.se> 1016178825Sdfr 1017178825Sdfr * krb5/arcfour.c: Thinker more with header lengths. 1018178825Sdfr 1019178825Sdfr * krb5/arcfour.c: Improve the calcucation of header 1020178825Sdfr lengths. DCE-STYLE data is also padded so remove if (1 || ...) 1021178825Sdfr code. 1022178825Sdfr 1023178825Sdfr * krb5/wrap.c (_gsskrb5_wrap_size_limit): use 1024178825Sdfr _gssapi_wrap_size_arcfour for arcfour 1025178825Sdfr 1026178825Sdfr * krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here. 1027178825Sdfr 1028178825Sdfr * Makefile.am: Split all mech to diffrent mechsrc variables. 1029178825Sdfr 1030178825Sdfr * spnego/context_stubs.c: Make internal function static (and 1031178825Sdfr rename). 1032178825Sdfr 1033178825Sdfr2006-10-01 Love H�rnquist �strand <lha@it.su.se> 1034178825Sdfr 1035178825Sdfr * krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald 1036178825Sdfr Barth. 1037178825Sdfr 1038178825Sdfr * spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN. 1039178825Sdfr 1040178825Sdfr2006-09-25 Love H�rnquist �strand <lha@it.su.se> 1041178825Sdfr 1042178825Sdfr * krb5/arcfour.c: Add wrap support, interrop with itself but not 1043178825Sdfr w2k3s-sp1 1044178825Sdfr 1045178825Sdfr * krb5/gsskrb5_locl.h: move the arcfour specific stuff to the 1046178825Sdfr arcfour header. 1047178825Sdfr 1048178825Sdfr * krb5/arcfour.c: Support DCE-style unwrap, tested with 1049178825Sdfr w2k3server-sp1. 1050178825Sdfr 1051178825Sdfr * mech/gss_accept_sec_context.c (gss_accept_sec_context): if the 1052178825Sdfr token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its 1053178825Sdfr a DCE-style kerberos 5 connection. XXX this needs to be made 1054178825Sdfr better in cause we get another GSS-API protocol violating 1055178825Sdfr protocol. It should be possible to detach the Kerberos DCE-style 1056178825Sdfr since it starts with a AP-REQ PDU, but that have to wait for now. 1057178825Sdfr 1058178825Sdfr2006-09-22 Love H�rnquist �strand <lha@it.su.se> 1059178825Sdfr 1060178825Sdfr * gssapi.h: Add GSS_C flags from 1061178825Sdfr draft-brezak-win2k-krb-rc4-hmac-04.txt. 1062178825Sdfr 1063178825Sdfr * krb5/delete_sec_context.c: Free service_keyblock and fwd_data, 1064178825Sdfr indent. 1065178825Sdfr 1066178825Sdfr * krb5/accept_sec_context.c: Merge of the acceptor part from the 1067178825Sdfr samba patch by Stefan Metzmacher and Andrew Bartlet. 1068178825Sdfr 1069178825Sdfr * krb5/init_sec_context.c: Add GSS_C_DCE_STYLE. 1070178825Sdfr 1071178825Sdfr * krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the 1072178825Sdfr initiator part from the samba patch by Stefan Metzmacher and 1073178825Sdfr Andrew Bartlet (still missing DCE/RPC support) 1074178825Sdfr 1075178825Sdfr2006-08-28 Love H�rnquist �strand <lha@it.su.se> 1076178825Sdfr 1077178825Sdfr * gss.c (help): use sl_slc_help(). 1078178825Sdfr 1079178825Sdfr2006-07-22 Love H�rnquist �strand <lha@it.su.se> 1080178825Sdfr 1081178825Sdfr * gss-commands.in: rename command to supported-mechanisms 1082178825Sdfr 1083178825Sdfr * Makefile.am: Make gss objects depend on the slc built 1084178825Sdfr gss-commands.h 1085178825Sdfr 1086178825Sdfr2006-07-20 Love H�rnquist �strand <lha@it.su.se> 1087178825Sdfr 1088178825Sdfr * gss-commands.in: add slc commands for gss 1089178825Sdfr 1090178825Sdfr * krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init() 1091178825Sdfr 1092178825Sdfr * Makefile.am: Add test_cfx 1093178825Sdfr 1094178825Sdfr * krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1095178825Sdfr 1096178825Sdfr * krb5/set_sec_context_option.c: catch 1097178825Sdfr GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1098178825Sdfr 1099178825Sdfr * krb5/accept_sec_context.c: reimplement 1100178825Sdfr gsskrb5_register_acceptor_identity 1101178825Sdfr 1102178825Sdfr * mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity 1103178825Sdfr 1104178825Sdfr * mech/gss_inquire_mechs_for_name.c: call _gss_load_mech 1105178825Sdfr 1106178825Sdfr * mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech 1107178825Sdfr 1108178825Sdfr * mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run 1109178825Sdfr only once, this have the side effect that _gss_mechs and 1110178825Sdfr _gss_mech_oids is only initialized once, so if just the users of 1111178825Sdfr these two global variables calls _gss_load_mech() first, it will 1112178825Sdfr act as a barrier and make sure the variables are never changed and 1113178825Sdfr we don't need to lock them. 1114178825Sdfr 1115178825Sdfr * mech/utils.h: no need to mark functions extern. 1116178825Sdfr 1117178825Sdfr * mech/name.h: no need to mark _gss_find_mn extern. 1118178825Sdfr 1119178825Sdfr2006-07-19 Love H�rnquist �strand <lha@it.su.se> 1120178825Sdfr 1121178825Sdfr * krb5/cfx.c: Redo the wrap length calculations. 1122178825Sdfr 1123178825Sdfr * krb5/test_cfx.c: test max_wrap_size in cfx.c 1124178825Sdfr 1125178825Sdfr * mech/gss_display_status.c: Handle more error codes. 1126178825Sdfr 1127178825Sdfr2006-07-07 Love H�rnquist �strand <lha@it.su.se> 1128178825Sdfr 1129178825Sdfr * mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h" 1130178825Sdfr 1131178825Sdfr * mech/mechqueue.h: Add SLIST macros. 1132178825Sdfr 1133178825Sdfr * krb5/inquire_context.c: Don't free return values on success. 1134178825Sdfr 1135178825Sdfr * krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided 1136178825Sdfr is the default cred, acquire the acceptor cred and initator cred 1137178825Sdfr in two diffrent steps and then query them for the information, 1138178825Sdfr this way, the code wont fail if there are no keytab, but there is 1139178825Sdfr a credential cache. 1140178825Sdfr 1141178825Sdfr * mech/gss_inquire_cred.c: move the check if we found any cred 1142178825Sdfr where it matter for both cases 1143178825Sdfr (default cred and provided cred) 1144178825Sdfr 1145178825Sdfr * mech/gss_init_sec_context.c: If the desired mechanism can't 1146178825Sdfr convert the name to a MN, fail with GSS_S_BAD_NAME rather then a 1147178825Sdfr NULL de-reference. 1148178825Sdfr 1149178825Sdfr2006-07-06 Love H�rnquist �strand <lha@it.su.se> 1150178825Sdfr 1151178825Sdfr * spnego/external.c: readd gss_spnego_inquire_names_for_mech 1152178825Sdfr 1153178825Sdfr * spnego/spnego_locl.h: reimplement 1154178825Sdfr gss_spnego_inquire_names_for_mech add support function 1155178825Sdfr _gss_spnego_supported_mechs 1156178825Sdfr 1157178825Sdfr * spnego/context_stubs.h: reimplement 1158178825Sdfr gss_spnego_inquire_names_for_mech add support function 1159178825Sdfr _gss_spnego_supported_mechs 1160178825Sdfr 1161178825Sdfr * spnego/context_stubs.c: drop gss_spnego_indicate_mechs 1162178825Sdfr 1163178825Sdfr * mech/gss_indicate_mechs.c: if the underlaying mech doesn't 1164178825Sdfr support gss_indicate_mechs, use the oid in the mechswitch 1165178825Sdfr structure 1166178825Sdfr 1167178825Sdfr * spnego/external.c: let the mech glue layer implement 1168178825Sdfr gss_indicate_mechs 1169178825Sdfr 1170178825Sdfr * spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about 1171178825Sdfr desired_mechs, get our own list with indicate_mechs and remove 1172178825Sdfr ourself. 1173178825Sdfr 1174178825Sdfr2006-07-05 Love H�rnquist �strand <lha@it.su.se> 1175178825Sdfr 1176178825Sdfr * spnego/external.c: remove gss_spnego_inquire_names_for_mech, let 1177178825Sdfr the mechglue layer implement it 1178178825Sdfr 1179178825Sdfr * spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let 1180178825Sdfr the mechglue layer implement it 1181178825Sdfr 1182178825Sdfr * spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let 1183178825Sdfr the mechglue layer implement it 1184178825Sdfr 1185178825Sdfr2006-07-01 Love H�rnquist �strand <lha@it.su.se> 1186178825Sdfr 1187178825Sdfr * mech/gss_set_cred_option.c: fix argument to gss_release_cred 1188178825Sdfr 1189178825Sdfr2006-06-30 Love H�rnquist �strand <lha@it.su.se> 1190178825Sdfr 1191178825Sdfr * krb5/init_sec_context.c: Make work on compilers that are 1192178825Sdfr somewhat more picky then gcc4 (like gcc2.95) 1193178825Sdfr 1194178825Sdfr * krb5/init_sec_context.c (do_delegation): use KDCOptions2int to 1195178825Sdfr convert fwd_flags to an integer, since otherwise int2KDCOptions in 1196178825Sdfr krb5_get_forwarded_creds wont do the right thing. 1197178825Sdfr 1198178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): free memory on 1199178825Sdfr failure 1200178825Sdfr 1201178825Sdfr * krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option): 1202178825Sdfr init global kerberos context 1203178825Sdfr 1204178825Sdfr * krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global 1205178825Sdfr kerberos context 1206178825Sdfr 1207178825Sdfr * mech/gss_accept_sec_context.c: Insert the delegated sub cred on 1208178825Sdfr the delegated cred handle, not cred handle 1209178825Sdfr 1210178825Sdfr * mech/gss_accept_sec_context.c (gss_accept_sec_context): handle 1211178825Sdfr the case where ret_flags == NULL 1212178825Sdfr 1213178825Sdfr * mech/gss_mech_switch.c (add_builtin): set 1214178825Sdfr _gss_mech_switch->gm_mech_oid 1215178825Sdfr 1216178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs 1217178825Sdfr 1218178825Sdfr * test_cred.c (gss_print_errors): don't try to print error when 1219178825Sdfr gss_display_status failed 1220178825Sdfr 1221178825Sdfr * Makefile.am: Add mech/gss_release_oid.c 1222178825Sdfr 1223178825Sdfr * mech/gss_release_oid.c: Add gss_release_oid, reverse of 1224178825Sdfr gss_duplicate_oid 1225178825Sdfr 1226178825Sdfr * spnego/compat.c: preferred_mech_type was allocated with 1227178825Sdfr gss_duplicate_oid in one place and assigned static varianbles a 1228178825Sdfr the second place. change that static assignement to 1229178825Sdfr gss_duplicate_oid and bring back gss_release_oid. 1230178825Sdfr 1231178825Sdfr * spnego/compat.c (_gss_spnego_delete_sec_context): don't release 1232178825Sdfr preferred_mech_type and negotiated_mech_type, they where never 1233178825Sdfr allocated from the begining. 1234178825Sdfr 1235178825Sdfr2006-06-29 Love H�rnquist �strand <lha@it.su.se> 1236178825Sdfr 1237178825Sdfr * mech/gss_import_name.c (gss_import_name): avoid 1238178825Sdfr type-punned/strict aliasing rules 1239178825Sdfr 1240178825Sdfr * mech/gss_add_cred.c: avoid type-punned/strict aliasing rules 1241178825Sdfr 1242178825Sdfr * gssapi.h: Make gss_name_t an opaque type. 1243178825Sdfr 1244178825Sdfr * krb5: make gss_name_t an opaque type 1245178825Sdfr 1246178825Sdfr * krb5/set_cred_option.c: Add 1247178825Sdfr 1248178825Sdfr * mech/gss_set_cred_option.c (gss_set_cred_option): support the 1249178825Sdfr case where *cred_handle == NULL 1250178825Sdfr 1251178825Sdfr * mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is 1252178825Sdfr GSS_C_NO_CREDENTIAL on failure. 1253178825Sdfr 1254178825Sdfr * mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is 1255178825Sdfr NO_OID_SET, there is a need to load the mechs, so always do that. 1256178825Sdfr 1257178825Sdfr2006-06-28 Love H�rnquist �strand <lha@it.su.se> 1258178825Sdfr 1259178825Sdfr * krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X 1260178825Sdfr to instead pass a fullname to the credential, then resolve and 1261178825Sdfr copy out the content, and then close the cred. 1262178825Sdfr 1263178825Sdfr * mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead 1264178825Sdfr pass a fullname to the credential, then resolve and copy out the 1265178825Sdfr content, and then close the cred. 1266178825Sdfr 1267178825Sdfr * krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X 1268178825Sdfr interface needs to be re-done, currently its utterly broken. 1269178825Sdfr 1270178825Sdfr * mech/gss_set_cred_option.c: Make work. 1271178825Sdfr 1272178825Sdfr * krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option 1273178825Sdfr 1274178825Sdfr * mech/gss_krb5.c (gss_krb5_import_cred): implement 1275178825Sdfr 1276178825Sdfr * Makefile.am: Add gss_set_{sec_context,cred}_option and sort 1277178825Sdfr 1278178825Sdfr * mech/gss_set_{sec_context,cred}_option.c: add 1279178825Sdfr 1280178825Sdfr * gssapi.h: Add GSS_KRB5_IMPORT_CRED_X 1281178825Sdfr 1282178825Sdfr * test_*.c: make compile again 1283178825Sdfr 1284178825Sdfr * Makefile.am: Add lib dependencies and test programs 1285178825Sdfr 1286178825Sdfr * spnego: remove dependency on libkrb5 1287178825Sdfr 1288178825Sdfr * mech: Bug fixes, cleanup, compiler warnings, restructure code. 1289178825Sdfr 1290178825Sdfr * spnego: Rename gss_context_id_t and gss_cred_id_t to local names 1291178825Sdfr 1292178825Sdfr * krb5: repro copy the krb5 files here 1293178825Sdfr 1294178825Sdfr * mech: import Doug Rabson mechglue from freebsd 1295178825Sdfr 1296178825Sdfr * spnego: Import Luke Howard's SPNEGO from the mechglue branch 1297178825Sdfr 1298178825Sdfr2006-06-22 Love H�rnquist �strand <lha@it.su.se> 1299178825Sdfr 1300178825Sdfr * gssapi.h: Add oid_to_str. 1301178825Sdfr 1302178825Sdfr * Makefile.am: add oid_to_str and test_oid 1303178825Sdfr 1304178825Sdfr * oid_to_str.c: Add gss_oid_to_str 1305178825Sdfr 1306178825Sdfr * test_oid.c: Add test for gss_oid_to_str() 1307178825Sdfr 1308178825Sdfr2006-05-13 Love H�rnquist �strand <lha@it.su.se> 1309178825Sdfr 1310178825Sdfr * verify_mic.c: Less pointer signedness warnings. 1311178825Sdfr 1312178825Sdfr * unwrap.c: Less pointer signedness warnings. 1313178825Sdfr 1314178825Sdfr * arcfour.c: Less pointer signedness warnings. 1315178825Sdfr 1316178825Sdfr * gssapi_locl.h: Use const void * to instead of unsigned char * to 1317178825Sdfr avoid pointer signedness warnings. 1318178825Sdfr 1319178825Sdfr * encapsulate.c: Use const void * to instead of unsigned char * to 1320178825Sdfr avoid pointer signedness warnings. 1321178825Sdfr 1322178825Sdfr * decapsulate.c: Use const void * to instead of unsigned char * to 1323178825Sdfr avoid pointer signedness warnings. 1324178825Sdfr 1325178825Sdfr * decapsulate.c: Less pointer signedness warnings. 1326178825Sdfr 1327178825Sdfr * cfx.c: Less pointer signedness warnings. 1328178825Sdfr 1329178825Sdfr * init_sec_context.c: Less pointer signedness warnings (partly by 1330178825Sdfr using the new asn.1 CHOICE decoder) 1331178825Sdfr 1332178825Sdfr * import_sec_context.c: Less pointer signedness warnings. 1333178825Sdfr 1334178825Sdfr2006-05-09 Love H�rnquist �strand <lha@it.su.se> 1335178825Sdfr 1336178825Sdfr * accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From 1337178825Sdfr Andrew Abartlet. 1338178825Sdfr 1339178825Sdfr2006-05-08 Love H�rnquist �strand <lha@it.su.se> 1340178825Sdfr 1341178825Sdfr * get_mic.c (mic_des3): make sure message_buffer doesn't point to 1342178825Sdfr free()ed memory on failure. Pointed out by IBM checker. 1343178825Sdfr 1344178825Sdfr2006-05-05 Love H�rnquist �strand <lha@it.su.se> 1345178825Sdfr 1346178825Sdfr * Rename u_intXX_t to uintXX_t 1347178825Sdfr 1348178825Sdfr2006-05-04 Love H�rnquist �strand <lha@it.su.se> 1349178825Sdfr 1350178825Sdfr * cfx.c: Less pointer signedness warnings. 1351178825Sdfr 1352178825Sdfr * arcfour.c: Avoid pointer signedness warnings. 1353178825Sdfr 1354178825Sdfr * gssapi_locl.h (gssapi_decode_*): make data argument const void * 1355178825Sdfr 1356178825Sdfr * 8003.c (gssapi_decode_*): make data argument const void * 1357178825Sdfr 1358178825Sdfr2006-04-12 Love H�rnquist �strand <lha@it.su.se> 1359178825Sdfr 1360178825Sdfr * export_sec_context.c: Export sequence order element. From Wynn 1361178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1362178825Sdfr 1363178825Sdfr * import_sec_context.c: Import sequence order element. From Wynn 1364178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1365178825Sdfr 1366178825Sdfr * sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export): 1367178825Sdfr New functions, used by {import,export}_sec_context. From Wynn 1368178825Sdfr Wilkes <wynn.wilkes@quest.com>. 1369178825Sdfr 1370178825Sdfr * test_sequence.c: Add test for import/export sequence. 1371178825Sdfr 1372178825Sdfr2006-04-09 Love H�rnquist �strand <lha@it.su.se> 1373178825Sdfr 1374178825Sdfr * add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a 1375178825Sdfr standard conformance failure, but much better then a crash. 1376178825Sdfr 1377178825Sdfr2006-04-02 Love H�rnquist �strand <lha@it.su.se> 1378178825Sdfr 1379178825Sdfr * get_mic.c (get_mic*)_: make sure message_token is cleaned on 1380178825Sdfr error, found by IBM checker. 1381178825Sdfr 1382178825Sdfr * wrap.c (wrap*): Reset output_buffer on error, found by IBM 1383178825Sdfr checker. 1384178825Sdfr 1385178825Sdfr2006-02-15 Love H�rnquist �strand <lha@it.su.se> 1386178825Sdfr 1387178825Sdfr * import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and 1388178825Sdfr GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names. 1389178825Sdfr 1390178825Sdfr2006-01-16 Love H�rnquist �strand <lha@it.su.se> 1391178825Sdfr 1392178825Sdfr * delete_sec_context.c (gss_delete_sec_context): if the context 1393178825Sdfr handle is GSS_C_NO_CONTEXT, don't fall over. 1394178825Sdfr 1395178825Sdfr2005-12-12 Love H�rnquist �strand <lha@it.su.se> 1396178825Sdfr 1397178825Sdfr * gss_acquire_cred.3: Replace gss_krb5_import_ccache with 1398178825Sdfr gss_krb5_import_cred and add more references 1399178825Sdfr 1400178825Sdfr2005-12-05 Love H�rnquist �strand <lha@it.su.se> 1401178825Sdfr 1402178825Sdfr * gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred, 1403178825Sdfr it can handle keytabs too. 1404178825Sdfr 1405178825Sdfr * add_cred.c (gss_add_cred): avoid deadlock 1406178825Sdfr 1407178825Sdfr * context_time.c (gssapi_lifetime_left): define the 0 lifetime as 1408178825Sdfr GSS_C_INDEFINITE. 1409178825Sdfr 1410178825Sdfr2005-12-01 Love H�rnquist �strand <lha@it.su.se> 1411178825Sdfr 1412178825Sdfr * acquire_cred.c (acquire_acceptor_cred): only check if principal 1413178825Sdfr exists if we got called with principal as an argument. 1414178825Sdfr 1415178825Sdfr * acquire_cred.c (acquire_acceptor_cred): check that the acceptor 1416178825Sdfr exists in the keytab before returning ok. 1417178825Sdfr 1418178825Sdfr2005-11-29 Love H�rnquist �strand <lha@it.su.se> 1419178825Sdfr 1420178825Sdfr * copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew 1421178825Sdfr Bartlett. 1422178825Sdfr 1423178825Sdfr2005-11-25 Love H�rnquist �strand <lha@it.su.se> 1424178825Sdfr 1425178825Sdfr * test_kcred.c: Rename gss_krb5_import_ccache to 1426178825Sdfr gss_krb5_import_cred. 1427178825Sdfr 1428178825Sdfr * copy_ccache.c: Rename gss_krb5_import_ccache to 1429178825Sdfr gss_krb5_import_cred and let it grow code to handle keytabs too. 1430178825Sdfr 1431178825Sdfr2005-11-02 Love H�rnquist �strand <lha@it.su.se> 1432178825Sdfr 1433178825Sdfr * init_sec_context.c: Change sematics of ok-as-delegate to match 1434178825Sdfr windows if 1435178825Sdfr [gssapi]realm/ok-as-delegate=true is set, otherwise keep old 1436178825Sdfr sematics. 1437178825Sdfr 1438178825Sdfr * release_cred.c (gss_release_cred): use 1439178825Sdfr GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be 1440178825Sdfr krb5_cc_destroy-ed 1441178825Sdfr 1442178825Sdfr * acquire_cred.c (acquire_initiator_cred): 1443178825Sdfr GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials. 1444178825Sdfr 1445178825Sdfr * accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite 1446178825Sdfr to use gss_krb5_import_ccache 1447178825Sdfr 1448178825Sdfr2005-11-01 Love H�rnquist �strand <lha@it.su.se> 1449178825Sdfr 1450178825Sdfr * arcfour.c: Remove signedness warnings. 1451178825Sdfr 1452178825Sdfr2005-10-31 Love H�rnquist �strand <lha@it.su.se> 1453178825Sdfr 1454178825Sdfr * gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy 1455178825Sdfr by reference. 1456178825Sdfr 1457178825Sdfr * copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy 1458178825Sdfr of the ccache, make a reference by getting the name and resolving 1459178825Sdfr the name. This way the cache is shared, this flipp side is of 1460178825Sdfr course that if someone calls krb5_cc_destroy the cache is lost for 1461178825Sdfr everyone. 1462178825Sdfr 1463178825Sdfr * test_kcred.c: Remove memory leaks. 1464178825Sdfr 1465178825Sdfr2005-10-26 Love H�rnquist �strand <lha@it.su.se> 1466178825Sdfr 1467178825Sdfr * Makefile.am: build test_kcred 1468178825Sdfr 1469178825Sdfr * gss_acquire_cred.3: Document gss_krb5_import_ccache 1470178825Sdfr 1471178825Sdfr * gssapi.3: Sort and add gss_krb5_import_ccache. 1472178825Sdfr 1473178825Sdfr * acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code 1474178825Sdfr used to extract lifetime from a credential cache 1475178825Sdfr 1476178825Sdfr * gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract 1477178825Sdfr lifetime from a credential cache. 1478178825Sdfr 1479178825Sdfr * gssapi.h: add gss_krb5_import_ccache, reverse of 1480178825Sdfr gss_krb5_copy_ccache 1481178825Sdfr 1482178825Sdfr * copy_ccache.c: add gss_krb5_import_ccache, reverse of 1483178825Sdfr gss_krb5_copy_ccache 1484178825Sdfr 1485178825Sdfr * test_kcred.c: test gss_krb5_import_ccache 1486178825Sdfr 1487178825Sdfr2005-10-21 Love H�rnquist �strand <lha@it.su.se> 1488178825Sdfr 1489178825Sdfr * acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match 1490178825Sdfr to find a matching creditial cache, if that failes, fallback to 1491178825Sdfr the default cache. 1492178825Sdfr 1493178825Sdfr2005-10-12 Love H�rnquist �strand <lha@it.su.se> 1494178825Sdfr 1495178825Sdfr * gssapi_locl.h: Add gssapi_krb5_set_status and 1496178825Sdfr gssapi_krb5_clear_status 1497178825Sdfr 1498178825Sdfr * init_sec_context.c (spnego_reply): Don't pass back raw Kerberos 1499178825Sdfr errors, use GSS-API errors instead. From Michael B Allen. 1500178825Sdfr 1501178825Sdfr * display_status.c: Add gssapi_krb5_clear_status, 1502178825Sdfr gssapi_krb5_set_status for handling error messages. 1503178825Sdfr 1504178825Sdfr2005-08-23 Love H�rnquist �strand <lha@it.su.se> 1505178825Sdfr 1506178825Sdfr * external.c: Use rk_UNCONST to avoid const warning. 1507178825Sdfr 1508178825Sdfr * display_status.c: Constify strings to avoid warnings. 1509178825Sdfr 1510178825Sdfr2005-08-11 Love H�rnquist �strand <lha@it.su.se> 1511178825Sdfr 1512178825Sdfr * init_sec_context.c: avoid warnings, update (c) 1513178825Sdfr 1514178825Sdfr2005-07-13 Love H�rnquist �strand <lha@it.su.se> 1515178825Sdfr 1516178825Sdfr * init_sec_context.c (spnego_initial): use NegotiationToken 1517178825Sdfr encoder now that we have one with the new asn1. compiler. 1518178825Sdfr 1519178825Sdfr * Makefile.am: the new asn.1 compiler includes the modules name in 1520178825Sdfr the depend file 1521178825Sdfr 1522178825Sdfr2005-06-16 Love H�rnquist �strand <lha@it.su.se> 1523178825Sdfr 1524178825Sdfr * decapsulate.c: use rk_UNCONST 1525178825Sdfr 1526178825Sdfr * ccache_name.c: rename to avoid shadowing 1527178825Sdfr 1528178825Sdfr * gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name 1529178825Sdfr 1530178825Sdfr * process_context_token.c: use rk_UNCONST to unconstify 1531178825Sdfr 1532178825Sdfr * test_cred.c: rename optind to optidx 1533178825Sdfr 1534178825Sdfr2005-05-30 Love H�rnquist �strand <lha@it.su.se> 1535178825Sdfr 1536178825Sdfr * init_sec_context.c (init_auth): honor ok-as-delegate if local 1537178825Sdfr configuration approves 1538178825Sdfr 1539178825Sdfr * gssapi_locl.h: prototype for _gss_check_compat 1540178825Sdfr 1541178825Sdfr * compat.c: export check_compat as _gss_check_compat 1542178825Sdfr 1543178825Sdfr2005-05-29 Love H�rnquist �strand <lha@it.su.se> 1544178825Sdfr 1545178825Sdfr * init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid 1546178825Sdfr problems with system headerfiles that pollute the name space. 1547178825Sdfr 1548178825Sdfr * accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid 1549178825Sdfr problems with system headerfiles that pollute the name space. 1550178825Sdfr 1551178825Sdfr2005-05-17 Love H�rnquist �strand <lha@it.su.se> 1552178825Sdfr 1553178825Sdfr * init_sec_context.c (init_auth): set 1554178825Sdfr KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility), 1555178825Sdfr also while here, use krb5_auth_con_addflags 1556178825Sdfr 1557178825Sdfr2005-05-06 Love H�rnquist �strand <lha@it.su.se> 1558178825Sdfr 1559178825Sdfr * arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap 1560178825Sdfr length. From: Tom Maher <tmaher@eecs.berkeley.edu> 1561178825Sdfr 1562178825Sdfr2005-05-02 Dave Love <fx@gnu.org> 1563178825Sdfr 1564178825Sdfr * test_cred.c (main): Call setprogname. 1565178825Sdfr 1566178825Sdfr2005-04-27 Love H�rnquist �strand <lha@it.su.se> 1567178825Sdfr 1568178825Sdfr * prefix all sequence symbols with _, they are not part of the 1569178825Sdfr GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com> 1570178825Sdfr 1571178825Sdfr2005-04-10 Love H�rnquist �strand <lha@it.su.se> 1572178825Sdfr 1573178825Sdfr * accept_sec_context.c: break out the processing of the delegated 1574178825Sdfr credential to a separate function to make error handling easier, 1575178825Sdfr move the credential handling to after other setup is done 1576178825Sdfr 1577178825Sdfr * test_sequence.c: make less verbose in case of success 1578178825Sdfr 1579178825Sdfr * Makefile.am: add test_sequence to TESTS 1580178825Sdfr 1581178825Sdfr2005-04-01 Love H�rnquist �strand <lha@it.su.se> 1582178825Sdfr 1583178825Sdfr * 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum 1584178825Sdfr isn't NULL From: Nicolas Pouvesle <npouvesle@tenablesecurity.com> 1585178825Sdfr 1586178825Sdfr2005-03-21 Love H�rnquist �strand <lha@it.su.se> 1587178825Sdfr 1588178825Sdfr * Makefile.am: use $(LIB_roken) 1589178825Sdfr 1590178825Sdfr2005-03-16 Love H�rnquist �strand <lha@it.su.se> 1591178825Sdfr 1592178825Sdfr * display_status.c (gssapi_krb5_set_error_string): pass in the 1593178825Sdfr krb5_context to krb5_free_error_string 1594178825Sdfr 1595178825Sdfr2005-03-15 Love H�rnquist �strand <lha@it.su.se> 1596178825Sdfr 1597178825Sdfr * display_status.c (gssapi_krb5_set_error_string): don't misuse 1598178825Sdfr the krb5_get_error_string api 1599178825Sdfr 1600178825Sdfr2005-03-01 Love H�rnquist �strand <lha@it.su.se> 1601178825Sdfr 1602178825Sdfr * compat.c (_gss_DES3_get_mic_compat): don't unlock mutex 1603178825Sdfr here. Bug reported by Stefan Metzmacher <metze@samba.org> 1604178825Sdfr 1605178825Sdfr2005-02-21 Luke Howard <lukeh@padl.com> 1606178825Sdfr 1607178825Sdfr * init_sec_context.c: don't call krb5_get_credentials() with 1608178825Sdfr KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache 1609178825Sdfr growing indefinitely as no key is found with KEYTYPE_NULL 1610178825Sdfr 1611178825Sdfr * compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is 1612178825Sdfr no longer used (however the mechListMIC behaviour is broken, 1613178825Sdfr rfc2478bis support requires the code in the mechglue branch) 1614178825Sdfr 1615178825Sdfr * init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 1616178825Sdfr 1617178825Sdfr * gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG 1618178825Sdfr 1619178825Sdfr2005-01-05 Luke Howard <lukeh@padl.com> 1620178825Sdfr 1621178825Sdfr * 8003.c: use symbolic name for checksum type 1622178825Sdfr 1623178825Sdfr * accept_sec_context.c: allow client to indicate 1624178825Sdfr that subkey should be used 1625178825Sdfr 1626178825Sdfr * acquire_cred.c: plug leak 1627178825Sdfr 1628178825Sdfr * get_mic.c: use gss_krb5_get_subkey() instead 1629178825Sdfr of gss_krb5_get_{local,remote}key(), support 1630178825Sdfr KEYTYPE_ARCFOUR_56 1631178825Sdfr 1632178825Sdfr * gssapi_local.c: use gss_krb5_get_subkey(), 1633178825Sdfr support KEYTYPE_ARCFOUR_56 1634178825Sdfr 1635178825Sdfr * import_sec_context.c: plug leak 1636178825Sdfr 1637178825Sdfr * unwrap.c: use gss_krb5_get_subkey(), 1638178825Sdfr support KEYTYPE_ARCFOUR_56 1639178825Sdfr 1640178825Sdfr * verify_mic.c: use gss_krb5_get_subkey(), 1641178825Sdfr support KEYTYPE_ARCFOUR_56 1642178825Sdfr 1643178825Sdfr * wrap.c: use gss_krb5_get_subkey(), 1644178825Sdfr support KEYTYPE_ARCFOUR_56 1645178825Sdfr 1646178825Sdfr2004-11-30 Love H�rnquist �strand <lha@it.su.se> 1647178825Sdfr 1648178825Sdfr * inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and 1649178825Sdfr gss_release_cred to avoid deadlock, from Luke Howard 1650178825Sdfr <lukeh@padl.com>. 1651178825Sdfr 1652178825Sdfr2004-09-06 Love H�rnquist �strand <lha@it.su.se> 1653178825Sdfr 1654178825Sdfr * gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context 1655178825Sdfr was renamed to gsskrb5_extract_authz_data_from_sec_context 1656178825Sdfr 1657178825Sdfr2004-08-07 Love H�rnquist �strand <lha@it.su.se> 1658178825Sdfr 1659178825Sdfr * unwrap.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM> 1660178825Sdfr 1661178825Sdfr * arcfour.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM> 1662178825Sdfr 1663178825Sdfr2004-05-06 Love H�rnquist �strand <lha@it.su.se> 1664178825Sdfr 1665178825Sdfr * gssapi.3: spelling from Josef El-Rayes <josef@FreeBSD.org> while 1666178825Sdfr here, write some text about the SPNEGO situation 1667178825Sdfr 1668178825Sdfr2004-04-08 Love H�rnquist �strand <lha@it.su.se> 1669178825Sdfr 1670178825Sdfr * cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/ 1671178825Sdfr 1672178825Sdfr2004-04-07 Love H�rnquist �strand <lha@it.su.se> 1673178825Sdfr 1674178825Sdfr * gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke 1675178825Sdfr Howard <lukeh@padl.com> 1676178825Sdfr 1677178825Sdfr * init_sec_context.c (spnego_reply): use 1678178825Sdfr _gss_spnego_require_mechlist_mic to figure out if we need to check 1679178825Sdfr MechListMIC; From: Luke Howard <lukeh@padl.com> 1680178825Sdfr 1681178825Sdfr * accept_sec_context.c (send_accept): use 1682178825Sdfr _gss_spnego_require_mechlist_mic to figure out if we need to send 1683178825Sdfr MechListMIC; From: Luke Howard <lukeh@padl.com> 1684178825Sdfr 1685178825Sdfr * gssapi_locl.h: add _gss_spnego_require_mechlist_mic 1686178825Sdfr From: Luke Howard <lukeh@padl.com> 1687178825Sdfr 1688178825Sdfr * compat.c: add _gss_spnego_require_mechlist_mic for compatibility 1689178825Sdfr with MS SPNEGO, From: Luke Howard <lukeh@padl.com> 1690178825Sdfr 1691178825Sdfr2004-04-05 Love H�rnquist �strand <lha@it.su.se> 1692178825Sdfr 1693178825Sdfr * accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is 1694178825Sdfr an enctype, not keytype 1695178825Sdfr 1696178825Sdfr * accept_sec_context.c: use ASN1_MALLOC_ENCODE 1697178825Sdfr 1698178825Sdfr * init_sec_context.c: avoid the malloc loop and just allocate the 1699178825Sdfr propper amount of data 1700178825Sdfr 1701178825Sdfr * init_sec_context.c (spnego_initial): handle mech_token better 1702178825Sdfr 1703178825Sdfr2004-03-19 Love H�rnquist �strand <lha@it.su.se> 1704178825Sdfr 1705178825Sdfr * gssapi.h: add gss_krb5_get_tkt_flags 1706178825Sdfr 1707178825Sdfr * Makefile.am: add ticket_flags.c 1708178825Sdfr 1709178825Sdfr * ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke 1710178825Sdfr Howard <lukeh@PADL.COM> 1711178825Sdfr 1712178825Sdfr * gss_acquire_cred.3: document gss_krb5_get_tkt_flags 1713178825Sdfr 1714178825Sdfr2004-03-14 Love H�rnquist �strand <lha@it.su.se> 1715178825Sdfr 1716178825Sdfr * acquire_cred.c (gss_acquire_cred): check usage before even 1717178825Sdfr bothering to process it, add both keytab and initial tgt if 1718178825Sdfr requested 1719178825Sdfr 1720178825Sdfr * wrap.c: support cfx, try to handle acceptor asserted subkey 1721178825Sdfr 1722178825Sdfr * unwrap.c: support cfx, try to handle acceptor asserted subkey 1723178825Sdfr 1724178825Sdfr * verify_mic.c: support cfx 1725178825Sdfr 1726178825Sdfr * get_mic.c: support cfx 1727178825Sdfr 1728178825Sdfr * test_sequence.c: handle changed signature of 1729178825Sdfr gssapi_msg_order_create 1730178825Sdfr 1731178825Sdfr * import_sec_context.c: handle acceptor asserted subkey 1732178825Sdfr 1733178825Sdfr * init_sec_context.c: handle acceptor asserted subkey 1734178825Sdfr 1735178825Sdfr * accept_sec_context.c: handle acceptor asserted subkey 1736178825Sdfr 1737178825Sdfr * sequence.c: add dummy use_64 argument to gssapi_msg_order_create 1738178825Sdfr 1739178825Sdfr * gssapi_locl.h: add partial support for CFX 1740178825Sdfr 1741178825Sdfr * Makefile.am (noinst_PROGRAMS) += test_cred 1742178825Sdfr 1743178825Sdfr * test_cred.c: gssapi credential testing 1744178825Sdfr 1745178825Sdfr * test_acquire_cred.c: fix comment 1746178825Sdfr 1747178825Sdfr2004-03-07 Love H�rnquist �strand <lha@it.su.se> 1748178825Sdfr 1749178825Sdfr * arcfour.h: drop structures for message formats, no longer used 1750178825Sdfr 1751178825Sdfr * arcfour.c: comment describing message formats 1752178825Sdfr 1753178825Sdfr * accept_sec_context.c (spnego_accept_sec_context): make sure the 1754178825Sdfr length of the choice element doesn't overrun us 1755178825Sdfr 1756178825Sdfr * init_sec_context.c (spnego_reply): make sure the length of the 1757178825Sdfr choice element doesn't overrun us 1758178825Sdfr 1759178825Sdfr * spnego.asn1: move NegotiationToken to avoid warning 1760178825Sdfr 1761178825Sdfr * spnego.asn1: uncomment NegotiationToken 1762178825Sdfr 1763178825Sdfr * Makefile.am: spnego_files += asn1_NegotiationToken.x 1764178825Sdfr 1765178825Sdfr2004-01-25 Love H�rnquist �strand <lha@it.su.se> 1766178825Sdfr 1767178825Sdfr * gssapi.h: add gss_krb5_ccache_name 1768178825Sdfr 1769178825Sdfr * Makefile.am (libgssapi_la_SOURCES): += ccache_name.c 1770178825Sdfr 1771178825Sdfr * ccache_name.c (gss_krb5_ccache_name): help function enable to 1772178825Sdfr set krb5 name, using out_name argument makes function no longer 1773178825Sdfr thread-safe 1774178825Sdfr 1775178825Sdfr * gssapi.3: add missing gss_krb5_ references 1776178825Sdfr 1777178825Sdfr * gss_acquire_cred.3: document gss_krb5_ccache_name 1778178825Sdfr 1779178825Sdfr2003-12-12 Love H�rnquist �strand <lha@it.su.se> 1780178825Sdfr 1781178825Sdfr * cfx.c: make rrc a modulus operation if its longer then the 1782178825Sdfr length of the message, noticed by Sam Hartman 1783178825Sdfr 1784178825Sdfr2003-12-07 Love H�rnquist �strand <lha@it.su.se> 1785178825Sdfr 1786178825Sdfr * accept_sec_context.c: use krb5_auth_con_addflags 1787178825Sdfr 1788178825Sdfr2003-12-05 Love H�rnquist �strand <lha@it.su.se> 1789178825Sdfr 1790178825Sdfr * cfx.c: Wrap token id was in wrong order, found by Sam Hartman 1791178825Sdfr 1792178825Sdfr2003-12-04 Love H�rnquist �strand <lha@it.su.se> 1793178825Sdfr 1794178825Sdfr * cfx.c: add AcceptorSubkey (but no code understand it yet) ignore 1795178825Sdfr unknown token flags 1796178825Sdfr 1797178825Sdfr2003-11-22 Love H�rnquist �strand <lha@it.su.se> 1798178825Sdfr 1799178825Sdfr * accept_sec_context.c: Don't require timestamp to be set on 1800178825Sdfr delegated token, its already protected by the outer token (and 1801178825Sdfr windows doesn't alway send it) Pointed out by Zi-Bin Yang 1802127808Snectar <zbyang@decru.com> on heimdal-discuss 1803127808Snectar 1804178825Sdfr2003-11-14 Love H�rnquist �strand <lha@it.su.se> 1805127808Snectar 1806178825Sdfr * cfx.c: fix {} error, pointed out by Liqiang Zhu 1807127808Snectar 1808178825Sdfr2003-11-10 Love H�rnquist �strand <lha@it.su.se> 1809178825Sdfr 1810178825Sdfr * cfx.c: Sequence number should be stored in bigendian order From: 1811178825Sdfr Luke Howard <lukeh@padl.com> 1812178825Sdfr 1813178825Sdfr2003-11-09 Love H�rnquist �strand <lha@it.su.se> 1814178825Sdfr 1815178825Sdfr * delete_sec_context.c (gss_delete_sec_context): don't free 1816178825Sdfr ticket, krb5_free_ticket does that now 1817178825Sdfr 1818178825Sdfr2003-11-06 Love H�rnquist �strand <lha@it.su.se> 1819178825Sdfr 1820178825Sdfr * cfx.c: checksum the header last in MIC token, update to -03 1821178825Sdfr From: Luke Howard <lukeh@padl.com> 1822178825Sdfr 1823127808Snectar2003-10-07 Love H�rnquist �strand <lha@it.su.se> 1824127808Snectar 1825178825Sdfr * add_cred.c: If its a MEMORY cc, make a copy. We need to do this 1826178825Sdfr since now gss_release_cred will destroy the cred. This should be 1827178825Sdfr really be solved a better way. 1828178825Sdfr 1829178825Sdfr * acquire_cred.c (gss_release_cred): if its a mcc, destroy it 1830178825Sdfr rather the just release it Found by: "Zi-Bin Yang" 1831178825Sdfr <zbyang@decru.com> 1832178825Sdfr 1833178825Sdfr * acquire_cred.c (acquire_initiator_cred): use kret instead of ret 1834178825Sdfr where appropriate 1835178825Sdfr 1836178825Sdfr2003-09-30 Love H�rnquist �strand <lha@it.su.se> 1837178825Sdfr 1838178825Sdfr * gss_acquire_cred.3: spelling 1839178825Sdfr From: jmc <jmc@prioris.mini.pw.edu.pl> 1840127808Snectar 1841178825Sdfr2003-09-23 Love H�rnquist �strand <lha@it.su.se> 1842178825Sdfr 1843178825Sdfr * cfx.c: - EC and RRC are big-endian, not little-endian - The 1844178825Sdfr default is now to rotate regardless of GSS_C_DCE_STYLE. There are 1845178825Sdfr no longer any references to GSS_C_DCE_STYLE. - rrc_rotate() 1846178825Sdfr avoids allocating memory on the heap if rrc <= 256 1847178825Sdfr From: Luke Howard <lukeh@padl.com> 1848178825Sdfr 1849178825Sdfr2003-09-22 Love H�rnquist �strand <lha@it.su.se> 1850178825Sdfr 1851178825Sdfr * cfx.[ch]: rrc_rotate() was untested and broken, fix it. 1852178825Sdfr Set and verify wrap Token->Filler. 1853178825Sdfr Correct token ID for wrap tokens, 1854178825Sdfr were accidentally swapped with delete tokens. 1855178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1856178825Sdfr 1857178825Sdfr2003-09-21 Love H�rnquist �strand <lha@it.su.se> 1858178825Sdfr 1859178825Sdfr * cfx.[ch]: no ASN.1-ish header on per-message tokens 1860178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1861178825Sdfr 1862127808Snectar2003-09-19 Love H�rnquist �strand <lha@it.su.se> 1863127808Snectar 1864178825Sdfr * arcfour.h: remove depenency on gss_arcfour_mic_token and 1865178825Sdfr gss_arcfour_warp_token 1866178825Sdfr 1867178825Sdfr * arcfour.c: remove depenency on gss_arcfour_mic_token and 1868178825Sdfr gss_arcfour_warp_token 1869178825Sdfr 1870178825Sdfr2003-09-18 Love H�rnquist �strand <lha@it.su.se> 1871178825Sdfr 1872178825Sdfr * 8003.c: remove #if 0'ed code 1873127808Snectar 1874178825Sdfr2003-09-17 Love H�rnquist �strand <lha@it.su.se> 1875127808Snectar 1876178825Sdfr * accept_sec_context.c (gsskrb5_accept_sec_context): set sequence 1877178825Sdfr number when not requesting mutual auth From: Luke Howard 1878178825Sdfr <lukeh@PADL.COM> 1879178825Sdfr 1880178825Sdfr * init_sec_context.c (init_auth): set sequence number when not 1881178825Sdfr requesting mutual auth From: Luke Howard <lukeh@PADL.COM> 1882127808Snectar 1883178825Sdfr2003-09-16 Love H�rnquist �strand <lha@it.su.se> 1884127808Snectar 1885178825Sdfr * arcfour.c (*): set minor_status 1886178825Sdfr (gss_wrap): set conf_state to conf_req_flags on success 1887178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1888127808Snectar 1889178825Sdfr * wrap.c (gss_wrap_size_limit): use existing function From: Luke 1890178825Sdfr Howard <lukeh@PADL.COM> 1891178825Sdfr 1892178825Sdfr2003-09-12 Love H�rnquist �strand <lha@it.su.se> 1893127808Snectar 1894178825Sdfr * indicate_mechs.c (gss_indicate_mechs): in case of error, free 1895178825Sdfr mech_set 1896178825Sdfr 1897178825Sdfr * indicate_mechs.c (gss_indicate_mechs): add SPNEGO 1898178825Sdfr 1899178825Sdfr2003-09-10 Love H�rnquist �strand <lha@it.su.se> 1900178825Sdfr 1901178825Sdfr * init_sec_context.c (spnego_initial): catch errors and return 1902178825Sdfr them 1903178825Sdfr 1904178825Sdfr * init_sec_context.c (spnego_initial): add #if 0 out version of 1905178825Sdfr the CHOICE branch encoding, also where here, free no longer used 1906178825Sdfr memory 1907178825Sdfr 1908178825Sdfr2003-09-09 Love H�rnquist �strand <lha@it.su.se> 1909178825Sdfr 1910178825Sdfr * gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM 1911127808Snectar 1912178825Sdfr * accept_sec_context.c: SPNEGO doesn't include gss wrapping on 1913178825Sdfr SubsequentContextToken like the Kerberos 5 mech does. 1914178825Sdfr 1915178825Sdfr * init_sec_context.c (spnego_reply): SPNEGO doesn't include gss 1916178825Sdfr wrapping on SubsequentContextToken like the Kerberos 5 mech 1917178825Sdfr does. Lets check for it anyway. 1918178825Sdfr 1919178825Sdfr * accept_sec_context.c: Add support for SPNEGO on the initator 1920178825Sdfr side. Implementation initially from Assar Westerlund, passes 1921178825Sdfr though quite a lot of hands before I commited it. 1922178825Sdfr 1923178825Sdfr * init_sec_context.c: Add support for SPNEGO on the initator side. 1924178825Sdfr Tested with ldap server on a Windows 2000 DC. Implementation 1925178825Sdfr initially from Assar Westerlund, passes though quite a lot of 1926178825Sdfr hands before I commited it. 1927178825Sdfr 1928178825Sdfr * gssapi.h: export GSS_SPNEGO_MECHANISM 1929178825Sdfr 1930178825Sdfr * gssapi_locl.h: include spnego_as.h add prototype for 1931178825Sdfr gssapi_krb5_get_mech 1932178825Sdfr 1933178825Sdfr * decapsulate.c (gssapi_krb5_get_mech): make non static 1934178825Sdfr 1935178825Sdfr * Makefile.am: build SPNEGO file 1936178825Sdfr 1937178825Sdfr2003-09-08 Love H�rnquist �strand <lha@it.su.se> 1938127808Snectar 1939178825Sdfr * external.c: SPENGO and IAKERB oids 1940127808Snectar 1941178825Sdfr * spnego.asn1: SPENGO ASN1 1942127808Snectar 1943178825Sdfr2003-09-05 Love H�rnquist �strand <lha@it.su.se> 1944127808Snectar 1945178825Sdfr * cfx.c: RRC also need to be zero before wraping them 1946178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1947127808Snectar 1948178825Sdfr2003-09-04 Love H�rnquist �strand <lha@it.su.se> 1949127808Snectar 1950178825Sdfr * encapsulate.c (gssapi_krb5_encap_length): don't return void 1951127808Snectar 1952178825Sdfr2003-09-03 Love H�rnquist �strand <lha@it.su.se> 1953178825Sdfr 1954178825Sdfr * verify_mic.c: switch from the des_ to the DES_ api 1955127808Snectar 1956178825Sdfr * get_mic.c: switch from the des_ to the DES_ api 1957178825Sdfr 1958178825Sdfr * unwrap.c: switch from the des_ to the DES_ api 1959178825Sdfr 1960178825Sdfr * wrap.c: switch from the des_ to the DES_ api 1961178825Sdfr 1962178825Sdfr * cfx.c: EC is not included in the checksum since the length might 1963178825Sdfr change depending on the data. From: Luke Howard <lukeh@PADL.COM> 1964178825Sdfr 1965178825Sdfr * acquire_cred.c: use 1966178825Sdfr krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 1967127808Snectar 1968178825Sdfr2003-09-01 Love H�rnquist �strand <lha@it.su.se> 1969178825Sdfr 1970178825Sdfr * copy_ccache.c: rename 1971178825Sdfr gss_krb5_extract_authz_data_from_sec_context to 1972178825Sdfr gsskrb5_extract_authz_data_from_sec_context 1973178825Sdfr 1974178825Sdfr * gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to 1975178825Sdfr gsskrb5_extract_authz_data_from_sec_context 1976178825Sdfr 1977178825Sdfr2003-08-31 Love H�rnquist �strand <lha@it.su.se> 1978178825Sdfr 1979178825Sdfr * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context): 1980178825Sdfr check that we have a ticket before we start to use it 1981178825Sdfr 1982178825Sdfr * gss_acquire_cred.3: document 1983178825Sdfr gss_krb5_extract_authz_data_from_sec_context 1984178825Sdfr 1985178825Sdfr * gssapi.h (gss_krb5_extract_authz_data_from_sec_context): 1986178825Sdfr return the kerberos authorizationdata, from idea of Luke Howard 1987178825Sdfr 1988178825Sdfr * copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context): 1989178825Sdfr return the kerberos authorizationdata, from idea of Luke Howard 1990178825Sdfr 1991178825Sdfr * verify_mic.c (gss_verify_mic_internal): switch type and key 1992178825Sdfr argument 1993178825Sdfr 1994178825Sdfr2003-08-30 Love H�rnquist �strand <lha@it.su.se> 1995178825Sdfr 1996178825Sdfr * cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation 1997178825Sdfr From: Luke Howard <lukeh@PADL.COM> 1998178825Sdfr 1999178825Sdfr2003-08-28 Love H�rnquist �strand <lha@it.su.se> 2000178825Sdfr 2001178825Sdfr * arcfour.c (arcfour_mic_cksum): use free_Checksum to free the 2002178825Sdfr checksum 2003178825Sdfr 2004178825Sdfr * arcfour.h: swap two last arguments to verify_mic for consistency 2005178825Sdfr with des3 2006178825Sdfr 2007178825Sdfr * wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h: 2008178825Sdfr prefix cfx symbols with _gssapi_ 2009178825Sdfr 2010178825Sdfr * arcfour.c: release the right buffer 2011178825Sdfr 2012178825Sdfr * arcfour.c: rename token structure in consistency with rest of 2013178825Sdfr GSS-API From: Luke Howard <lukeh@PADL.COM> 2014178825Sdfr 2015178825Sdfr * unwrap.c (unwrap_des3): use _gssapi_verify_pad 2016178825Sdfr (unwrap_des): use _gssapi_verify_pad 2017178825Sdfr 2018178825Sdfr * arcfour.c (_gssapi_wrap_arcfour): set the correct padding 2019178825Sdfr (_gssapi_unwrap_arcfour): verify and strip padding 2020178825Sdfr 2021178825Sdfr * gssapi_locl.h: added _gssapi_verify_pad 2022178825Sdfr 2023178825Sdfr * decapsulate.c (_gssapi_verify_pad): verify padding of a gss 2024178825Sdfr wrapped message and return its length 2025178825Sdfr 2026178825Sdfr * arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard 2027178825Sdfr <lukeh@PADL.COM> 2028178825Sdfr 2029178825Sdfr * arcfour.c: use right seal alg, inherit keytype from parent key 2030178825Sdfr 2031178825Sdfr * arcfour.c: include the confounder in the checksum use the right 2032178825Sdfr key usage number for warped/unwraped tokens 2033178825Sdfr 2034178825Sdfr * gssapi.h: add gss_krb5_nt_general_name as an mit compat glue 2035178825Sdfr (same as GSS_KRB5_NT_PRINCIPAL_NAME) 2036178825Sdfr 2037178825Sdfr * unwrap.c: hook in arcfour unwrap 2038178825Sdfr 2039178825Sdfr * wrap.c: hook in arcfour wrap 2040178825Sdfr 2041178825Sdfr * verify_mic.c: hook in arcfour verify_mic 2042178825Sdfr 2043178825Sdfr * get_mic.c: hook in arcfour get_mic 2044178825Sdfr 2045178825Sdfr * arcfour.c: implement wrap/unwarp 2046178825Sdfr 2047178825Sdfr * gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32 2048178825Sdfr 2049178825Sdfr * 8003.c: add gssapi_{en,de}code_be_om_uint32 2050178825Sdfr 2051178825Sdfr2003-08-27 Love H�rnquist �strand <lha@it.su.se> 2052178825Sdfr 2053178825Sdfr * arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right 2054178825Sdfr area. Swap filler check, it was reversed. 2055178825Sdfr 2056178825Sdfr * Makefile.am (libgssapi_la_SOURCES): += arcfour.c 2057178825Sdfr 2058178825Sdfr * gssapi_locl.h: include "arcfour.h" 2059178825Sdfr 2060178825Sdfr * arcfour.c: arcfour gss-api mech, get_mic/verify_mic working 2061178825Sdfr 2062178825Sdfr * arcfour.h: arcfour gss-api mech, get_mic/verify_mic working 2063178825Sdfr 2064178825Sdfr2003-08-26 Love H�rnquist �strand <lha@it.su.se> 2065178825Sdfr 2066178825Sdfr * gssapi_locl.h: always include cfx.h add prototype for 2067178825Sdfr _gssapi_decapsulate 2068178825Sdfr 2069178825Sdfr * cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt 2070178825Sdfr from Luke Howard <lukeh@PADL.COM> 2071178825Sdfr 2072178825Sdfr * decapsulate.c: add _gssapi_decapsulate, from Luke Howard 2073178825Sdfr <lukeh@PADL.COM> 2074178825Sdfr 2075178825Sdfr2003-08-25 Love H�rnquist �strand <lha@it.su.se> 2076178825Sdfr 2077178825Sdfr * unwrap.c: encap/decap now takes a oid if the enctype/keytype is 2078178825Sdfr arcfour, return error add hook for cfx 2079178825Sdfr 2080178825Sdfr * verify_mic.c: encap/decap now takes a oid if the enctype/keytype 2081178825Sdfr is arcfour, return error add hook for cfx 2082178825Sdfr 2083178825Sdfr * get_mic.c: encap/decap now takes a oid if the enctype/keytype is 2084178825Sdfr arcfour, return error add hook for cfx 2085178825Sdfr 2086178825Sdfr * accept_sec_context.c: encap/decap now takes a oid 2087178825Sdfr 2088178825Sdfr * init_sec_context.c: encap/decap now takes a oid 2089178825Sdfr 2090178825Sdfr * gssapi_locl.h: include cfx.h if we need it lifetime is a 2091178825Sdfr OM_uint32, depend on gssapi interface add all new encap/decap 2092178825Sdfr functions 2093178825Sdfr 2094178825Sdfr * decapsulate.c: add decap functions that doesn't take the token 2095178825Sdfr type also make all decap function take the oid mech that they 2096178825Sdfr should use 2097178825Sdfr 2098178825Sdfr * encapsulate.c: add encap functions that doesn't take the token 2099178825Sdfr type also make all encap function take the oid mech that they 2100178825Sdfr should use 2101178825Sdfr 2102178825Sdfr * sequence.c (elem_insert): fix a off by one index counter 2103178825Sdfr 2104178825Sdfr * inquire_cred.c (gss_inquire_cred): handle cred_handle being 2105178825Sdfr GSS_C_NO_CREDENTIAL and use the default cred then. 2106178825Sdfr 2107178825Sdfr2003-08-19 Love H�rnquist �strand <lha@it.su.se> 2108178825Sdfr 2109178825Sdfr * gss_acquire_cred.3: break out extensions and document 2110178825Sdfr gsskrb5_register_acceptor_identity 2111178825Sdfr 2112178825Sdfr2003-08-18 Love H�rnquist �strand <lha@it.su.se> 2113178825Sdfr 2114178825Sdfr * test_acquire_cred.c (print_time): time is returned in seconds 2115178825Sdfr from now, not unix time 2116178825Sdfr 2117178825Sdfr2003-08-17 Love H�rnquist �strand <lha@it.su.se> 2118178825Sdfr 2119178825Sdfr * compat.c (check_compat): avoid leaking principal when finding a 2120178825Sdfr match 2121178825Sdfr 2122178825Sdfr * address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is 2123178825Sdfr a krb5_socklen_t 2124178825Sdfr 2125178825Sdfr * acquire_cred.c (gss_acquire_cred): 4th argument to 2126178825Sdfr gss_test_oid_set_member is a int 2127178825Sdfr 2128178825Sdfr2003-07-22 Love H�rnquist �strand <lha@it.su.se> 2129178825Sdfr 2130178825Sdfr * init_sec_context.c (repl_mutual): don't set kerberos error where 2131178825Sdfr there was no kerberos error 2132178825Sdfr 2133178825Sdfr * gssapi_locl.h: Add destruction/creation prototypes and structure 2134178825Sdfr for the thread specific storage. 2135178825Sdfr 2136178825Sdfr * display_status.c: use thread specific storage to set/get the 2137178825Sdfr kerberos error message 2138178825Sdfr 2139178825Sdfr * init.c: Provide locking around the creation of the global 2140178825Sdfr krb5_context. Add destruction/creation functions for the thread 2141178825Sdfr specific storage that the error string handling is using. 2142178825Sdfr 2143178825Sdfr2003-07-20 Love H�rnquist �strand <lha@it.su.se> 2144178825Sdfr 2145178825Sdfr * gss_acquire_cred.3: add missing prototype and missing .Ft 2146178825Sdfr arguments 2147178825Sdfr 2148178825Sdfr2003-06-17 Love H�rnquist �strand <lha@it.su.se> 2149178825Sdfr 2150178825Sdfr * verify_mic.c: reorder code so sequence numbers can can be used 2151178825Sdfr 2152178825Sdfr * unwrap.c: reorder code so sequence numbers can can be used 2153178825Sdfr 2154178825Sdfr * sequence.c: remove unused function, indent, add 2155178825Sdfr gssapi_msg_order_f that filter gss flags to gss_msg_order flags 2156178825Sdfr 2157178825Sdfr * gssapi_locl.h: prototypes for 2158178825Sdfr gssapi_{encode_om_uint32,decode_om_uint32} add sequence number 2159178825Sdfr verifier prototypes 2160178825Sdfr 2161178825Sdfr * delete_sec_context.c: destroy sequence number verifier 2162178825Sdfr 2163178825Sdfr * init_sec_context.c: remember to free data use sequence number 2164178825Sdfr verifier 2165178825Sdfr 2166178825Sdfr * accept_sec_context.c: don't clear output_token twice remember to 2167178825Sdfr free data use sequence number verifier 2168178825Sdfr 2169178825Sdfr * 8003.c: export and rename encode_om_uint32/decode_om_uint32 and 2170178825Sdfr start to use them 2171178825Sdfr 2172178825Sdfr2003-06-09 Johan Danielsson <joda@pdc.kth.se> 2173178825Sdfr 2174178825Sdfr * Makefile.am: can't have sequence.c in two different places 2175178825Sdfr 2176178825Sdfr2003-06-06 Love H�rnquist �strand <lha@it.su.se> 2177178825Sdfr 2178178825Sdfr * test_sequence.c: check rollover, print summery 2179178825Sdfr 2180178825Sdfr * wrap.c (sub_wrap_size): gss_wrap_size_limit() has 2181178825Sdfr req_output_size and max_input_size around the wrong way -- it 2182178825Sdfr returns the output token size for a given input size, rather than 2183178825Sdfr the maximum input size for a given output token size. 2184178825Sdfr 2185178825Sdfr From: Luke Howard <lukeh@PADL.COM> 2186178825Sdfr 2187178825Sdfr2003-06-05 Love H�rnquist �strand <lha@it.su.se> 2188178825Sdfr 2189178825Sdfr * gssapi_locl.h: add prototypes for sequence.c 2190178825Sdfr 2191178825Sdfr * Makefile.am (libgssapi_la_SOURCES): add sequence.c 2192178825Sdfr (test_sequence): build 2193178825Sdfr 2194178825Sdfr * sequence.c: sequence number checks, order and replay 2195178825Sdfr * test_sequence.c: sequence number checks, order and replay 2196178825Sdfr 2197178825Sdfr2003-06-03 Love H�rnquist �strand <lha@it.su.se> 2198178825Sdfr 2199178825Sdfr * accept_sec_context.c (gss_accept_sec_context): make sure time is 2200127808Snectar returned in seconds from now, not in kerberos time 2201127808Snectar 2202178825Sdfr * acquire_cred.c (gss_aquire_cred): make sure time is returned in 2203178825Sdfr seconds from now, not in kerberos time 2204127808Snectar 2205178825Sdfr * init_sec_context.c (init_auth): if the cred is expired before we 2206178825Sdfr tries to create a token, fail so the peer doesn't need reject us 2207178825Sdfr (*): make sure time is returned in seconds from now, 2208178825Sdfr not in kerberos time 2209178825Sdfr (repl_mutual): remember to unlock the context mutex 2210120945Snectar 2211178825Sdfr * context_time.c (gss_context_time): remove unused variable 2212178825Sdfr 2213178825Sdfr * verify_mic.c: make sure minor_status is always set, pointed out 2214178825Sdfr by Luke Howard <lukeh@PADL.COM> 2215120945Snectar 2216178825Sdfr2003-05-21 Love H�rnquist �strand <lha@it.su.se> 2217178825Sdfr 2218178825Sdfr * *.[ch]: do some basic locking (no reference counting so contexts 2219178825Sdfr can be removed while still used) 2220178825Sdfr - don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct 2221178825Sdfr - make sure all lifetime are returned in seconds left until expired, 2222178825Sdfr not in unix epoch 2223178825Sdfr 2224178825Sdfr * gss_acquire_cred.3: document argument lifetime_rec to function 2225178825Sdfr gss_inquire_context 2226178825Sdfr 2227178825Sdfr2003-05-17 Love H�rnquist �strand <lha@it.su.se> 2228178825Sdfr 2229178825Sdfr * test_acquire_cred.c: test gss_add_cred more then once 2230178825Sdfr 2231178825Sdfr2003-05-06 Love H�rnquist �strand <lha@it.su.se> 2232178825Sdfr 2233178825Sdfr * gssapi.h: if __cplusplus, wrap the extern variable (just to be 2234178825Sdfr safe) and functions in extern "C" { } 2235178825Sdfr 2236120945Snectar2003-04-30 Love H�rnquist �strand <lha@it.su.se> 2237120945Snectar 2238120945Snectar * gssapi.3: more about the des3 mic mess 2239120945Snectar 2240178825Sdfr * verify_mic.c (verify_mic_des3): always check if the mic is the 2241178825Sdfr correct mic or the mic that old heimdal would have generated 2242120945Snectar 2243178825Sdfr2003-04-28 Jacques Vidrine <nectar@kth.se> 2244120945Snectar 2245178825Sdfr * verify_mic.c (verify_mic_des3): If MIC verification fails, 2246178825Sdfr retry using the `old' MIC computation (with zero IV). 2247178825Sdfr 2248178825Sdfr2003-04-26 Love H�rnquist �strand <lha@it.su.se> 2249178825Sdfr 2250178825Sdfr * gss_acquire_cred.3: more about difference between comparing IN 2251178825Sdfr and MN 2252178825Sdfr 2253178825Sdfr * gss_acquire_cred.3: more about name type and access control 2254120945Snectar 2255178825Sdfr2003-04-25 Love H�rnquist �strand <lha@it.su.se> 2256120945Snectar 2257178825Sdfr * gss_acquire_cred.3: document gss_context_time 2258120945Snectar 2259178825Sdfr * context_time.c: if lifetime of context have expired, set 2260178825Sdfr time_rec to 0 and return GSS_S_CONTEXT_EXPIRED 2261178825Sdfr 2262178825Sdfr * gssapi.3: document [gssapi]correct_des3_mic 2263120945Snectar [gssapi]broken_des3_mic 2264120945Snectar 2265178825Sdfr * gss_acquire_cred.3: document gss_krb5_compat_des3_mic 2266178825Sdfr 2267178825Sdfr * compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3 2268178825Sdfr mic compat 2269120945Snectar (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too 2270120945Snectar 2271178825Sdfr * gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off 2272178825Sdfr des3 mic compat 2273120945Snectar (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if 2274120945Snectar gss_krb5_compat_des3_mic exists 2275120945Snectar 2276178825Sdfr2003-04-24 Love H�rnquist �strand <lha@it.su.se> 2277178825Sdfr 2278178825Sdfr * Makefile.am: (libgssapi_la_LDFLAGS): update major 2279178825Sdfr version of gssapi for incompatiblity in 3des getmic support 2280178825Sdfr 2281120945Snectar2003-04-23 Love H�rnquist �strand <lha@it.su.se> 2282120945Snectar 2283178825Sdfr * Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not 2284178825Sdfr ./libgssapi.la (make make -jN work) 2285178825Sdfr 2286120945Snectar2003-04-16 Love H�rnquist �strand <lha@it.su.se> 2287120945Snectar 2288120945Snectar * gssapi.3: spelling 2289120945Snectar 2290120945Snectar * gss_acquire_cred.3: Change .Fd #include <header.h> to .In 2291120945Snectar header.h, from Thomas Klausner <wiz@netbsd.org> 2292120945Snectar 2293120945Snectar 2294120945Snectar2003-04-06 Love H�rnquist �strand <lha@it.su.se> 2295120945Snectar 2296120945Snectar * gss_acquire_cred.3: spelling 2297120945Snectar 2298120945Snectar * Makefile.am: remove stuff that sneaked in with last commit 2299120945Snectar 2300120945Snectar * acquire_cred.c (acquire_initiator_cred): if the requested name 2301120945Snectar isn't in the ccache, also check keytab. Extact the krbtgt for the 2302120945Snectar default realm to check how long the credentials will last. 2303120945Snectar 2304120945Snectar * add_cred.c (gss_add_cred): don't create a new ccache, just open 2305120945Snectar the old one; better check if output handle is compatible with new 2306120945Snectar (copied) handle 2307120945Snectar 2308120945Snectar * test_acquire_cred.c: test gss_add_cred too 2309120945Snectar 2310120945Snectar2003-04-03 Love H�rnquist �strand <lha@it.su.se> 2311120945Snectar 2312120945Snectar * Makefile.am: build test_acquire_cred 2313120945Snectar 2314120945Snectar * test_acquire_cred.c: simple gss_acquire_cred test 2315120945Snectar 2316120945Snectar2003-04-02 Love H�rnquist �strand <lha@it.su.se> 2317120945Snectar 2318120945Snectar * gss_acquire_cred.3: s/gssapi/GSS-API/ 2319120945Snectar 2320120945Snectar2003-03-19 Love H�rnquist �strand <lha@it.su.se> 2321120945Snectar 2322120945Snectar * gss_acquire_cred.3: document v1 interface (and that they are 2323120945Snectar obsolete) 2324120945Snectar 2325120945Snectar2003-03-18 Love H�rnquist �strand <lha@it.su.se> 2326120945Snectar 2327120945Snectar * gss_acquire_cred.3: list supported mechanism and nametypes 2328120945Snectar 2329120945Snectar2003-03-16 Love H�rnquist �strand <lha@it.su.se> 2330120945Snectar 2331120945Snectar * gss_acquire_cred.3: text about gss_display_name 2332120945Snectar 2333120945Snectar * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 2334120945Snectar (libgssapi_la_SOURCES): add all new functions 2335120945Snectar 2336120945Snectar * gssapi.3: now that we have a functions, uncomment the missing 2337120945Snectar ones 2338120945Snectar 2339120945Snectar * gss_acquire_cred.3: now that we have a functions, uncomment the 2340120945Snectar missing ones 2341120945Snectar 2342120945Snectar * process_context_token.c: implement gss_process_context_token 2343120945Snectar 2344120945Snectar * inquire_names_for_mech.c: implement gss_inquire_names_for_mech 2345120945Snectar 2346120945Snectar * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name 2347120945Snectar 2348120945Snectar * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech 2349120945Snectar 2350120945Snectar * add_cred.c: implement gss_add_cred 2351120945Snectar 2352120945Snectar * acquire_cred.c (gss_acquire_cred): more testing of input 2353120945Snectar argument, make sure output arguments are ok, since we don't know 2354120945Snectar the time_rec (for now), set it to time_req 2355120945Snectar 2356120945Snectar * export_sec_context.c: send lifetime, also set minor_status 2357120945Snectar 2358120945Snectar * get_mic.c: set minor_status 2359120945Snectar 2360120945Snectar * import_sec_context.c (gss_import_sec_context): add error 2361120945Snectar checking, pick up lifetime (if there is no lifetime, use 2362120945Snectar GSS_C_INDEFINITE) 2363120945Snectar 2364120945Snectar * init_sec_context.c: take care to set export value to something 2365120945Snectar sane before we start so caller will have harmless values in them 2366120945Snectar if then function fails 2367120945Snectar 2368120945Snectar * release_buffer.c (gss_release_buffer): set minor_status 2369120945Snectar 2370120945Snectar * wrap.c: make sure minor_status get set 2371120945Snectar 2372120945Snectar * verify_mic.c (gss_verify_mic_internal): rename verify_mic to 2373120945Snectar gss_verify_mic_internal and let it take the type as an argument, 2374120945Snectar (gss_verify_mic): call gss_verify_mic_internal 2375120945Snectar set minor_status 2376120945Snectar 2377120945Snectar * unwrap.c: set minor_status 2378120945Snectar 2379120945Snectar * test_oid_set_member.c (gss_test_oid_set_member): use 2380120945Snectar gss_oid_equal 2381120945Snectar 2382120945Snectar * release_oid_set.c (gss_release_oid_set): set minor_status 2383120945Snectar 2384120945Snectar * release_name.c (gss_release_name): set minor_status 2385120945Snectar 2386120945Snectar * release_cred.c (gss_release_cred): set minor_status 2387120945Snectar 2388120945Snectar * add_oid_set_member.c (gss_add_oid_set_member): set minor_status 2389120945Snectar 2390120945Snectar * compare_name.c (gss_compare_name): set minor_status 2391120945Snectar 2392120945Snectar * compat.c (check_compat): make sure ret have a defined value 2393120945Snectar 2394120945Snectar * context_time.c (gss_context_time): set minor_status 2395120945Snectar 2396120945Snectar * copy_ccache.c (gss_krb5_copy_ccache): set minor_status 2397120945Snectar 2398120945Snectar * create_emtpy_oid_set.c (gss_create_empty_oid_set): set 2399120945Snectar minor_status 2400120945Snectar 2401120945Snectar * delete_sec_context.c (gss_delete_sec_context): set minor_status 2402120945Snectar 2403120945Snectar * display_name.c (gss_display_name): set minor_status 2404120945Snectar 2405120945Snectar * display_status.c (gss_display_status): use gss_oid_equal, handle 2406120945Snectar supplementary errors 2407120945Snectar 2408120945Snectar * duplicate_name.c (gss_duplicate_name): set minor_status 2409120945Snectar 2410120945Snectar * inquire_context.c (gss_inquire_context): set lifetime_rec now 2411120945Snectar when we know it, set minor_status 2412120945Snectar 2413120945Snectar * inquire_cred.c (gss_inquire_cred): take care to set export value 2414120945Snectar to something sane before we start so caller will have harmless 2415120945Snectar values in them if the function fails 2416120945Snectar 2417120945Snectar * accept_sec_context.c (gss_accept_sec_context): take care to set 2418120945Snectar export value to something sane before we start so caller will have 2419120945Snectar harmless values in them if then function fails, set lifetime from 2420120945Snectar ticket expiration date 2421120945Snectar 2422120945Snectar * indicate_mechs.c (gss_indicate_mechs): use 2423120945Snectar gss_create_empty_oid_set and gss_add_oid_set_member 2424120945Snectar 2425120945Snectar * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, 2426120945Snectar since there is no ticket transfered in the exported context 2427120945Snectar 2428120945Snectar * export_name.c (gss_export_name): export name with 2429120945Snectar GSS_C_NT_EXPORT_NAME wrapping, not just the principal 2430120945Snectar 2431120945Snectar * import_name.c (import_export_name): new function, parses a 2432120945Snectar GSS_C_NT_EXPORT_NAME 2433120945Snectar (import_krb5_name): factor out common code of parsing krb5 name 2434120945Snectar (gss_oid_equal): rename from oid_equal 2435120945Snectar 2436120945Snectar * gssapi_locl.h: add prototypes for gss_oid_equal and 2437120945Snectar gss_verify_mic_internal 2438120945Snectar 2439120945Snectar * gssapi.h: comment out the argument names 2440120945Snectar 2441120945Snectar2003-03-15 Love H�rnquist �strand <lha@it.su.se> 2442120945Snectar 2443120945Snectar * gssapi.3: add LIST OF FUNCTIONS and copyright/license 2444120945Snectar 2445120945Snectar * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ 2446120945Snectar 2447120945Snectar * Makefile.am: man_MANS += gss_aquire_cred.3 2448120945Snectar 2449120945Snectar2003-03-14 Love H�rnquist �strand <lha@it.su.se> 2450120945Snectar 2451120945Snectar * gss_aquire_cred.3: the gssapi api manpage 2452120945Snectar 2453120945Snectar2003-03-03 Love H�rnquist �strand <lha@it.su.se> 2454120945Snectar 2455120945Snectar * inquire_context.c: (gss_inquire_context): rename argument open 2456120945Snectar to open_context 2457120945Snectar 2458120945Snectar * gssapi.h (gss_inquire_context): rename argument open to open_context 2459120945Snectar 2460120945Snectar2003-02-27 Love H�rnquist �strand <lha@it.su.se> 2461120945Snectar 2462120945Snectar * init_sec_context.c (do_delegation): remove unused variable 2463120945Snectar subkey 2464120945Snectar 2465120945Snectar * gssapi.3: all 0.5.x version had broken token delegation 2466120945Snectar 2467120945Snectar2003-02-21 Love H�rnquist �strand <lha@it.su.se> 2468120945Snectar 2469120945Snectar * (init_auth): only generate one subkey 2470120945Snectar 2471120945Snectar2003-01-27 Love H�rnquist �strand <lha@it.su.se> 2472120945Snectar 2473120945Snectar * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform 2474120945Snectar to rfc (and mit kerberos), provide backward compat hook 2475120945Snectar 2476120945Snectar * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and 2477120945Snectar mit kerberos), provide backward compat hook 2478120945Snectar 2479120945Snectar * init_sec_context.c (init_auth): check if we need compat for 2480120945Snectar older get_mic/verify_mic 2481120945Snectar 2482120945Snectar * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat 2483120945Snectar 2484120945Snectar * gssapi.h (more_flags): add COMPAT_OLD_DES3 2485120945Snectar 2486120945Snectar * Makefile.am: add gssapi.3 and compat.c 2487120945Snectar 2488120945Snectar * gssapi.3: add gssapi COMPATIBILITY documentation 2489120945Snectar 2490120945Snectar * accept_sec_context.c (gss_accept_sec_context): check if we need 2491120945Snectar compat for older get_mic/verify_mic 2492120945Snectar 2493120945Snectar * compat.c: check for compatiblity with other heimdal's 3des 2494120945Snectar get_mic/verify_mic 2495120945Snectar 2496120945Snectar2002-10-31 Johan Danielsson <joda@pdc.kth.se> 2497120945Snectar 2498120945Snectar * check return value from gssapi_krb5_init 2499120945Snectar 2500120945Snectar * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input 2501120945Snectar 2502103423Snectar2002-09-03 Johan Danielsson <joda@pdc.kth.se> 2503103423Snectar 2504103423Snectar * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE 2505103423Snectar 2506103423Snectar * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 2507103423Snectar 2508103423Snectar2002-09-02 Johan Danielsson <joda@pdc.kth.se> 2509103423Snectar 2510103423Snectar * init_sec_context.c: we need to generate a local subkey here 2511103423Snectar 2512102644Snectar2002-08-20 Jacques Vidrine <n@nectar.com> 2513102644Snectar 2514102644Snectar * acquire_cred.c, inquire_cred.c, release_cred.c: Use default 2515102644Snectar credential resolution if gss_acquire_cred is called with 2516102644Snectar GSS_C_NO_NAME. 2517102644Snectar 2518102644Snectar2002-06-20 Jacques Vidrine <n@nectar.com> 2519102644Snectar 2520102644Snectar * import_name.c: Compare name types by value if pointers do 2521102644Snectar not match. Reported by: "Douglas E. Engert" <deengert@anl.gov> 2522102644Snectar 2523102644Snectar2002-05-20 Jacques Vidrine <n@nectar.com> 2524102644Snectar 2525102644Snectar * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize 2526102644Snectar the qop_state parameter. from Doug Rabson <dfr@nlsystems.com> 2527102644Snectar 2528102644Snectar2002-05-09 Jacques Vidrine <n@nectar.com> 2529102644Snectar 2530102644Snectar * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 2531102644Snectar 2532102644Snectar2002-05-08 Jacques Vidrine <n@nectar.com> 2533102644Snectar 2534102644Snectar * acquire_cred.c: initialize gssapi; handle null desired_name 2535102644Snectar 2536102644Snectar2002-03-22 Johan Danielsson <joda@pdc.kth.se> 2537102644Snectar 2538102644Snectar * Makefile.am: remove non-functional stuff accidentally committed 2539102644Snectar 2540102644Snectar2002-03-11 Assar Westerlund <assar@sics.se> 2541102644Snectar 2542102644Snectar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 2543102644Snectar * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel 2544102644Snectar bindings 2545102644Snectar 254690926Snectar2001-10-31 Jacques Vidrine <n@nectar.com> 254790926Snectar 254890926Snectar * get_mic.c (mic_des3): MIC computation using DES3/SHA1 254990926Snectar was bogusly appending the message buffer to the result, 255090926Snectar overwriting a heap buffer in the process. 255190926Snectar 255290926Snectar2001-08-29 Assar Westerlund <assar@sics.se> 255390926Snectar 255490926Snectar * 8003.c (gssapi_krb5_verify_8003_checksum, 255590926Snectar gssapi_krb5_create_8003_checksum): make more consistent by always 255690926Snectar returning an gssapi error and setting minor status. update 255790926Snectar callers 255890926Snectar 255990926Snectar2001-08-28 Jacques Vidrine <n@nectar.com> 256090926Snectar 256190926Snectar * accept_sec_context.c: Create a cache for delegated credentials 256290926Snectar when needed. 256390926Snectar 256490926Snectar2001-08-28 Assar Westerlund <assar@sics.se> 256590926Snectar 256690926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 256790926Snectar 256890926Snectar2001-08-23 Assar Westerlund <assar@sics.se> 256990926Snectar 257090926Snectar * *.c: handle minor_status more consistently 257190926Snectar 257290926Snectar * display_status.c (gss_display_status): handle krb5_get_err_text 257390926Snectar failing 257490926Snectar 257590926Snectar2001-08-15 Johan Danielsson <joda@pdc.kth.se> 257690926Snectar 257790926Snectar * gssapi_locl.h: fix prototype for gssapi_krb5_init 257890926Snectar 257990926Snectar2001-08-13 Johan Danielsson <joda@pdc.kth.se> 258090926Snectar 258190926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): init 258290926Snectar context and check return value from kt_resolve 258390926Snectar 258490926Snectar * init.c: return error code 258590926Snectar 258690926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 258790926Snectar 258890926Snectar * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 258990926Snectar 259090926Snectar2001-07-12 Assar Westerlund <assar@sics.se> 259190926Snectar 259290926Snectar * Makefile.am (libgssapi_la_LIBADD): add required library 259390926Snectar dependencies 259490926Snectar 259590926Snectar2001-07-06 Assar Westerlund <assar@sics.se> 259690926Snectar 259790926Snectar * accept_sec_context.c (gsskrb5_register_acceptor_identity): set 259890926Snectar the keytab to be used for gss_acquire_cred too' 259990926Snectar 260090926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 260190926Snectar 260290926Snectar * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 260390926Snectar 260490926Snectar2001-06-18 Assar Westerlund <assar@sics.se> 260590926Snectar 260690926Snectar * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 260790926Snectar and gss_krb5_get_remotekey 260890926Snectar * verify_mic.c: update krb5_auth_con function names use 260990926Snectar gss_krb5_get_remotekey 261090926Snectar * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey 261190926Snectar and gss_krb5_get_remotekey 261290926Snectar * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): 261390926Snectar add prototypes 261490926Snectar * get_mic.c: update krb5_auth_con function names. use 261590926Snectar gss_krb5_get_localkey 261690926Snectar * accept_sec_context.c: update krb5_auth_con function names 261790926Snectar 261878527Sassar2001-05-17 Assar Westerlund <assar@sics.se> 261978527Sassar 262078527Sassar * Makefile.am: bump version to 3:1:2 262178527Sassar 262278527Sassar2001-05-14 Assar Westerlund <assar@sics.se> 262378527Sassar 262478527Sassar * address_to_krb5addr.c: adapt to new address functions 262578527Sassar 262678527Sassar2001-05-11 Assar Westerlund <assar@sics.se> 262778527Sassar 262878527Sassar * try to return the error string from libkrb5 where applicable 262978527Sassar 263078527Sassar2001-05-08 Assar Westerlund <assar@sics.se> 263178527Sassar 263278527Sassar * delete_sec_context.c (gss_delete_sec_context): remember to free 263378527Sassar the memory used by the ticket itself. from <tmartin@mirapoint.com> 263478527Sassar 263578527Sassar2001-05-04 Assar Westerlund <assar@sics.se> 263678527Sassar 263778527Sassar * gssapi_locl.h: add config.h for completeness 263878527Sassar * gssapi.h: remove config.h, this is an installed header file 263978527Sassar sys/types.h is not needed either 264078527Sassar 264178527Sassar2001-03-12 Assar Westerlund <assar@sics.se> 264278527Sassar 264378527Sassar * acquire_cred.c (gss_acquire_cred): remove memory leaks. from 264478527Sassar Jason R Thorpe <thorpej@zembu.com> 264578527Sassar 264678527Sassar2001-02-18 Assar Westerlund <assar@sics.se> 264778527Sassar 264878527Sassar * accept_sec_context.c (gss_accept_sec_context): either return 264978527Sassar gss_name NULL-ed or set 265078527Sassar 265178527Sassar * import_name.c: set minor_status in some cases where it was not 265278527Sassar done 265378527Sassar 265478527Sassar2001-02-15 Assar Westerlund <assar@sics.se> 265578527Sassar 265678527Sassar * wrap.c: use krb5_generate_random_block for the confounders 265778527Sassar 265872445Sassar2001-01-30 Assar Westerlund <assar@sics.se> 265972445Sassar 266072445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 266172445Sassar * acquire_cred.c, init_sec_context.c, release_cred.c: add support 266272445Sassar for getting creds from a keytab, from fvdl@netbsd.org 266372445Sassar 266472445Sassar * copy_ccache.c: add gss_krb5_copy_ccache 266572445Sassar 266672445Sassar2001-01-27 Assar Westerlund <assar@sics.se> 266772445Sassar 266872445Sassar * get_mic.c: cast parameters to des function to non-const pointers 266972445Sassar to handle the case where these functions actually take non-const 267072445Sassar des_cblock * 267172445Sassar 267272445Sassar2001-01-09 Assar Westerlund <assar@sics.se> 267372445Sassar 267472445Sassar * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 267572445Sassar instead of krb5_rd_cred 267672445Sassar 267772445Sassar2000-12-11 Assar Westerlund <assar@sics.se> 267872445Sassar 267972445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 268072445Sassar 268172445Sassar2000-12-08 Assar Westerlund <assar@sics.se> 268272445Sassar 268372445Sassar * wrap.c (wrap_des3): use the checksum as ivec when encrypting the 268472445Sassar sequence number 268572445Sassar * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting 268672445Sassar the sequence number 268772445Sassar * init_sec_context.c (init_auth): always zero fwd_data 268872445Sassar 268972445Sassar2000-12-06 Johan Danielsson <joda@pdc.kth.se> 269072445Sassar 269172445Sassar * accept_sec_context.c: de-pointerise auth_context parameter to 269272445Sassar krb5_mk_rep 269372445Sassar 269472445Sassar2000-11-15 Assar Westerlund <assar@sics.se> 269572445Sassar 269672445Sassar * init_sec_context.c (init_auth): update to new 269772445Sassar krb5_build_authenticator 269872445Sassar 269972445Sassar2000-09-19 Assar Westerlund <assar@sics.se> 270072445Sassar 270172445Sassar * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 270272445Sassar 270372445Sassar2000-08-27 Assar Westerlund <assar@sics.se> 270472445Sassar 270572445Sassar * init_sec_context.c: actually pay attention to `time_req' 270672445Sassar * init_sec_context.c: re-organize. leak less memory. 270772445Sassar * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): 270872445Sassar update prototypes add assert.h 270972445Sassar * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): 271072445Sassar add 271172445Sassar * verify_mic.c: re-organize and add 3DES code 271272445Sassar * wrap.c: re-organize and add 3DES code 271372445Sassar * unwrap.c: re-organize and add 3DES code 271472445Sassar * get_mic.c: re-organize and add 3DES code 271572445Sassar * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', 271672445Sassar let the caller do that. fix the callers. 271772445Sassar 271872445Sassar2000-08-16 Assar Westerlund <assar@sics.se> 271972445Sassar 272072445Sassar * Makefile.am: bump version to 2:1:1 272172445Sassar 272272445Sassar2000-07-29 Assar Westerlund <assar@sics.se> 272372445Sassar 272472445Sassar * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 272572445Sassar 272672445Sassar2000-07-25 Johan Danielsson <joda@pdc.kth.se> 272772445Sassar 272872445Sassar * Makefile.am: bump version to 2:0:1 272972445Sassar 273072445Sassar2000-07-22 Assar Westerlund <assar@sics.se> 273172445Sassar 273272445Sassar * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other 273372445Sassar details from rfc2744 273472445Sassar 273572445Sassar2000-06-29 Assar Westerlund <assar@sics.se> 273672445Sassar 273772445Sassar * address_to_krb5addr.c (gss_address_to_krb5addr): actually use 273872445Sassar `int' instead of `sa_family_t' for the address family. 273972445Sassar 274072445Sassar2000-06-21 Assar Westerlund <assar@sics.se> 274172445Sassar 274272445Sassar * add support for token delegation. From Daniel Kouril 274372445Sassar <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz> 274472445Sassar 274572445Sassar2000-05-15 Assar Westerlund <assar@sics.se> 274672445Sassar 274772445Sassar * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 274872445Sassar 274972445Sassar2000-04-12 Assar Westerlund <assar@sics.se> 275072445Sassar 275172445Sassar * release_oid_set.c (gss_release_oid_set): clear set for 275272445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 275372445Sassar * release_name.c (gss_release_name): reset input_name for 275472445Sassar robustness. From GOMBAS Gabor <gombasg@inf.elte.hu> 275572445Sassar * release_buffer.c (gss_release_buffer): set value to NULL to be 275672445Sassar more robust. From GOMBAS Gabor <gombasg@inf.elte.hu> 275772445Sassar * add_oid_set_member.c (gss_add_oid_set_member): actually check if 275872445Sassar the oid is a member first. leave the oid_set unchanged if realloc 275972445Sassar fails. 276072445Sassar 276157419Smarkm2000-02-13 Assar Westerlund <assar@sics.se> 276257419Smarkm 276357419Smarkm * Makefile.am: set version to 1:0:1 276457419Smarkm 276557419Smarkm2000-02-12 Assar Westerlund <assar@sics.se> 276657419Smarkm 276757419Smarkm * gssapi_locl.h: add flags for import/export 276857419Smarkm * import_sec_context.c (import_sec_context: add flags for what 276957419Smarkm fields are included. do not include the authenticator for now. 277057419Smarkm * export_sec_context.c (export_sec_context: add flags for what 277157419Smarkm fields are included. do not include the authenticator for now. 277257419Smarkm * accept_sec_context.c (gss_accept_sec_context): set target in 277357419Smarkm context_handle 277457419Smarkm 277557419Smarkm2000-02-11 Assar Westerlund <assar@sics.se> 277657419Smarkm 277757419Smarkm * delete_sec_context.c (gss_delete_sec_context): set context to 277857419Smarkm GSS_C_NO_CONTEXT 277957419Smarkm 278057419Smarkm * Makefile.am: add {export,import}_sec_context.c 278157419Smarkm * export_sec_context.c: new file 278257419Smarkm * import_sec_context.c: new file 278357419Smarkm * accept_sec_context.c (gss_accept_sec_context): set trans flag 278457419Smarkm 278557416Smarkm2000-02-07 Assar Westerlund <assar@sics.se> 278657416Smarkm 278757416Smarkm * Makefile.am: set version to 0:5:0 278857416Smarkm 278957416Smarkm2000-01-26 Assar Westerlund <assar@sics.se> 279057416Smarkm 279157416Smarkm * delete_sec_context.c (gss_delete_sec_context): handle a NULL 279257416Smarkm output_token 279357416Smarkm 279457416Smarkm * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some 279557416Smarkm changes to libdes calls to make them more portable. 279657416Smarkm * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. 279757416Smarkm some changes to libdes calls to make them more portable. 279857416Smarkm * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some 279957416Smarkm changes to libdes calls to make them more portable. 280057416Smarkm * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some 280157416Smarkm changes to libdes calls to make them more portable. 280257416Smarkm * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 280357416Smarkm 280455682Smarkm2000-01-06 Assar Westerlund <assar@sics.se> 280555682Smarkm 280655682Smarkm * Makefile.am: set version to 0:4:0 280755682Smarkm 280855682Smarkm1999-12-26 Assar Westerlund <assar@sics.se> 280955682Smarkm 281055682Smarkm * accept_sec_context.c (gss_accept_sec_context): always set 281155682Smarkm `output_token' 281255682Smarkm * init_sec_context.c (init_auth): always initialize `output_token' 281355682Smarkm * delete_sec_context.c (gss_delete_sec_context): always set 281455682Smarkm `output_token' 281555682Smarkm 281655682Smarkm1999-12-06 Assar Westerlund <assar@sics.se> 281755682Smarkm 281855682Smarkm * Makefile.am: bump version to 0:3:0 281955682Smarkm 282055682Smarkm1999-10-20 Assar Westerlund <assar@sics.se> 282155682Smarkm 282255682Smarkm * Makefile.am: set version to 0:2:0 282355682Smarkm 282455682Smarkm1999-09-21 Assar Westerlund <assar@sics.se> 282555682Smarkm 282655682Smarkm * init_sec_context.c (gss_init_sec_context): initialize `ticket' 282755682Smarkm 282855682Smarkm * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. 282955682Smarkm 283055682Smarkm * delete_sec_context.c (gss_delete_sec_context): free ticket 283155682Smarkm 283255682Smarkm * accept_sec_context.c (gss_accept_sec_context): stove away 283355682Smarkm `krb5_ticket' in context so that ugly programs such as 283455682Smarkm gss_nt_server can get at it. uck. 283555682Smarkm 283655682Smarkm1999-09-20 Johan Danielsson <joda@pdc.kth.se> 283755682Smarkm 283855682Smarkm * accept_sec_context.c: set minor_status 283955682Smarkm 284055682Smarkm1999-08-04 Assar Westerlund <assar@sics.se> 284155682Smarkm 284255682Smarkm * display_status.c (calling_error, routine_error): right shift the 284355682Smarkm code to make it possible to index into the arrays 284455682Smarkm 284555682Smarkm1999-07-28 Assar Westerlund <assar@sics.se> 284655682Smarkm 284755682Smarkm * gssapi.h (GSS_C_AF_INET6): add 284855682Smarkm 284955682Smarkm * import_name.c (import_hostbased_name): set minor_status 285055682Smarkm 285155682Smarkm1999-07-26 Assar Westerlund <assar@sics.se> 285255682Smarkm 285355682Smarkm * Makefile.am: set version to 0:1:0 285455682Smarkm 285555682SmarkmWed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 285655682Smarkm 285755682Smarkm * display_status.c: set minor_status 285855682Smarkm 285955682Smarkm * init_sec_context.c: set minor_status 286055682Smarkm 286155682Smarkm * lib/gssapi/init.c: remove donep (check gssapi_krb5_context 286255682Smarkm directly) 286355682Smarkm 2864