/crypto/heimdal/lib/gssapi/ChangeLog
https://bitbucket.org/freebsd/freebsd-head/ · #! · 2970 lines · 1781 code · 1189 blank · 0 comment · 0 complexity · 064e0feaf998d4b0551c28c4ef696f4c MD5 · raw file
Large files are truncated click here to view the full file
- 2008-08-14 Love Hornquist Astrand <lha@10a140laptop.local>
- * krb5/accept_sec_context.c: If there is a initiator subkey, copy
- that to acceptor subkey to match windows behavior. From Metze.
- 2008-08-02 Love Hörnquist Åstrand <lha@h5l.org>
- * ntlm/init_sec_context.c: Catch error
- * krb5/inquire_sec_context_by_oid.c: Catch store failure.
- * mech/gss_canonicalize_name.c: Not init m, return never
- used (overwritten later).
- 2008-07-25 Love Hörnquist Åstrand <lha@kth.se>
- * ntlm/init_sec_context.c: Use krb5_cc_get_config.
- 2008-07-25 Love Hörnquist Åstrand <lha@kth.se>
- * krb5/init_sec_context.c: Match the orignal patch I got from
- metze, seems that DCE-STYLE is even more weirer then what I though
- when I merged the patch.
- 2008-06-02 Love Hörnquist Åstrand <lha@kth.se>
- * krb5/init_sec_context.c: Don't add asn1 wrapping to token when
- using DCE_STYLE. Patch from Stefan Metzmacher.
- 2008-05-27 Love Hörnquist Åstrand <lha@kth.se>
-
- * ntlm/init_sec_context.c: use krb5_get_error_message
- 2008-05-05 Love Hörnquist Åstrand <lha@kth.se>
-
- * spnego/spnego_locl.h: Add back "mech/utils.h", its needed for
- oid/buffer functions.
- 2008-05-02 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego: Changes from doug barton to make spnego indepedant of
- the heimdal version of the plugin system.
- 2008-04-27 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5: use DES_set_key_unchecked()
- 2008-04-17 Love Hörnquist Åstrand <lha@it.su.se>
- * add __declspec() for windows.
- 2008-04-15 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/import_sec_context.c: Use tmp to read ac->flags value to
- avoid warning.
- 2008-04-07 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_mech_switch.c: Use unsigned where appropriate.
- 2008-03-14 Love Hörnquist Åstrand <lha@it.su.se>
- * test_context.c: Add test for gsskrb5_register_acceptor_identity.
- 2008-03-09 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/init_sec_context.c (init_auth): use right variable to
- detect if we want to free or not.
- 2008-02-26 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: add missing \
- * Makefile.am: reshuffle depenencies
- * Add flag to krb5 to not add GSS-API INT|CONF to the negotiation
- 2008-02-21 Love Hörnquist Åstrand <lha@it.su.se>
- * make the SPNEGO mech store the error itself instead, works for
- everything except other stackable mechs
- 2008-02-18 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/init_sec_context.c (spnego_reply): if the reply token was
- of length 0, make it the same as no token. Pointed out by Zeqing
- Xia.
- * krb5/acquire_cred.c (acquire_initiator_cred): handle the
- credential cache better, use destroy/close when appriate and for
- all cases. Thanks to Michael Allen for point out the memory-leak
- that I also fixed.
- 2008-02-03 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/accept_sec_context.c: Make error reporting somewhat more
- correct for SPNEGO.
- 2008-01-27 Love Hörnquist Åstrand <lha@it.su.se>
- * test_common.c: Improve the error message.
- 2008-01-24 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/accept_sec_context.c: Avoid free-ing type1 message before
- its allocated.
-
- 2008-01-13 Love Hörnquist Åstrand <lha@it.su.se>
- * test_ntlm.c: Test source name (and make the acceptor in ntlm gss
- mech useful).
- 2007-12-30 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/init_sec_context.c: Don't confuse target name and source
- name, make regressiont tests pass again.
-
- 2007-12-29 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm: clean up name handling
- 2007-12-04 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/init_sec_context.c: Use credential if it was passed in.
- * ntlm/acquire_cred.c: Check if there is initial creds with
- _gss_ntlm_get_user_cred().
- * ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
- return the user info so it can be used by external modules.
- * ntlm/inquire_cred.c: use the right error code.
- * ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
- credential, ntlm have (not yet) a default credential.
-
- * mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
- Phil Fisher.
- 2007-12-03 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_acquire_cred.c: Always try to fetch cred (even with
- GSS_C_NO_NAME).
- 2007-08-09 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
- 2007-08-08 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/compat.c (_gss_spnego_internal_delete_sec_context):
- release ctx->target_name too From Rafal Malinowski.
- 2007-07-26 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
- have dlopen. From Rune of Chalmers.
- 2007-07-10 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_duplicate_name.c: New signature of _gss_find_mn.
- * mech/gss_init_sec_context.c: New signature of _gss_find_mn.
- * mech/gss_acquire_cred.c: New signature of _gss_find_mn.
- * mech/name.h: New signature of _gss_find_mn.
- * mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
- * mech/gss_compare_name.c: New signature of _gss_find_mn.
- * mech/gss_add_cred.c: New signature of _gss_find_mn.
- * mech/gss_names.c (_gss_find_mn): Return an error code for
- caller.
- * spnego/accept_sec_context.c: remove checks that are done by the
- previous function.
- * Makefile.am: New library version.
- 2007-07-04 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
- Rafal Malinowski.
- * spnego/spnego.asn1: Indent and make NegTokenInit and
- NegTokenResp extendable.
- 2007-06-21 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
- * mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
-
- * mech/context.c: If the canned string is "", its no use to the
- user, make it fall back to the default error string.
-
- 2007-06-20 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_display_name.c (gss_display_name): no name ->
- fail. From Rafal Malinswski.
- * spnego/accept_sec_context.c: Wrap name in a spnego_name instead
- of just a copy of the underlaying object. From Rafal Malinswski.
- * spnego/accept_sec_context.c: Handle underlaying mech not
- returning mn.
- * mech/gss_accept_sec_context.c: Handle underlaying mech not
- returning mn.
- * spnego/accept_sec_context.c: Make sure src_name is always set to
- GSS_C_NO_NAME when returning.
- * krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
- everything is well on failure. From Phil Fisher.
- * mech/gss_duplicate_name.c: catch error (and ignore it)
- * ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
- * mech/gss_accept_sec_context.c: Only wrap the delegated cred if
- we got a delegated mech cred. From Rafal Malinowski.
- * spnego/accept_sec_context.c: Only wrap the delegated cred if we
- are going to return it to the consumer. From Rafal Malinowski.
- * spnego/accept_sec_context.c: Fixed memory leak pointed out by
- Rafal Malinowski, also while here moved to use NegotiationToken
- for decoding.
- 2007-06-18 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
- * krb5/release_name.c: Set *minor_status unconditionallty, its
- done later anyway.
- * spnego/accept_sec_context.c: Init get_mic to 0.
- * mech/gss_set_cred_option.c: Free memory in failure case, found
- by beam.
- * mech/gss_inquire_context.c: Handle mech_type being NULL.
- * mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
- * mech/gss_krb5.c: Free memory in error case, found by beam.
- 2007-06-12 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/inquire_context.c: Use ctx->gssflags for flags.
- * krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
- not ment for machine consumption.
- 2007-06-09 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
- by Rafal Malinowski.
-
- * ntlm/digest.c (kdc_destroy): free context when done, pointed out
- by Rafal Malinowski.
- * spnego/context_stubs.c (_gss_spnego_display_name): if input_name
- is null, fail. From Rafal Malinowski.
-
- 2007-06-04 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm/digest.c: Free memory when done.
-
- 2007-06-02 Love Hörnquist Åstrand <lha@it.su.se>
- * test_ntlm.c: Test both with and without keyex.
- * ntlm/digest.c: If we didn't set session key, don't expect one
- back.
- * test_ntlm.c: Set keyex flag and calculate session key.
-
- 2007-05-31 Love Hörnquist Åstrand <lha@it.su.se>
-
- * spnego/accept_sec_context.c: Use the return value before is
- overwritten by later calls. From Rafal Malinowski
- * krb5/release_cred.c: Give an minor_status argument to
- gss_release_oid_set. From Rafal Malinowski
-
- 2007-05-30 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/accept_sec_context.c: Catch errors and return the up the
- stack.
- * test_kcred.c: more testing of lifetimes
-
- 2007-05-17 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: Drop the gss oid_set function for the krb5 mech,
- use the mech glue versions instead. Pointed out by Rafal
- Malinowski.
- * krb5: Use gss oid_set functions from mechglue
- 2007-05-14 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/accept_sec_context.c: Set session key only if we are
- returned a session key. Found by David Love.
-
- 2007-05-13 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/prf.c: switched MIN to min to make compile on solaris,
- pointed out by David Love.
-
- 2007-05-09 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/inquire_cred_by_mech.c: Fill in all of the variables if
- they are passed in. Pointed out by Phil Fisher.
-
- 2007-05-08 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
- from Phil Fisher.
- * mech: dont keep track of gc_usage, just figure it out at
- gss_inquire_cred() time
- * mech/gss_mech_switch.c (add_builtin): ok for
- __gss_mech_initialize() to return NULL
- * test_kcred.c: more correct tests
- * spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
- spnego_name.
- * ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
- need to find default cred and friends.
- * krb5/inquire_cred_by_mech.c: reimplement
-
- 2007-05-07 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm/acquire_cred.c: drop unused variable.
- * ntlm/acquire_cred.c: Reimplement.
- * Makefile.am: add ntlm/digest.c
- * ntlm: split out backend ntlm server processing
- 2007-04-24 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
- credcache when done
-
- 2007-04-22 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
-
- * ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
- creds from the krb5 credential cache.
-
- 2007-04-21 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/delete_sec_context.c: free the key stored in the context
- * ntlm/ntlm.h: switch password for a key
- * test_oid.c: Switch oid to one that is exported.
-
- 2007-04-20 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/init_sec_context.c: move where hash is calculated to make
- it easier to add ccache support.
- * Makefile.am: Add version-script.map to EXTRA_DIST.
-
- 2007-04-19 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: Unconfuse newer versions of automake that doesn't
- know the diffrence between depenences and setting variables. foo:
- vs foo=.
- * test_ntlm.c: delete sec context when done.
- * version-script.map: export more symbols.
-
- * Makefile.am: add version script if ld supports it
-
- * version-script.map: add version script if ld supports it
-
- 2007-04-18 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am: test_acquire_cred need test_common.[ch]
- * test_acquire_cred.c: add more test options.
- * krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
- * gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
- * krb5/set_sec_context_option.c: refactor code, implement
- GSS_KRB5_CCACHE_NAME_X
- * mech/gss_krb5.c: reimplement gss_krb5_ccache_name
-
- 2007-04-17 Love Hörnquist Åstrand <lha@it.su.se>
-
- * spnego/cred_stubs.c: Need to import spnego name before we can
- use it as a gss_name_t.
- * test_acquire_cred.c: use this test as part of the regression
- suite.
- * mech/gss_acquire_cred.c (gss_acquire_cred): dont init
- cred->gc_mc every time in the loop.
-
- 2007-04-15 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: add test_common.h
-
- 2007-02-16 Love Hörnquist Åstrand <lha@it.su.se>
- * gss_acquire_cred.3: Add link for
- gsskrb5_register_acceptor_identity.
- 2007-02-08 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/copy_ccache.c: Try to leak less memory in the failure case.
-
- 2007-01-31 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_display_status.c: Use right printf formater.
- * test_*.[ch]: split out the error printing function and try to
- return better errors
- 2007-01-30 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
- GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
-
- This is because Kerberos always support INT|CONF, matches behavior
- with MS and MIT. The creates problems for the GSS-SPNEGO mech.
-
- 2007-01-24 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/prf.c: constrain desired_output_len
- * krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
- * mech/gss_pseudo_random.c: Catch error from underlaying mech on
- failure.
- * Makefile.am: Add krb5/prf.c
- * krb5/prf.c: gss_pseudo_random for krb5
- * test_context.c: Checks for gss_pseudo_random.
- * krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
- * Makefile.am: Add mech/gss_pseudo_random.c
- * gssapi/gssapi.h: try to load pseudo_random
- * mech/gss_mech_switch.c: try to load pseudo_random
- * mech/gss_pseudo_random.c: Add gss_pseudo_random.
- * gssapi_mech.h: Add hook for gm_pseudo_random.
-
- 2007-01-17 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c: Don't assume bufer from gss_display_status is
- ok.
- * mech/gss_wrap_size_limit.c: Reset out variables.
- * mech/gss_wrap.c: Reset out variables.
- * mech/gss_verify_mic.c: Reset out variables.
- * mech/gss_utils.c: Reset out variables.
- * mech/gss_release_oid_set.c: Reset out variables.
- * mech/gss_release_cred.c: Reset out variables.
- * mech/gss_release_buffer.c: Reset variables.
- * mech/gss_oid_to_str.c: Reset out variables.
- * mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
- * mech/gss_mech_switch.c: Reset out variables.
- * mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
- * mech/gss_inquire_names_for_mech.c: Reset out variables.
- * mech/gss_inquire_cred_by_oid.c: Reset out variables.
- * mech/gss_inquire_cred_by_oid.c: Reset out variables.
- * mech/gss_inquire_cred_by_mech.c: Reset out variables.
- * mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
- * mech/gss_inquire_context.c: Reset out variables.
- * mech/gss_init_sec_context.c: Zero out outbuffer on failure.
- * mech/gss_import_name.c: Reset out variables.
- * mech/gss_import_name.c: Reset out variables.
- * mech/gss_get_mic.c: Reset out variables.
- * mech/gss_export_name.c: Reset out variables.
- * mech/gss_encapsulate_token.c: Reset out variables.
- * mech/gss_duplicate_oid.c: Reset out variables.
- * mech/gss_duplicate_oid.c: Reset out variables.
- * mech/gss_duplicate_name.c: Reset out variables.
- * mech/gss_display_status.c: Reset out variables.
- * mech/gss_display_name.c: Reset out variables.
- * mech/gss_delete_sec_context.c: Reset out variables using propper
- macros.
- * mech/gss_decapsulate_token.c: Reset out variables using propper
- macros.
- * mech/gss_add_cred.c: Reset out variables.
- * mech/gss_acquire_cred.c: Reset out variables.
- * mech/gss_accept_sec_context.c: Reset out variables using propper
- macros.
- * mech/gss_init_sec_context.c: Reset out variables.
- * mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
- gss_buffer_t
- 2007-01-16 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech: sprinkel _gss_mg_error
- * mech/gss_display_status.c (gss_display_status): use
- _gss_mg_get_error to fetch the error from underlaying mech, if it
- failes, let do the regular dance for GSS-CODE version and a
- generic print-the-error code for MECH-CODE.
- * mech/gss_oid_to_str.c: Don't include the NUL in the length of
- the string.
- * mech/context.h: Protoypes for _gss_mg_.
- * mech/context.c: Glue to catch the error from the lower gss-api
- layer and save that for later so gss_display_status() can show the
- error.
- * gss.c: Detect NTLM.
-
- 2007-01-11 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_accept_sec_context.c: spelling
-
- 2007-01-04 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am: Include build (private) prototypes header files.
- * Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
-
- 2006-12-28 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm/accept_sec_context.c: Pass signseal argument to
- _gss_ntlm_set_key.
- * ntlm/init_sec_context.c: Pass signseal argument to
- _gss_ntlm_set_key.
- * ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
- * test_ntlm.c: add ntlmv2 test
- * ntlm/ntlm.h: break out struct ntlmv2_key;
- * ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
- * ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
- * ntlm/ntlm.h: NTLMv2 keys.
- * ntlm/crypto.c: NTLMv2 sign and verify.
-
- 2006-12-20 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/accept_sec_context.c: Don't send targetinfo now.
-
- * ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
- * ntlm/init_sec_context.c: Leak less memory.
- * ntlm/init_sec_context.c: Announce that we support key exchange.
- * ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
- session security (disable because missing sign and seal).
-
- 2006-12-19 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm/accept_sec_context.c: split RC4 send and recv keystreams
- * ntlm/init_sec_context.c: split RC4 send and recv keystreams
- * ntlm/ntlm.h: split RC4 send and recv keystreams
- * ntlm/crypto.c: Implement SEAL.
- * ntlm/crypto.c: move gss_wrap/gss_unwrap here
- * test_context.c: request INT and CONF from the gss layer, test
- get and verify MIC.
- * ntlm/ntlm.h: add crypto bits.
- * ntlm/accept_sec_context.c: Save session master key.
- * Makefile.am: Move get and verify mic to the same file (crypto.c)
- since they share code.
- * ntlm/crypto.c: Move get and verify mic to the same file since
- they share code, implement NTLM v1 and dummy signatures.
- * ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
- GSS_C_INTEG_FLAG, save the session master key
-
- * spnego/accept_sec_context.c: try using gss_accept_sec_context()
- on the opportunistic token instead of guessing the acceptor name
- and do gss_acquire_cred, this make SPNEGO work like before.
-
- 2006-12-18 Love Hörnquist Åstrand <lha@it.su.se>
-
- * ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
- key.
- * spnego/accept_sec_context.c: Resurect negHints for the acceptor
- sends first packet.
-
- * Makefile.am: Add "windows" versions of the NegTokenInitWin and
- friends.
- * test_context.c: add --wrapunwrap flag
- * spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
- compat.c, use the sequence types of MechTypeList, make
- add_mech_type() static.
- * spnego/accept_sec_context.c: move
- _gss_spnego_indicate_mechtypelist() to compat.c
- * Makefile.am: Generate sequence code for MechTypeList
- * spnego: check that the generated acceptor mechlist is acceptable too
- * spnego/init_sec_context.c: Abstract out the initiator filter
- function, it will be needed for the acceptor too.
- * spnego/accept_sec_context.c: Abstract out the initiator filter
- function, it will be needed for the acceptor too. Remove negHints.
- * test_context.c: allow asserting return mech
- * ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
- * ntlm/acquire_cred.c: Check that the KDC seem to there and
- answering us, we can't do better then that wen checking if we will
- accept the credential.
- * ntlm/get_mic.c: return GSS_S_UNAVAILABLE
- * mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
- * mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
- * spnego/spnego.asn1: Its very sad, but NegHints its are not part
- of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
-
- * spnego: try harder to handle names better. handle missing
- acceptor and initator creds better (ie dont propose/accept mech
- that there are no credentials for) split NegTokenInit and
- NegTokenResp in acceptor
- 2006-12-16 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/import_name.c: Allocate the buffer from the right length.
-
- 2006-12-15 Love Hörnquist Åstrand <lha@it.su.se>
- * ntlm/init_sec_context.c (init_sec_context): Tell the other side
- what domain we think we are talking to.
- * ntlm/delete_sec_context.c: free username and password
- * ntlm/release_name.c (_gss_ntlm_release_name): free name.
- * ntlm/import_name.c (_gss_ntlm_import_name): add support for
- GSS_C_NT_HOSTBASED_SERVICE names
- * ntlm/ntlm.h: Add ntlm_name.
- * test_context.c: allow testing of ntlm.
- * gssapi_mech.h: add __gss_ntlm_initialize
- * ntlm/accept_sec_context.c (handle_type3): verify that the kdc
- approved of the ntlm exchange too
- * mech/gss_mech_switch.c: Add the builtin ntlm mech
- * test_ntlm.c: NTLM test app.
- * mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
- * gssapi/gssapi.h: add ntlm mech oid
- * ntlm/external.c: Switch OID to the ms ntlmssp oid
- * Makefile.am: Add ntlm gss-api module.
- * ntlm/accept_sec_context.c: Catch more error errors.
- * ntlm/accept_sec_context.c: Check after a credential to use.
-
- 2006-12-14 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
- don't fail on success. Bug report from Stefan Metzmacher.
-
- 2006-12-13 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/init_sec_context.c (init_auth): only turn on
- GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
- From Stefan Metzmacher.
-
- 2006-12-11 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
- spnego_asn1.h.
- 2006-11-20 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
- context argument.
-
- 2006-11-16 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c: Test that token keys are the same, return
- actual_mech.
-
- 2006-11-15 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
- * spnego/accept_sec_context.c: Use ASN.1 encoder functions to
- encode CHOICE structure now that we can handle it.
- * spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
- CHOICE structure now that we can handle it.
- * spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
- send back ad accept_completed when the security context is ->open,
- w/o this the client doesn't know that the server have completed
- the transaction.
- * test_context.c: Add delegate flag and check that the delegated
- cred works.
- * spnego/init_sec_context.c: Keep track of the opportunistic token
- in the inital message, it might be a complete gss-api context, in
- that case we'll get back accept_completed without any token. With
- this change, krb5 w/o mutual authentication works.
- * spnego/accept_sec_context.c: Use ASN.1 encoder functions to
- encode CHOICE structure now that we can handle it.
- * spnego/accept_sec_context.c: Filter out SPNEGO from the out
- supported mechs list and make sure we don't select that for the
- preferred mechamism.
-
- 2006-11-14 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
- cred finding to its own function
- * krb5/wrap.c: Better error strings, from Andrew Bartlet.
-
- 2006-11-13 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c: Create our own krb5_context.
- * krb5: Switch from using a specific error message context in the
- TLS to have a whole krb5_context in TLS. This have some
- interestion side-effekts for the configruration setting options
- since they operate on per-thread basis now.
- * mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
- and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
-
- 2006-11-12 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: Help solaris make even more.
- * Makefile.am: Help solaris make.
-
- 2006-11-09 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
- * mech/gss_accept_sec_context.c: Try better guessing what is mech
- we are going to select by looking harder at the input_token, idea
- from Luke Howard's mechglue branch.
- * Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
- * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
- * mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
- * gssapi/gssapi.h: GSS_KRB5_S_
- * krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
- * gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
- * Makefile.am: Build and install gkrb5_err.h
- * krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
-
- 2006-11-08 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_krb5.c: Add gsskrb5_set_default_realm.
- * krb5/set_sec_context_option.c: Support
- GSS_KRB5_SET_DEFAULT_REALM_X.
- * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
- * krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
-
- 2006-11-07 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c: rename krb5_[gs]et_time_wrap to
- krb5_[gs]et_max_time_skew
- * krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
- no longer used, bye bye
- * mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
- * mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
- _gsskrb5_decode_om_uint32. From Andrew Bartlet.
- * mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
- now.
- * spnego/spnego_locl.h: Include <roken.h> for compatiblity.
- * krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
- DCE-STYLE, don't try to use to. From Andrew Bartlett.
- * test_context.c: test wrap/unwrap, add flag for dce-style and
- mutual auth, also support multi-roundtrip sessions
- * krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
- * krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
- krb5_rd_req_ctx
- * mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
- token subkey
- * krb5/inquire_sec_context_by_oid.c: check if there is any key at
- all
-
- 2006-11-06 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/inquire_sec_context_by_oid.c: Set more error strings, use
- right enum for acceptor subkey. From Andrew Bartlett.
-
- 2006-11-04 Love Hörnquist Åstrand <lha@it.su.se>
- * test_context.c: Test gsskrb5_extract_service_keyblock, needed in
- PAC valication. From Andrew Bartlett
- * mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
- and keyblock extraction functions.
- * gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
- Andrew Bartlett.
- * krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
-
- 2006-11-03 Love Hörnquist Åstrand <lha@it.su.se>
- * test_context.c: Rename various routines and constants from
- canonize to canonicalize. From Andrew Bartlett
- * mech/gss_krb5.c: Rename various routines and constants from
- canonize to canonicalize. From Andrew Bartlett
- * krb5/set_sec_context_option.c: Rename various routines and
- constants from canonize to canonicalize. From Andrew Bartlett
- * krb5/external.c: Rename various routines and constants from
- canonize to canonicalize. From Andrew Bartlett
-
- * gssapi/gssapi_krb5.h: Rename various routines and constants from
- canonize to canonicalize. From Andrew Bartlett
-
- 2006-10-25 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
- to free ccache
-
- 2006-10-24 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c (loop): free target_name
- * mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
-
- * mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc'
- * krb5/init_sec_context.c: Avoid leaking memory.
- * mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
- ->elements memory.
- * test_context.c: make compile
- * krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
- * krb5/set_cred_option.c (import_cred): free sp
-
- 2006-10-22 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_add_oid_set_member.c: Use old implementation of
- gss_add_oid_set_member, it leaks less memory.
- * krb5/test_cfx.c: free krb5_crypto.
- * krb5/test_cfx.c: free krb5_context
- * mech/gss_release_name.c (gss_release_name): free input_name
- it-self.
-
- 2006-10-21 Love Hörnquist Åstrand <lha@it.su.se>
- * test_context.c: Call setprogname.
- * mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
- * gssapi/gssapi_krb5.h: add
- gsskrb5_extract_authtime_from_sec_context
-
- 2006-10-20 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/inquire_sec_context_by_oid.c: Add get_authtime.
- * krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
- * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
- * krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
- * mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
- * gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
- gsskrb5_set_send_to_kdc
- * krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
- * Makefile.am: more files
-
- 2006-10-19 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
- * test_context.c: Allow specifing mech.
- * krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
- * gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
- GSS_SASL_DIGEST_MD5_MECHANISM
-
- 2006-10-18 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
- except a tag.
- * mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
- * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
- * krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
- * gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
- GSS_KRB5_GET_SUBKEY_X
- * krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
- GSS_KRB5_GET_SUBKEY_X
-
- 2006-10-17 Love Hörnquist Åstrand <lha@it.su.se>
-
- * test_context.c: Support switching on name type oid's
- * test_context.c: add test for dns canon flag
- * mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
- * gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
- * gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
- * krb5/set_sec_context_option.c: implement
- GSS_KRB5_SET_DNS_CANONIZE_X
- * gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
- * krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
- * mech/gss_krb5.c: add bits to make lucid context work
-
- 2006-10-14 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_oid_to_str.c: Prefix der primitives with der_.
- * krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
- der_.
- * krb5/encapsulate.c: Prefix der primitives with der_.
- * mech/gss_oid_to_str.c: New der_print_heim_oid signature.
-
- 2006-10-12 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: add test_context
- * krb5/inquire_sec_context_by_oid.c: Make it work.
- * test_oid.c: Test lucid oid.
- * gssapi/gssapi.h: Add OM_uint64_t.
- * krb5/inquire_sec_context_by_oid.c: Add lucid interface.
- * krb5/external.c: Add lucid interface, renumber oids to my
- delegated space.
- * mech/gss_krb5.c: Add lucid interface.
- * gssapi/gssapi_krb5.h: Add lucid interface.
- * spnego/spnego_locl.h: Maybe include <netdb.h>.
-
- 2006-10-09 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
-
- 2006-10-08 Love Hörnquist Åstrand <lha@it.su.se>
- * Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
- * gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
- * gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
- * Makefile.am: Drop some -I no longer needed.
- * gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
- * krb5: reference all include files using 'krb5/'
- 2006-10-07 Love Hörnquist Åstrand <lha@it.su.se>
- * gssapi.h: Add file inclusion protection.
- * gssapi/gssapi.h: Correct header file inclusion protection.
- * gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
- lib/gssapi/gssapi/ to please automake.
-
- * spnego/spnego_locl.h: Maybe include <sys/types.h>.
- * mech/mech_locl.h: Include <roken.h>.
- * Makefile.am: split build files into dist_ and noinst_ SOURCES
-
- 2006-10-06 Love Hörnquist Åstrand <lha@it.su.se>
- * gss.c: #if 0 out unused code.
- * mech/gss_mech_switch.c: Cast argument to ctype(3) functions
- to (unsigned char).
-
- 2006-10-05 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/name.h: remove <sys/queue.h>
- * mech/mech_switch.h: remove <sys/queue.h>
-
- * mech/cred.h: remove <sys/queue.h>
- 2006-10-02 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/arcfour.c: Thinker more with header lengths.
- * krb5/arcfour.c: Improve the calcucation of header
- lengths. DCE-STYLE data is also padded so remove if (1 || ...)
- code.
- * krb5/wrap.c (_gsskrb5_wrap_size_limit): use
- _gssapi_wrap_size_arcfour for arcfour
- * krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
- * Makefile.am: Split all mech to diffrent mechsrc variables.
- * spnego/context_stubs.c: Make internal function static (and
- rename).
-
- 2006-10-01 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
- Barth.
- * spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
-
- 2006-09-25 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/arcfour.c: Add wrap support, interrop with itself but not
- w2k3s-sp1
- * krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
- arcfour header.
- * krb5/arcfour.c: Support DCE-style unwrap, tested with
- w2k3server-sp1.
- * mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
- token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
- a DCE-style kerberos 5 connection. XXX this needs to be made
- better in cause we get another GSS-API protocol violating
- protocol. It should be possible to detach the Kerberos DCE-style
- since it starts with a AP-REQ PDU, but that have to wait for now.
-
- 2006-09-22 Love Hörnquist Åstrand <lha@it.su.se>
- * gssapi.h: Add GSS_C flags from
- draft-brezak-win2k-krb-rc4-hmac-04.txt.
- * krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
- indent.
- * krb5/accept_sec_context.c: Merge of the acceptor part from the
- samba patch by Stefan Metzmacher and Andrew Bartlet.
- * krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
- * krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
- initiator part from the samba patch by Stefan Metzmacher and
- Andrew Bartlet (still missing DCE/RPC support)
- 2006-08-28 Love Hörnquist Åstrand <lha@it.su.se>
- * gss.c (help): use sl_slc_help().
-
- 2006-07-22 Love Hörnquist Åstrand <lha@it.su.se>
- * gss-commands.in: rename command to supported-mechanisms
- * Makefile.am: Make gss objects depend on the slc built
- gss-commands.h
-
- 2006-07-20 Love Hörnquist Åstrand <lha@it.su.se>
-
- * gss-commands.in: add slc commands for gss
- * krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
- * Makefile.am: Add test_cfx
- * krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
- * krb5/set_sec_context_option.c: catch
- GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
- * krb5/accept_sec_context.c: reimplement
- gsskrb5_register_acceptor_identity
- * mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
- * mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
- * mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
- * mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
- only once, this have the side effect that _gss_mechs and
- _gss_mech_oids is only initialized once, so if just the users of
- these two global variables calls _gss_load_mech() first, it will
- act as a barrier and make sure the variables are never changed and
- we don't need to lock them.
- * mech/utils.h: no need to mark functions extern.
- * mech/name.h: no need to mark _gss_find_mn extern.
-
- 2006-07-19 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/cfx.c: Redo the wrap length calculations.
- * krb5/test_cfx.c: test max_wrap_size in cfx.c
- * mech/gss_display_status.c: Handle more error codes.
-
- 2006-07-07 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
- * mech/mechqueue.h: Add SLIST macros.
- * krb5/inquire_context.c: Don't free return values on success.
- * krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
- is the default cred, acquire the acceptor cred and initator cred
- in two diffrent steps and then query them for the information,
- this way, the code wont fail if there are no keytab, but there is
- a credential cache.
- * mech/gss_inquire_cred.c: move the check if we found any cred
- where it matter for both cases
- (default cred and provided cred)
- * mech/gss_init_sec_context.c: If the desired mechanism can't
- convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
- NULL de-reference.
-
- 2006-07-06 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/external.c: readd gss_spnego_inquire_names_for_mech
- * spnego/spnego_locl.h: reimplement
- gss_spnego_inquire_names_for_mech add support function
- _gss_spnego_supported_mechs
- * spnego/context_stubs.h: reimplement
- gss_spnego_inquire_names_for_mech add support function
- _gss_spnego_supported_mechs
- * spnego/context_stubs.c: drop gss_spnego_indicate_mechs
-
- * mech/gss_indicate_mechs.c: if the underlaying mech doesn't
- support gss_indicate_mechs, use the oid in the mechswitch
- structure
- * spnego/external.c: let the mech glue layer implement
- gss_indicate_mechs
- * spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
- desired_mechs, get our own list with indicate_mechs and remove
- ourself.
-
- 2006-07-05 Love Hörnquist Åstrand <lha@it.su.se>
- * spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
- the mechglue layer implement it
-
- * spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
- the mechglue layer implement it
- * spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
- the mechglue layer implement it
- 2006-07-01 Love Hörnquist Åstrand <lha@it.su.se>
-
- * mech/gss_set_cred_option.c: fix argument to gss_release_cred
-
- 2006-06-30 Love Hörnquist Åstrand <lha@it.su.se>
- * krb5/init_sec_context.c: Make work on compilers that are
- somewhat more picky then gcc4 (like gcc2.95)
- * krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
- convert fwd_flags to an integer, since otherwise int2KDCOptions in
- krb5_get_forwarded_creds wont do the right thing.
- * mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
- failure
- * krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
- init global kerberos context
- * krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
- kerberos context
- * mech/gss_accept_sec_context.c: Insert the delegated sub cred on
- the delegated cred handle, not cred handle
- * mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
- the case where ret_flags == NULL
- * mech/gss_mech_switch.c (add_builtin): set
- _gss_mech_switch->gm_mech_oid
- * mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
- * test_cred.c (gss_print_errors): don't try to print error when
- gss_display_status failed
- * Makefile.am: Add mech/gss_release_oid.c
-
- * mech/gss_release_oid.c: Add gss_release_oid, reverse of
- gss_duplicate_oid
- * spnego/compat.c: preferred_mech_type was allocated with
- gss_duplicate_oid in one place and assigned static varianbles a
- the second place. change that static assignement to
- gss_duplicate_oid and bring back gss_release_oid.
- * spnego/compat.c (_gss_spnego_delete_sec_context): don't release
- preferred_mech_type and negotiated_mech_type, they where never
- allocated from the begining.
-
- 2006-06-29 Love Hörnquist Åstrand <lha@it.su.se>
- * mech/gss_import_name.c (gss_import_name): avoid
- type-punned/strict aliasing rules
- * mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
- * gssapi.h: Make gss_name_t an opaque type.
-
- * krb5: make gss_name_t an opaque type
- * krb5/set_cred_option.c: Add
- * mech/gss_set_cred_option.c (gss_set_cred_option): support the
- case where *cred_handle == NULL
- * mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
- GSS_C_NO_CREDENTIAL on failure.
- * mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
- NO_OID_SET, there is a need to load the mechs, so always do that.
-
- 2006-06-28 Love Hörnquist Åstrand <lha@it.su.se>
-
- * krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
- to instead pass a fullname to the credential, then resolve and
- copy out the content, and then close the cred.
- * mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
- pass a fullname to the credential, then resolve and copy out the
- content, and then close the cred.
-
- * krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
- interface needs to be re-done, currently its utterly broken.
- * mech/gss_set_cred_option.c: Make work.
- * krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
- * mech/gss_krb5.c (gss_krb5_import_cred): implement
- * Makefile.am: Add gss_set_{sec_context,cred}_option and sort
-
- * mech/gss_set_{sec_context,cred}_option.c: add
- * gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
- * test_*.c: make compile again
- * Makefile.am: Add lib dependencies and test programs
- * spnego: remove dependency on libkrb5
- * mech: Bug fixes, cleanup, compiler warnings, restructure code.
- * spnego: Rename gss_context_id_t and gss_cred_id_t to local names
- * krb5: repro copy the krb5 files here
- * mech: import Doug Rabson mechglue from freebsd
-
- * spnego: Import Luke Howard's SPNEGO from the mechglue branch
- 2006-06-22 Love Hörnquist Åstrand <lha@it.su.se>
- * gssapi.h: Add oid_to_str.
- * Makefile.am: add oid_to_str and test_oid
-
- * oid_to_str.c: Add gss_oid_to_str
- * test_oid.c: Add test for gss_oid_to_str()
-
- 2006-05-13 Love Hörnquist Åstrand <lha@it.su.se>
- * verify_mic.c: Less pointer signedness warnings.
- * unwrap.c: Less pointer signedness warnings.
- * arcfour.c: Less pointer signedness warnings.
- * gssapi_locl.h: Use const void * to instead of unsigned char * to
- avoid pointer signedness warnings.
- * encapsulate.c: Use const void * to instead of unsigned char * to
- avoid pointer signedness warnings.
- * decapsulate.c: Use const void * to instead of unsigned char * to
- avoid pointer signedness warnings.
- * decapsulate.c: Less pointer signedness warnings.
- * cfx.c: Less pointer signedness warnings.
- * init_sec_context.c: Less pointer signedness warnings (partly by
- using the new asn.1 CHOICE decoder)
- * import_sec_context.c: Less pointer signedness warnings.
- 2006-05-09 Love Hörnquist Åstrand <lha@it.su.se>
- * accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
- Andrew Abartlet.
-
- 2006-05-08 Love Hörnquist Åstrand <lha@it.su.se>
- * get_mic.c (mic_des3): make sure message_buffer doesn't point to
- free()ed memory on failure. Pointed out by IBM checker.
-
- 2006-05-05 Love Hörnquist Åstrand <lha@it.su.se>
- * Rename u_intXX_t to uintXX_t
-
- 2006-05-04 Love Hörnquist Åstrand <lha@it.su.se>
- * cfx.c: Less pointer signedness warnings.
- * arcfour.c: Avoid pointer signedness warnings.
- * gssapi_locl.h (gssapi_decode_*): make data argument const void *
-
- * 8003.c (gssapi_decode_*): make data argument const void *
-
- 2006-04-12 Love Hörnquist Åstrand <lha@it.su.se>
-
- * export_sec_context.c: Export sequence order element. From Wynn
- Wilkes <wynn.wilkes@quest.com>.
- * import_sec_context.c: Import sequence order element. From Wynn
- Wilkes <wynn.wilkes@quest.com>.
- * sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
- New functions, used by {import,export}_sec_context. From Wynn
- Wilkes <wynn.wilkes@quest.com>.
- * test_sequence.c: Add test for import/export sequence.
-
- 2006-04-09 Love Hörnquist Åstrand <lha@it.su.se>
-
- * add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
- standard conformance failure, but much better then a crash.
-
- 2006-04-02 Love Hörnquist Åstrand <lha@it.su.se>
-
- * get_mic.c (get_mic*)_: make sure message_token is cleaned on
- error, found by IBM checker.
- * wrap.c (wrap*): Reset output_buffer on error, found by IBM
- checker.
-
- 2006-02-15 Love Hörnquist Åstrand <lha@it.su.se>
-
- * import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
- GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
-
- 2006-01-16 Love Hörnquist Åstrand <lha@it.su.se>
-
- * delete_sec_context.c (gss_delete_sec_context): if the context
- handle is GSS_C_NO_CONTEXT, don't fall over.
- 2005-12-12 Love Hörnquist Åstrand <lha@it.su.se>
- * gss_acquire_cred.3: Replace gss_krb5_import_ccache with
- gss_krb5_import_cred and add more references
-
- 2005-12-05 Love Hörnquist Åstrand <lha@it.su.se>
- * gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
- it can handle keytabs too.
- * add_cred.c (gss_add_cred): avoid deadlock
- * context_time.c (gssapi_lifetime_left): define the 0 lifetime as
- GSS_C_INDEFINITE.
-
- 2005-12-01 Love Hörnquist Åstrand <lha@it.su.se>
- * acquire_cred.c (acquire_acceptor_cred): only check if principal
- exists if we got called with principal as an argument.
- * acquire_cred.c (acquire_acceptor_cred): check that the acceptor
- exists in the keytab before returning ok.
-
- 2005-11-29 Love Hörnquist Åstrand <lha@it.su.se>
-
- * copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
- Bartlett.
-
- 2005-11-25 Love Hörnquist Åstrand <lha@it.su.se>
- * test_kcred.c: Rename gss_krb5_import_ccache to
- gss_krb5_import_cred.
-
- * copy_ccache.c: Rename gss_krb5_import_ccache to
- gss_krb5_import_cred and let it grow code to handle keytabs too.
-
- 2005-11-02 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c: Change sematics of ok-as-delegate to match
- windows if
- [gssapi]realm/ok-as-delegate=true is set, otherwise keep old
- sematics.
-
- * release_cred.c (gss_release_cred): use
- GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
- krb5_cc_destroy-ed
-
- * acquire_cred.c (acquire_initiator_cred):
- GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
- * accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
- to use gss_krb5_import_ccache
-
- 2005-11-01 Love Hörnquist Åstrand <lha@it.su.se>
- * arcfour.c: Remove signedness warnings.
-
- 2005-10-31 Love Hörnquist Åstrand <lha@it.su.se>
- * gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
- by reference.
- * copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
- of the ccache, make a reference by getting the name and resolving
- the name. This way the cache is shared, this flipp side is of
- course that if someone calls krb5_cc_destroy the cache is lost for
- everyone.
-
- * test_kcred.c: Remove memory leaks.
-
- 2005-10-26 Love Hörnquist Åstrand <lha@it.su.se>
-
- * Makefile.am: build test_kcred
-
- * gss_acquire_cred.3: Document gss_krb5_import_ccache
- * gssapi.3: Sort and add gss_krb5_import_ccache.
-
- * acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
- used to extract lifetime from a credential cache
- * gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
- lifetime from a credential cache.
- * gssapi.h: add gss_krb5_import_ccache, reverse of
- gss_krb5_copy_ccache
- * copy_ccache.c: add gss_krb5_import_ccache, reverse of
- gss_krb5_copy_ccache
- * test_kcred.c: test gss_krb5_import_ccache
-
- 2005-10-21 Love Hörnquist Åstrand <lha@it.su.se>
- * acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
- to find a matching creditial cache, if that failes, fallback to
- the default cache.
-
- 2005-10-12 Love Hörnquist Åstrand <lha@it.su.se>
- * gssapi_locl.h: Add gssapi_krb5_set_status and
- gssapi_krb5_clear_status
-
- * init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
- errors, use GSS-API errors instead. From Michael B Allen.
- * display_status.c: Add gssapi_krb5_clear_status,
- gssapi_krb5_set_status for handling error messages.
-
- 2005-08-23 Love Hörnquist Åstrand <lha@it.su.se>
- * external.c: Use rk_UNCONST to avoid const warning.
-
- * display_status.c: Constify strings to avoid warnings.
-
- 2005-08-11 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c: avoid warnings, update (c)
- 2005-07-13 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c (spnego_initial): use NegotiationToken
- encoder now that we have one with the new asn1. compiler.
-
- * Makefile.am: the new asn.1 compiler includes the modules name in
- the depend file
- 2005-06-16 Love Hörnquist Åstrand <lha@it.su.se>
- * decapsulate.c: use rk_UNCONST
- * ccache_name.c: rename to avoid shadowing
- * gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
-
- * process_context_token.c: use rk_UNCONST to unconstify
-
- * test_cred.c: rename optind to optidx
- 2005-05-30 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c (init_auth): honor ok-as-delegate if local
- configuration approves
- * gssapi_locl.h: prototype for _gss_check_compat
- * compat.c: export check_compat as _gss_check_compat
- 2005-05-29 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
- problems with system headerfiles that pollute the name space.
- * accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
- problems with system headerfiles that pollute the name space.
- 2005-05-17 Love Hörnquist Åstrand <lha@it.su.se>
- * init_sec_context.c (init_auth): set
- KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
- also while here, use krb5_auth_con_addflags
- 2005-05-06 Love Hörnquist Åstrand <lha@it.su.se>
- * arcfour.c (_…