f287772b22
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12736 ec53bebd-3082-4978-b11e-865c3cabbd6b
902 lines
27 KiB
Plaintext
902 lines
27 KiB
Plaintext
2003-09-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* acquire_cred.c: use
|
|
krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
|
|
|
|
2003-09-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* copy_ccache.c: rename
|
|
gss_krb5_extract_authz_data_from_sec_context to
|
|
gsskrb5_extract_authz_data_from_sec_context
|
|
|
|
* gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to
|
|
gsskrb5_extract_authz_data_from_sec_context
|
|
|
|
2003-08-31 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
|
|
check that we have a ticket before we start to use it
|
|
|
|
* gss_acquire_cred.3: document
|
|
gss_krb5_extract_authz_data_from_sec_context
|
|
|
|
* gssapi.h (gss_krb5_extract_authz_data_from_sec_context):
|
|
return the kerberos authorizationdata, from idea of Luke Howard
|
|
|
|
* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
|
|
return the kerberos authorizationdata, from idea of Luke Howard
|
|
|
|
* verify_mic.c (gss_verify_mic_internal): switch type and key
|
|
argument
|
|
|
|
2003-08-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
|
|
From: Luke Howard <lukeh@PADL.COM>
|
|
|
|
2003-08-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* arcfour.c (arcfour_mic_cksum): use free_Checksum to free the
|
|
checksum
|
|
|
|
* arcfour.h: swap two last arguments to verify_mic for consistency
|
|
with des3
|
|
|
|
* wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h:
|
|
prefix cfx symbols with _gssapi_
|
|
|
|
* arcfour.c: release the right buffer
|
|
|
|
* arcfour.c: rename token structure in consistency with rest of
|
|
GSS-API From: Luke Howard <lukeh@PADL.COM>
|
|
|
|
* unwrap.c (unwrap_des3): use _gssapi_verify_pad
|
|
(unwrap_des): use _gssapi_verify_pad
|
|
|
|
* arcfour.c (_gssapi_wrap_arcfour): set the correct padding
|
|
(_gssapi_unwrap_arcfour): verify and strip padding
|
|
|
|
* gssapi_locl.h: added _gssapi_verify_pad
|
|
|
|
* decapsulate.c (_gssapi_verify_pad): verify padding of a gss
|
|
wrapped message and return its length
|
|
|
|
* arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard
|
|
<lukeh@PADL.COM>
|
|
|
|
* arcfour.c: use right seal alg, inherit keytype from parent key
|
|
|
|
* arcfour.c: include the confounder in the checksum use the right
|
|
key usage number for warped/unwraped tokens
|
|
|
|
* gssapi.h: add gss_krb5_nt_general_name as an mit compat glue
|
|
(same as GSS_KRB5_NT_PRINCIPAL_NAME)
|
|
|
|
* unwrap.c: hook in arcfour unwrap
|
|
|
|
* wrap.c: hook in arcfour wrap
|
|
|
|
* verify_mic.c: hook in arcfour verify_mic
|
|
|
|
* get_mic.c: hook in arcfour get_mic
|
|
|
|
* arcfour.c: implement wrap/unwarp
|
|
|
|
* gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32
|
|
|
|
* 8003.c: add gssapi_{en,de}code_be_om_uint32
|
|
|
|
2003-08-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right
|
|
area. Swap filler check, it was reversed.
|
|
|
|
* Makefile.am (libgssapi_la_SOURCES): += arcfour.c
|
|
|
|
* gssapi_locl.h: include "arcfour.h"
|
|
|
|
* arcfour.c: arcfour gss-api mech, get_mic/verify_mic working
|
|
|
|
* arcfour.h: arcfour gss-api mech, get_mic/verify_mic working
|
|
|
|
2003-08-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi_locl.h: always include cfx.h add prototype for
|
|
_gssapi_decapsulate
|
|
|
|
* cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt
|
|
from Luke Howard <lukeh@PADL.COM>
|
|
|
|
* decapsulate.c: add _gssapi_decapsulate, from Luke Howard
|
|
<lukeh@PADL.COM>
|
|
|
|
2003-08-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* unwrap.c: encap/decap now takes a oid if the enctype/keytype is
|
|
arcfour, return error add hook for cfx
|
|
|
|
* verify_mic.c: encap/decap now takes a oid if the enctype/keytype
|
|
is arcfour, return error add hook for cfx
|
|
|
|
* get_mic.c: encap/decap now takes a oid if the enctype/keytype is
|
|
arcfour, return error add hook for cfx
|
|
|
|
* accept_sec_context.c: encap/decap now takes a oid
|
|
|
|
* init_sec_context.c: encap/decap now takes a oid
|
|
|
|
* gssapi_locl.h: include cfx.h if we need it lifetime is a
|
|
OM_uint32, depend on gssapi interface add all new encap/decap
|
|
functions
|
|
|
|
* decapsulate.c: add decap functions that doesn't take the token
|
|
type also make all decap function take the oid mech that they
|
|
should use
|
|
|
|
* encapsulate.c: add encap functions that doesn't take the token
|
|
type also make all encap function take the oid mech that they
|
|
should use
|
|
|
|
* sequence.c (elem_insert): fix a off by one index counter
|
|
|
|
* inquire_cred.c (gss_inquire_cred): handle cred_handle beeing
|
|
GSS_C_NO_CREDENTIAL and use the default cred then.
|
|
|
|
2003-08-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: break out extensions and document
|
|
gsskrb5_register_acceptor_identity
|
|
|
|
2003-08-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_acquire_cred.c (print_time): time is returned in seconds
|
|
from now, not unix time
|
|
|
|
2003-08-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* compat.c (check_compat): avoid leaking principal when finding a
|
|
match
|
|
|
|
* address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is
|
|
a krb5_socklen_t
|
|
|
|
* acquire_cred.c (gss_acquire_cred): 4th argument to
|
|
gss_test_oid_set_member is a int
|
|
|
|
2003-07-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* init_sec_context.c (repl_mutual): don't set kerberos error where
|
|
there was no kerberos error
|
|
|
|
* gssapi_locl.h: Add destruction/creation prototypes and structure
|
|
for the thread specific storage.
|
|
|
|
* display_status.c: use thread specific storage to set/get the
|
|
kerberos error message
|
|
|
|
* init.c: Provide locking around the creation of the global
|
|
krb5_context. Add destruction/creation functions for the thread
|
|
specific storage that the error string handling is using.
|
|
|
|
2003-07-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: add missing prototype and missing .Ft
|
|
arguments
|
|
|
|
2003-06-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* verify_mic.c: reorder code so sequence numbers can can be used
|
|
|
|
* unwrap.c: reorder code so sequence numbers can can be used
|
|
|
|
* sequence.c: remove unused function, indent, add
|
|
gssapi_msg_order_f that filter gss flags to gss_msg_order flags
|
|
|
|
* gssapi_locl.h: prototypes for
|
|
gssapi_{encode_om_uint32,decode_om_uint32} add sequence number
|
|
verifier prototypes
|
|
|
|
* delete_sec_context.c: destroy sequence number verifier
|
|
|
|
* init_sec_context.c: remember to free data use sequence number
|
|
verifier
|
|
|
|
* accept_sec_context.c: don't clear output_token twice remember to
|
|
free data use sequence number verifier
|
|
|
|
* 8003.c: export and rename encode_om_uint32/decode_om_uint32 and
|
|
start to use them
|
|
|
|
2003-06-09 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* Makefile.am: can't have sequence.c in two different places
|
|
|
|
2003-06-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_sequence.c: check rollover, print summery
|
|
|
|
* wrap.c (sub_wrap_size): gss_wrap_size_limit() has
|
|
req_output_size and max_input_size around the wrong way -- it
|
|
returns the output token size for a given input size, rather than
|
|
the maximum input size for a given output token size.
|
|
|
|
From: Luke Howard <lukeh@PADL.COM>
|
|
|
|
2003-06-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi_locl.h: add prototypes for sequence.c
|
|
|
|
* Makefile.am (libgssapi_la_SOURCES): add sequence.c
|
|
(test_sequence): build
|
|
|
|
* sequence.c: sequence number checks, order and replay
|
|
* test_sequence.c: sequence number checks, order and replay
|
|
|
|
2003-06-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): make sure time is
|
|
returned in seconds from now, not in kerberos time
|
|
|
|
* acquire_cred.c (gss_aquire_cred): make sure time is returned in
|
|
seconds from now, not in kerberos time
|
|
|
|
* init_sec_context.c (init_auth): if the cred is expired before we
|
|
tries to create a token, fail so the peer doesn't need reject us
|
|
(*): make sure time is returned in seconds from now,
|
|
not in kerberos time
|
|
(repl_mutual): remember to unlock the context mutex
|
|
|
|
* context_time.c (gss_context_time): remove unused variable
|
|
|
|
* verify_mic.c: make sure minor_status is always set, pointed out
|
|
by Luke Howard <lukeh@PADL.COM>
|
|
|
|
2003-05-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* *.[ch]: do some basic locking (no reference counting so contexts
|
|
can be removed while still used)
|
|
- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
|
|
- make sure all lifetime are returned in seconds left until expired,
|
|
not in unix epoch
|
|
|
|
* gss_acquire_cred.3: document argument lifetime_rec to function
|
|
gss_inquire_context
|
|
|
|
2003-05-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* test_acquire_cred.c: test gss_add_cred more then once
|
|
|
|
2003-05-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi.h: if __cplusplus, wrap the extern variable (just to be
|
|
safe) and functions in extern "C" { }
|
|
|
|
2003-04-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi.3: more about the des3 mic mess
|
|
|
|
* verify_mic.c (verify_mic_des3): always check if the mic is the
|
|
correct mic or the mic that old heimdal would have generated
|
|
|
|
2003-04-28 Jacques Vidrine <nectar@kth.se>
|
|
|
|
* verify_mic.c (verify_mic_des3): If MIC verification fails,
|
|
retry using the `old' MIC computation (with zero IV).
|
|
|
|
2003-04-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: more about difference between comparing IN
|
|
and MN
|
|
|
|
* gss_acquire_cred.3: more about name type and access control
|
|
|
|
2003-04-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: document gss_context_time
|
|
|
|
* context_time.c: if lifetime of context have expired, set
|
|
time_rec to 0 and return GSS_S_CONTEXT_EXPIRED
|
|
|
|
* gssapi.3: document [gssapi]correct_des3_mic
|
|
[gssapi]broken_des3_mic
|
|
|
|
* gss_acquire_cred.3: document gss_krb5_compat_des3_mic
|
|
|
|
* compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3
|
|
mic compat
|
|
(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
|
|
|
|
* gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off
|
|
des3 mic compat
|
|
(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
|
|
gss_krb5_compat_des3_mic exists
|
|
|
|
2003-04-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: (libgssapi_la_LDFLAGS): update major
|
|
version of gssapi for incompatiblity in 3des getmic support
|
|
|
|
2003-04-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not
|
|
./libgssapi.la (make make -jN work)
|
|
|
|
2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi.3: spelling
|
|
|
|
* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
|
|
header.h, from Thomas Klausner <wiz@netbsd.org>
|
|
|
|
|
|
2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: spelling
|
|
|
|
* Makefile.am: remove stuff that sneaked in with last commit
|
|
|
|
* acquire_cred.c (acquire_initiator_cred): if the requested name
|
|
isn't in the ccache, also check keytab. Extact the krbtgt for the
|
|
default realm to check how long the credentials will last.
|
|
|
|
* add_cred.c (gss_add_cred): don't create a new ccache, just open
|
|
the old one; better check if output handle is compatible with new
|
|
(copied) handle
|
|
|
|
* test_acquire_cred.c: test gss_add_cred too
|
|
|
|
2003-04-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* Makefile.am: build test_acquire_cred
|
|
|
|
* test_acquire_cred.c: simple gss_acquire_cred test
|
|
|
|
2003-04-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: s/gssapi/GSS-API/
|
|
|
|
2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: document v1 interface (and that they are
|
|
obsolete)
|
|
|
|
2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: list supported mechanism and nametypes
|
|
|
|
2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_acquire_cred.3: text about gss_display_name
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
|
|
(libgssapi_la_SOURCES): add all new functions
|
|
|
|
* gssapi.3: now that we have a functions, uncomment the missing
|
|
ones
|
|
|
|
* gss_acquire_cred.3: now that we have a functions, uncomment the
|
|
missing ones
|
|
|
|
* process_context_token.c: implement gss_process_context_token
|
|
|
|
* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
|
|
|
|
* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
|
|
|
|
* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
|
|
|
|
* add_cred.c: implement gss_add_cred
|
|
|
|
* acquire_cred.c (gss_acquire_cred): more testing of input
|
|
argument, make sure output arguments are ok, since we don't know
|
|
the time_rec (for now), set it to time_req
|
|
|
|
* export_sec_context.c: send lifetime, also set minor_status
|
|
|
|
* get_mic.c: set minor_status
|
|
|
|
* import_sec_context.c (gss_import_sec_context): add error
|
|
checking, pick up lifetime (if there is no lifetime, use
|
|
GSS_C_INDEFINITE)
|
|
|
|
* init_sec_context.c: take care to set export value to something
|
|
sane before we start so caller will have harmless values in them
|
|
if then function fails
|
|
|
|
* release_buffer.c (gss_release_buffer): set minor_status
|
|
|
|
* wrap.c: make sure minor_status get set
|
|
|
|
* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
|
|
gss_verify_mic_internal and let it take the type as an argument,
|
|
(gss_verify_mic): call gss_verify_mic_internal
|
|
set minor_status
|
|
|
|
* unwrap.c: set minor_status
|
|
|
|
* test_oid_set_member.c (gss_test_oid_set_member): use
|
|
gss_oid_equal
|
|
|
|
* release_oid_set.c (gss_release_oid_set): set minor_status
|
|
|
|
* release_name.c (gss_release_name): set minor_status
|
|
|
|
* release_cred.c (gss_release_cred): set minor_status
|
|
|
|
* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
|
|
|
|
* compare_name.c (gss_compare_name): set minor_status
|
|
|
|
* compat.c (check_compat): make sure ret have a defined value
|
|
|
|
* context_time.c (gss_context_time): set minor_status
|
|
|
|
* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
|
|
|
|
* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
|
|
minor_status
|
|
|
|
* delete_sec_context.c (gss_delete_sec_context): set minor_status
|
|
|
|
* display_name.c (gss_display_name): set minor_status
|
|
|
|
* display_status.c (gss_display_status): use gss_oid_equal, handle
|
|
supplementary errors
|
|
|
|
* duplicate_name.c (gss_duplicate_name): set minor_status
|
|
|
|
* inquire_context.c (gss_inquire_context): set lifetime_rec now
|
|
when we know it, set minor_status
|
|
|
|
* inquire_cred.c (gss_inquire_cred): take care to set export value
|
|
to something sane before we start so caller will have harmless
|
|
values in them if the function fails
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): take care to set
|
|
export value to something sane before we start so caller will have
|
|
harmless values in them if then function fails, set lifetime from
|
|
ticket expiration date
|
|
|
|
* indicate_mechs.c (gss_indicate_mechs): use
|
|
gss_create_empty_oid_set and gss_add_oid_set_member
|
|
|
|
* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
|
|
since there is no ticket transfered in the exported context
|
|
|
|
* export_name.c (gss_export_name): export name with
|
|
GSS_C_NT_EXPORT_NAME wrapping, not just the principal
|
|
|
|
* import_name.c (import_export_name): new function, parses a
|
|
GSS_C_NT_EXPORT_NAME
|
|
(import_krb5_name): factor out common code of parsing krb5 name
|
|
(gss_oid_equal): rename from oid_equal
|
|
|
|
* gssapi_locl.h: add prototypes for gss_oid_equal and
|
|
gss_verify_mic_internal
|
|
|
|
* gssapi.h: comment out the argument names
|
|
|
|
2003-03-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gssapi.3: add LIST OF FUNCTIONS and copyright/license
|
|
|
|
* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
|
|
|
|
* Makefile.am: man_MANS += gss_aquire_cred.3
|
|
|
|
2003-03-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* gss_aquire_cred.3: the gssapi api manpage
|
|
|
|
2003-03-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* inquire_context.c: (gss_inquire_context): rename argument open
|
|
to open_context
|
|
|
|
* gssapi.h (gss_inquire_context): rename argument open to open_context
|
|
|
|
2003-02-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* init_sec_context.c (do_delegation): remove unused variable
|
|
subkey
|
|
|
|
* gssapi.3: all 0.5.x version had broken token delegation
|
|
|
|
2003-02-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* (init_auth): only generate one subkey
|
|
|
|
2003-01-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
|
|
to rfc (and mit kerberos), provide backward compat hook
|
|
|
|
* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
|
|
mit kerberos), provide backward compat hook
|
|
|
|
* init_sec_context.c (init_auth): check if we need compat for
|
|
older get_mic/verify_mic
|
|
|
|
* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
|
|
|
|
* gssapi.h (more_flags): add COMPAT_OLD_DES3
|
|
|
|
* Makefile.am: add gssapi.3 and compat.c
|
|
|
|
* gssapi.3: add gssapi COMPATIBILITY documentation
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): check if we need
|
|
compat for older get_mic/verify_mic
|
|
|
|
* compat.c: check for compatiblity with other heimdal's 3des
|
|
get_mic/verify_mic
|
|
|
|
2002-10-31 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* check return value from gssapi_krb5_init
|
|
|
|
* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
|
|
|
|
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
|
|
|
|
* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
|
|
|
|
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* init_sec_context.c: we need to generate a local subkey here
|
|
|
|
2002-08-20 Jacques Vidrine <n@nectar.com>
|
|
|
|
* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
|
|
credential resolution if gss_acquire_cred is called with
|
|
GSS_C_NO_NAME.
|
|
|
|
2002-06-20 Jacques Vidrine <n@nectar.com>
|
|
|
|
* import_name.c: Compare name types by value if pointers do
|
|
not match. Reported by: "Douglas E. Engert" <deengert@anl.gov>
|
|
|
|
2002-05-20 Jacques Vidrine <n@nectar.com>
|
|
|
|
* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
|
|
the qop_state parameter. from Doug Rabson <dfr@nlsystems.com>
|
|
|
|
2002-05-09 Jacques Vidrine <n@nectar.com>
|
|
|
|
* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
|
|
|
|
2002-05-08 Jacques Vidrine <n@nectar.com>
|
|
|
|
* acquire_cred.c: initialize gssapi; handle null desired_name
|
|
|
|
2002-03-22 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* Makefile.am: remove non-functional stuff accidentally committed
|
|
|
|
2002-03-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
|
|
* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
|
|
bindings
|
|
|
|
2001-10-31 Jacques Vidrine <n@nectar.com>
|
|
|
|
* get_mic.c (mic_des3): MIC computation using DES3/SHA1
|
|
was bogusly appending the message buffer to the result,
|
|
overwriting a heap buffer in the process.
|
|
|
|
2001-08-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* 8003.c (gssapi_krb5_verify_8003_checksum,
|
|
gssapi_krb5_create_8003_checksum): make more consistent by always
|
|
returning an gssapi error and setting minor status. update
|
|
callers
|
|
|
|
2001-08-28 Jacques Vidrine <n@nectar.com>
|
|
|
|
* accept_sec_context.c: Create a cache for delegated credentials
|
|
when needed.
|
|
|
|
2001-08-28 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
|
|
|
|
2001-08-23 Assar Westerlund <assar@sics.se>
|
|
|
|
* *.c: handle minor_status more consistently
|
|
|
|
* display_status.c (gss_display_status): handle krb5_get_err_text
|
|
failing
|
|
|
|
2001-08-15 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* gssapi_locl.h: fix prototype for gssapi_krb5_init
|
|
|
|
2001-08-13 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
|
|
context and check return value from kt_resolve
|
|
|
|
* init.c: return error code
|
|
|
|
2001-07-19 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
|
|
|
|
2001-07-12 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LIBADD): add required library
|
|
dependencies
|
|
|
|
2001-07-06 Assar Westerlund <assar@sics.se>
|
|
|
|
* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
|
|
the keytab to be used for gss_acquire_cred too'
|
|
|
|
2001-07-03 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
|
|
|
|
2001-06-18 Assar Westerlund <assar@sics.se>
|
|
|
|
* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
|
|
and gss_krb5_get_remotekey
|
|
* verify_mic.c: update krb5_auth_con function names use
|
|
gss_krb5_get_remotekey
|
|
* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
|
|
and gss_krb5_get_remotekey
|
|
* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
|
|
add prototypes
|
|
* get_mic.c: update krb5_auth_con function names. use
|
|
gss_krb5_get_localkey
|
|
* accept_sec_context.c: update krb5_auth_con function names
|
|
|
|
2001-05-17 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: bump version to 3:1:2
|
|
|
|
2001-05-14 Assar Westerlund <assar@sics.se>
|
|
|
|
* address_to_krb5addr.c: adapt to new address functions
|
|
|
|
2001-05-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* try to return the error string from libkrb5 where applicable
|
|
|
|
2001-05-08 Assar Westerlund <assar@sics.se>
|
|
|
|
* delete_sec_context.c (gss_delete_sec_context): remember to free
|
|
the memory used by the ticket itself. from <tmartin@mirapoint.com>
|
|
|
|
2001-05-04 Assar Westerlund <assar@sics.se>
|
|
|
|
* gssapi_locl.h: add config.h for completeness
|
|
* gssapi.h: remove config.h, this is an installed header file
|
|
sys/types.h is not needed either
|
|
|
|
2001-03-12 Assar Westerlund <assar@sics.se>
|
|
|
|
* acquire_cred.c (gss_acquire_cred): remove memory leaks. from
|
|
Jason R Thorpe <thorpej@zembu.com>
|
|
|
|
2001-02-18 Assar Westerlund <assar@sics.se>
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): either return
|
|
gss_name NULL-ed or set
|
|
|
|
* import_name.c: set minor_status in some cases where it was not
|
|
done
|
|
|
|
2001-02-15 Assar Westerlund <assar@sics.se>
|
|
|
|
* wrap.c: use krb5_generate_random_block for the confounders
|
|
|
|
2001-01-30 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
|
|
* acquire_cred.c, init_sec_context.c, release_cred.c: add support
|
|
for getting creds from a keytab, from fvdl@netbsd.org
|
|
|
|
* copy_ccache.c: add gss_krb5_copy_ccache
|
|
|
|
2001-01-27 Assar Westerlund <assar@sics.se>
|
|
|
|
* get_mic.c: cast parameters to des function to non-const pointers
|
|
to handle the case where these functions actually take non-const
|
|
des_cblock *
|
|
|
|
2001-01-09 Assar Westerlund <assar@sics.se>
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
|
|
instead of krb5_rd_cred
|
|
|
|
2000-12-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
|
|
|
|
2000-12-08 Assar Westerlund <assar@sics.se>
|
|
|
|
* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
|
|
sequence number
|
|
* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
|
|
the sequence number
|
|
* init_sec_context.c (init_auth): always zero fwd_data
|
|
|
|
2000-12-06 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* accept_sec_context.c: de-pointerise auth_context parameter to
|
|
krb5_mk_rep
|
|
|
|
2000-11-15 Assar Westerlund <assar@sics.se>
|
|
|
|
* init_sec_context.c (init_auth): update to new
|
|
krb5_build_authenticator
|
|
|
|
2000-09-19 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
|
|
|
|
2000-08-27 Assar Westerlund <assar@sics.se>
|
|
|
|
* init_sec_context.c: actually pay attention to `time_req'
|
|
* init_sec_context.c: re-organize. leak less memory.
|
|
* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
|
|
update prototypes add assert.h
|
|
* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
|
|
add
|
|
* verify_mic.c: re-organize and add 3DES code
|
|
* wrap.c: re-organize and add 3DES code
|
|
* unwrap.c: re-organize and add 3DES code
|
|
* get_mic.c: re-organize and add 3DES code
|
|
* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
|
|
let the caller do that. fix the callers.
|
|
|
|
2000-08-16 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: bump version to 2:1:1
|
|
|
|
2000-07-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
|
|
|
|
2000-07-25 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* Makefile.am: bump version to 2:0:1
|
|
|
|
2000-07-22 Assar Westerlund <assar@sics.se>
|
|
|
|
* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
|
|
details from rfc2744
|
|
|
|
2000-06-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
|
|
`int' instead of `sa_family_t' for the address family.
|
|
|
|
2000-06-21 Assar Westerlund <assar@sics.se>
|
|
|
|
* add support for token delegation. From Daniel Kouril
|
|
<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
|
|
|
|
2000-05-15 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
|
|
|
|
2000-04-12 Assar Westerlund <assar@sics.se>
|
|
|
|
* release_oid_set.c (gss_release_oid_set): clear set for
|
|
robustness. From GOMBAS Gabor <gombasg@inf.elte.hu>
|
|
* release_name.c (gss_release_name): reset input_name for
|
|
robustness. From GOMBAS Gabor <gombasg@inf.elte.hu>
|
|
* release_buffer.c (gss_release_buffer): set value to NULL to be
|
|
more robust. From GOMBAS Gabor <gombasg@inf.elte.hu>
|
|
* add_oid_set_member.c (gss_add_oid_set_member): actually check if
|
|
the oid is a member first. leave the oid_set unchanged if realloc
|
|
fails.
|
|
|
|
2000-02-13 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: set version to 1:0:1
|
|
|
|
2000-02-12 Assar Westerlund <assar@sics.se>
|
|
|
|
* gssapi_locl.h: add flags for import/export
|
|
* import_sec_context.c (import_sec_context: add flags for what
|
|
fields are included. do not include the authenticator for now.
|
|
* export_sec_context.c (export_sec_context: add flags for what
|
|
fields are included. do not include the authenticator for now.
|
|
* accept_sec_context.c (gss_accept_sec_context): set target in
|
|
context_handle
|
|
|
|
2000-02-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* delete_sec_context.c (gss_delete_sec_context): set context to
|
|
GSS_C_NO_CONTEXT
|
|
|
|
* Makefile.am: add {export,import}_sec_context.c
|
|
* export_sec_context.c: new file
|
|
* import_sec_context.c: new file
|
|
* accept_sec_context.c (gss_accept_sec_context): set trans flag
|
|
|
|
2000-02-07 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: set version to 0:5:0
|
|
|
|
2000-01-26 Assar Westerlund <assar@sics.se>
|
|
|
|
* delete_sec_context.c (gss_delete_sec_context): handle a NULL
|
|
output_token
|
|
|
|
* wrap.c: update to pseudo-standard APIs for md4,md5,sha. some
|
|
changes to libdes calls to make them more portable.
|
|
* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
|
|
some changes to libdes calls to make them more portable.
|
|
* unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some
|
|
changes to libdes calls to make them more portable.
|
|
* get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some
|
|
changes to libdes calls to make them more portable.
|
|
* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
|
|
|
|
2000-01-06 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: set version to 0:4:0
|
|
|
|
1999-12-26 Assar Westerlund <assar@sics.se>
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): always set
|
|
`output_token'
|
|
* init_sec_context.c (init_auth): always initialize `output_token'
|
|
* delete_sec_context.c (gss_delete_sec_context): always set
|
|
`output_token'
|
|
|
|
1999-12-06 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: bump version to 0:3:0
|
|
|
|
1999-10-20 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: set version to 0:2:0
|
|
|
|
1999-09-21 Assar Westerlund <assar@sics.se>
|
|
|
|
* init_sec_context.c (gss_init_sec_context): initialize `ticket'
|
|
|
|
* gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick.
|
|
|
|
* delete_sec_context.c (gss_delete_sec_context): free ticket
|
|
|
|
* accept_sec_context.c (gss_accept_sec_context): stove away
|
|
`krb5_ticket' in context so that ugly programs such as
|
|
gss_nt_server can get at it. uck.
|
|
|
|
1999-09-20 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* accept_sec_context.c: set minor_status
|
|
|
|
1999-08-04 Assar Westerlund <assar@sics.se>
|
|
|
|
* display_status.c (calling_error, routine_error): right shift the
|
|
code to make it possible to index into the arrays
|
|
|
|
1999-07-28 Assar Westerlund <assar@sics.se>
|
|
|
|
* gssapi.h (GSS_C_AF_INET6): add
|
|
|
|
* import_name.c (import_hostbased_name): set minor_status
|
|
|
|
1999-07-26 Assar Westerlund <assar@sics.se>
|
|
|
|
* Makefile.am: set version to 0:1:0
|
|
|
|
Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
|
|
|
|
* display_status.c: set minor_status
|
|
|
|
* init_sec_context.c: set minor_status
|
|
|
|
* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
|
|
directly)
|
|
|