PageRenderTime 57ms CodeModel.GetById 28ms app.highlight 12ms RepoModel.GetById 3ms app.codeStats 1ms

/crypto/heimdal/lib/gssapi/ChangeLog

https://bitbucket.org/freebsd/freebsd-head/
#! | 2970 lines | 1781 code | 1189 blank | 0 comment | 0 complexity | 064e0feaf998d4b0551c28c4ef696f4c MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   12008-08-14  Love Hornquist Astrand  <lha@10a140laptop.local>
   2
   3	* krb5/accept_sec_context.c: If there is a initiator subkey, copy
   4	that to acceptor subkey to match windows behavior. From Metze.
   5
   62008-08-02  Love Hörnquist Åstrand  <lha@h5l.org>
   7
   8	* ntlm/init_sec_context.c: Catch error
   9
  10	* krb5/inquire_sec_context_by_oid.c: Catch store failure.
  11
  12	* mech/gss_canonicalize_name.c: Not init m, return never
  13	used (overwritten later).
  14
  152008-07-25  Love Hörnquist Åstrand  <lha@kth.se>
  16
  17	* ntlm/init_sec_context.c: Use krb5_cc_get_config.
  18
  192008-07-25  Love Hörnquist Åstrand  <lha@kth.se>
  20
  21	* krb5/init_sec_context.c: Match the orignal patch I got from
  22	metze, seems that DCE-STYLE is even more weirer then what I though
  23	when I merged the patch.
  24
  252008-06-02  Love Hörnquist Åstrand  <lha@kth.se>
  26
  27	* krb5/init_sec_context.c: Don't add asn1 wrapping to token when
  28	using DCE_STYLE.  Patch from Stefan Metzmacher.
  29
  302008-05-27  Love Hörnquist Åstrand  <lha@kth.se>
  31	
  32	* ntlm/init_sec_context.c: use krb5_get_error_message
  33
  342008-05-05  Love Hörnquist Åstrand  <lha@kth.se>
  35	
  36	* spnego/spnego_locl.h: Add back "mech/utils.h", its needed for
  37	oid/buffer functions.
  38
  392008-05-02  Love Hörnquist Åstrand  <lha@it.su.se>
  40
  41	* spnego: Changes from doug barton to make spnego indepedant of
  42	the heimdal version of the plugin system.
  43
  442008-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
  45
  46	* krb5: use DES_set_key_unchecked()
  47
  482008-04-17  Love Hörnquist Åstrand  <lha@it.su.se>
  49
  50	* add __declspec() for windows.
  51
  522008-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
  53
  54	* krb5/import_sec_context.c: Use tmp to read ac->flags value to
  55	avoid warning.
  56
  572008-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
  58
  59	* mech/gss_mech_switch.c: Use unsigned where appropriate.
  60
  612008-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
  62
  63	* test_context.c: Add test for gsskrb5_register_acceptor_identity.
  64
  652008-03-09  Love Hörnquist Åstrand  <lha@it.su.se>
  66
  67	* krb5/init_sec_context.c (init_auth): use right variable to
  68	detect if we want to free or not.
  69
  702008-02-26  Love Hörnquist Åstrand  <lha@it.su.se>
  71
  72	* Makefile.am: add missing \
  73
  74	* Makefile.am: reshuffle depenencies
  75
  76	* Add flag to krb5 to not add GSS-API INT|CONF to the negotiation
  77
  782008-02-21  Love Hörnquist Åstrand  <lha@it.su.se>
  79
  80	* make the SPNEGO mech store the error itself instead, works for
  81	everything except other stackable mechs
  82
  832008-02-18  Love Hörnquist Åstrand  <lha@it.su.se>
  84
  85	* spnego/init_sec_context.c (spnego_reply): if the reply token was
  86	of length 0, make it the same as no token. Pointed out by Zeqing
  87	Xia.
  88
  89	* krb5/acquire_cred.c (acquire_initiator_cred): handle the
  90	credential cache better, use destroy/close when appriate and for
  91	all cases. Thanks to Michael Allen for point out the memory-leak
  92	that I also fixed.
  93
  942008-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
  95
  96	* spnego/accept_sec_context.c: Make error reporting somewhat more
  97	correct for SPNEGO.
  98
  992008-01-27  Love Hörnquist Åstrand  <lha@it.su.se>
 100
 101	* test_common.c: Improve the error message.
 102
 1032008-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
 104
 105	* ntlm/accept_sec_context.c: Avoid free-ing type1 message before
 106	its allocated.
 107	
 1082008-01-13  Love Hörnquist Åstrand  <lha@it.su.se>
 109
 110	* test_ntlm.c: Test source name (and make the acceptor in ntlm gss
 111	mech useful).
 112
 1132007-12-30  Love Hörnquist Åstrand  <lha@it.su.se>
 114
 115	* ntlm/init_sec_context.c: Don't confuse target name and source
 116	name, make regressiont tests pass again.
 117	
 1182007-12-29  Love Hörnquist Åstrand  <lha@it.su.se>
 119	
 120	* ntlm: clean up name handling
 121
 1222007-12-04  Love Hörnquist Åstrand  <lha@it.su.se>
 123
 124	* ntlm/init_sec_context.c: Use credential if it was passed in.
 125
 126	* ntlm/acquire_cred.c: Check if there is initial creds with
 127	_gss_ntlm_get_user_cred().
 128
 129	* ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
 130	return the user info so it can be used by external modules.
 131
 132	* ntlm/inquire_cred.c: use the right error code.
 133
 134	* ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
 135	credential, ntlm have (not yet) a default credential.
 136	
 137	* mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
 138	Phil Fisher.
 139
 1402007-12-03  Love Hörnquist Åstrand  <lha@it.su.se>
 141	
 142	* test_acquire_cred.c: Always try to fetch cred (even with
 143	GSS_C_NO_NAME).
 144
 1452007-08-09  Love Hörnquist Åstrand  <lha@it.su.se>
 146
 147	* mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
 148
 1492007-08-08  Love Hörnquist Åstrand  <lha@it.su.se>
 150
 151	* spnego/compat.c (_gss_spnego_internal_delete_sec_context):
 152	release ctx->target_name too From Rafal Malinowski.
 153
 1542007-07-26  Love Hörnquist Åstrand  <lha@it.su.se>
 155
 156	* mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
 157	have dlopen. From Rune of Chalmers.
 158
 1592007-07-10  Love Hörnquist Åstrand  <lha@it.su.se>
 160
 161	* mech/gss_duplicate_name.c: New signature of _gss_find_mn.
 162
 163	* mech/gss_init_sec_context.c: New signature of _gss_find_mn.
 164
 165	* mech/gss_acquire_cred.c: New signature of _gss_find_mn.
 166
 167	* mech/name.h: New signature of _gss_find_mn.
 168
 169	* mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
 170
 171	* mech/gss_compare_name.c: New signature of _gss_find_mn.
 172
 173	* mech/gss_add_cred.c: New signature of _gss_find_mn.
 174
 175	* mech/gss_names.c (_gss_find_mn): Return an error code for
 176	caller.
 177
 178	* spnego/accept_sec_context.c: remove checks that are done by the
 179	previous function.
 180
 181	* Makefile.am: New library version.
 182
 1832007-07-04  Love Hörnquist Åstrand  <lha@it.su.se>
 184
 185	* mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
 186	Rafal Malinowski.
 187
 188	* spnego/spnego.asn1: Indent and make NegTokenInit and
 189	NegTokenResp extendable.
 190
 1912007-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
 192
 193	* ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
 194
 195	* mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
 196	
 197	* mech/context.c: If the canned string is "", its no use to the
 198	user, make it fall back to the default error string.
 199	
 2002007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
 201
 202	* mech/gss_display_name.c (gss_display_name): no name ->
 203	fail. From Rafal Malinswski.
 204
 205	* spnego/accept_sec_context.c: Wrap name in a spnego_name instead
 206	of just a copy of the underlaying object. From Rafal Malinswski.
 207
 208	* spnego/accept_sec_context.c: Handle underlaying mech not
 209	returning mn.
 210
 211	* mech/gss_accept_sec_context.c: Handle underlaying mech not
 212	returning mn.
 213
 214	* spnego/accept_sec_context.c: Make sure src_name is always set to
 215	GSS_C_NO_NAME when returning.
 216
 217	* krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
 218	everything is well on failure.  From Phil Fisher.
 219
 220	* mech/gss_duplicate_name.c: catch error (and ignore it)
 221
 222	* ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
 223
 224	* mech/gss_accept_sec_context.c: Only wrap the delegated cred if
 225	we got a delegated mech cred.  From Rafal Malinowski.
 226
 227	* spnego/accept_sec_context.c: Only wrap the delegated cred if we
 228	are going to return it to the consumer.  From Rafal Malinowski.
 229
 230	* spnego/accept_sec_context.c: Fixed memory leak pointed out by
 231	Rafal Malinowski, also while here moved to use NegotiationToken
 232	for decoding.
 233
 2342007-06-18  Love Hörnquist Åstrand  <lha@it.su.se>
 235
 236	* krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
 237
 238	* krb5/release_name.c: Set *minor_status unconditionallty, its
 239	done later anyway.
 240
 241	* spnego/accept_sec_context.c: Init get_mic to 0.
 242
 243	* mech/gss_set_cred_option.c: Free memory in failure case, found
 244	by beam.
 245
 246	* mech/gss_inquire_context.c: Handle mech_type being NULL.
 247
 248	* mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
 249
 250	* mech/gss_krb5.c: Free memory in error case, found by beam.
 251
 2522007-06-12  Love Hörnquist Åstrand  <lha@it.su.se>
 253
 254	* ntlm/inquire_context.c: Use ctx->gssflags for flags.
 255
 256	* krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
 257	not ment for machine consumption.
 258
 2592007-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
 260
 261	* ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
 262	by Rafal Malinowski.
 263	
 264	* ntlm/digest.c (kdc_destroy): free context when done, pointed out
 265	by Rafal Malinowski.
 266
 267	* spnego/context_stubs.c (_gss_spnego_display_name): if input_name
 268	is null, fail.  From Rafal Malinowski.
 269	
 2702007-06-04  Love Hörnquist Åstrand  <lha@it.su.se>
 271	
 272	* ntlm/digest.c: Free memory when done.
 273	
 2742007-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
 275
 276	* test_ntlm.c: Test both with and without keyex.
 277
 278	* ntlm/digest.c: If we didn't set session key, don't expect one
 279	back.
 280
 281	* test_ntlm.c: Set keyex flag and calculate session key.
 282	
 2832007-05-31  Love Hörnquist Åstrand  <lha@it.su.se>
 284	
 285	* spnego/accept_sec_context.c: Use the return value before is
 286	overwritten by later calls.  From Rafal Malinowski
 287
 288	* krb5/release_cred.c: Give an minor_status argument to
 289	gss_release_oid_set.  From Rafal Malinowski
 290	
 2912007-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
 292
 293	* ntlm/accept_sec_context.c: Catch errors and return the up the
 294	stack.
 295
 296	* test_kcred.c: more testing of lifetimes
 297	
 2982007-05-17  Love Hörnquist Åstrand  <lha@it.su.se>
 299
 300	* Makefile.am: Drop the gss oid_set function for the krb5 mech,
 301	use the mech glue versions instead. Pointed out by Rafal
 302	Malinowski.
 303
 304	* krb5: Use gss oid_set functions from mechglue
 305
 3062007-05-14  Love Hörnquist Åstrand  <lha@it.su.se>
 307
 308	* ntlm/accept_sec_context.c: Set session key only if we are
 309	returned a session key. Found by David Love.
 310	
 3112007-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
 312	
 313	* krb5/prf.c: switched MIN to min to make compile on solaris,
 314	pointed out by David Love.
 315	
 3162007-05-09 Love Hörnquist Åstrand <lha@it.su.se>
 317
 318	* krb5/inquire_cred_by_mech.c: Fill in all of the variables if
 319	they are passed in. Pointed out by Phil Fisher.
 320	
 3212007-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
 322
 323	* krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
 324	from Phil Fisher.
 325
 326	* mech: dont keep track of gc_usage, just figure it out at
 327	gss_inquire_cred() time
 328
 329	* mech/gss_mech_switch.c (add_builtin): ok for
 330	__gss_mech_initialize() to return NULL
 331
 332	* test_kcred.c: more correct tests
 333
 334	* spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
 335	spnego_name.
 336
 337	* ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
 338	need to find default cred and friends.
 339
 340	* krb5/inquire_cred_by_mech.c: reimplement
 341	
 3422007-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
 343	
 344	* ntlm/acquire_cred.c: drop unused variable.
 345
 346	* ntlm/acquire_cred.c: Reimplement.
 347
 348	* Makefile.am: add ntlm/digest.c
 349
 350	* ntlm: split out backend ntlm server processing
 351
 3522007-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
 353
 354	* ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
 355	credcache when done
 356	
 3572007-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 358
 359	* ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
 360	
 361	* ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
 362	creds from the krb5 credential cache.
 363	
 3642007-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
 365
 366	* ntlm/delete_sec_context.c: free the key stored in the context
 367
 368	* ntlm/ntlm.h: switch password for a key
 369
 370	* test_oid.c: Switch oid to one that is exported.
 371	
 3722007-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
 373
 374	* ntlm/init_sec_context.c: move where hash is calculated to make
 375	it easier to add ccache support.
 376
 377	* Makefile.am: Add version-script.map to EXTRA_DIST.
 378	
 3792007-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
 380
 381	* Makefile.am: Unconfuse newer versions of automake that doesn't
 382	know the diffrence between depenences and setting variables. foo:
 383	vs foo=.
 384
 385	* test_ntlm.c: delete sec context when done.
 386
 387	* version-script.map: export more symbols.
 388	
 389	* Makefile.am: add version script if ld supports it
 390	
 391	* version-script.map: add version script if ld supports it
 392	
 3932007-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
 394	
 395	* Makefile.am: test_acquire_cred need test_common.[ch]
 396
 397	* test_acquire_cred.c: add more test options.
 398
 399	* krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
 400
 401	* gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
 402
 403	* krb5/set_sec_context_option.c: refactor code, implement
 404	GSS_KRB5_CCACHE_NAME_X
 405
 406	* mech/gss_krb5.c: reimplement gss_krb5_ccache_name
 407	
 4082007-04-17  Love Hörnquist Åstrand <lha@it.su.se>
 409	
 410	* spnego/cred_stubs.c: Need to import spnego name before we can
 411	use it as a gss_name_t.
 412
 413	* test_acquire_cred.c: use this test as part of the regression
 414	suite.
 415
 416	* mech/gss_acquire_cred.c (gss_acquire_cred): dont init
 417	cred->gc_mc every time in the loop.
 418	
 4192007-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
 420
 421	* Makefile.am: add test_common.h
 422	
 4232007-02-16  Love Hörnquist Åstrand  <lha@it.su.se>
 424
 425	* gss_acquire_cred.3: Add link for
 426	gsskrb5_register_acceptor_identity.
 427
 4282007-02-08  Love Hörnquist Åstrand  <lha@it.su.se>
 429
 430	* krb5/copy_ccache.c: Try to leak less memory in the failure case.
 431	
 4322007-01-31  Love Hörnquist Åstrand  <lha@it.su.se>
 433	
 434	* mech/gss_display_status.c: Use right printf formater.
 435
 436	* test_*.[ch]: split out the error printing function and try to
 437	return better errors
 438
 4392007-01-30  Love Hörnquist Åstrand  <lha@it.su.se>
 440
 441	* krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
 442	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
 443	
 444	This is because Kerberos always support INT|CONF, matches behavior
 445	with MS and MIT. The creates problems for the GSS-SPNEGO mech.
 446	
 4472007-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
 448	
 449	* krb5/prf.c: constrain desired_output_len
 450
 451	* krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
 452
 453	* mech/gss_pseudo_random.c: Catch error from underlaying mech on
 454	failure.
 455
 456	* Makefile.am: Add krb5/prf.c
 457
 458	* krb5/prf.c: gss_pseudo_random for krb5
 459
 460	* test_context.c: Checks for gss_pseudo_random.
 461
 462	* krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
 463
 464	* Makefile.am: Add mech/gss_pseudo_random.c
 465
 466	* gssapi/gssapi.h: try to load pseudo_random
 467
 468	* mech/gss_mech_switch.c: try to load pseudo_random
 469
 470	* mech/gss_pseudo_random.c: Add gss_pseudo_random.
 471
 472	* gssapi_mech.h: Add hook for gm_pseudo_random.
 473	
 4742007-01-17  Love Hörnquist Åstrand  <lha@it.su.se>
 475	
 476	* test_context.c: Don't assume bufer from gss_display_status is
 477	ok.
 478
 479	* mech/gss_wrap_size_limit.c: Reset out variables.
 480
 481	* mech/gss_wrap.c: Reset out variables.
 482
 483	* mech/gss_verify_mic.c: Reset out variables.
 484
 485	* mech/gss_utils.c: Reset out variables.
 486
 487	* mech/gss_release_oid_set.c: Reset out variables.
 488
 489	* mech/gss_release_cred.c: Reset out variables.
 490
 491	* mech/gss_release_buffer.c: Reset variables.
 492
 493	* mech/gss_oid_to_str.c: Reset out variables.
 494
 495	* mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
 496
 497	* mech/gss_mech_switch.c: Reset out variables.
 498
 499	* mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
 500
 501	* mech/gss_inquire_names_for_mech.c: Reset out variables.
 502
 503	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
 504
 505	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
 506
 507	* mech/gss_inquire_cred_by_mech.c: Reset out variables.
 508
 509	* mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
 510
 511	* mech/gss_inquire_context.c: Reset out variables.
 512
 513	* mech/gss_init_sec_context.c: Zero out outbuffer on failure.
 514
 515	* mech/gss_import_name.c: Reset out variables.
 516
 517	* mech/gss_import_name.c: Reset out variables.
 518
 519	* mech/gss_get_mic.c: Reset out variables.
 520
 521	* mech/gss_export_name.c: Reset out variables.
 522
 523	* mech/gss_encapsulate_token.c: Reset out variables.
 524
 525	* mech/gss_duplicate_oid.c: Reset out variables.
 526
 527	* mech/gss_duplicate_oid.c: Reset out variables.
 528
 529	* mech/gss_duplicate_name.c: Reset out variables.
 530
 531	* mech/gss_display_status.c: Reset out variables.
 532
 533	* mech/gss_display_name.c: Reset out variables.
 534
 535	* mech/gss_delete_sec_context.c: Reset out variables using propper
 536	macros.
 537
 538	* mech/gss_decapsulate_token.c: Reset out variables using propper
 539	macros.
 540
 541	* mech/gss_add_cred.c: Reset out variables.
 542
 543	* mech/gss_acquire_cred.c: Reset out variables.
 544
 545	* mech/gss_accept_sec_context.c: Reset out variables using propper
 546	macros.
 547
 548	* mech/gss_init_sec_context.c: Reset out variables.
 549
 550	* mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
 551	gss_buffer_t
 552
 5532007-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
 554	
 555	* mech: sprinkel _gss_mg_error
 556
 557	* mech/gss_display_status.c (gss_display_status): use
 558	_gss_mg_get_error to fetch the error from underlaying mech, if it
 559	failes, let do the regular dance for GSS-CODE version and a
 560	generic print-the-error code for MECH-CODE.
 561
 562	* mech/gss_oid_to_str.c: Don't include the NUL in the length of
 563	the string.
 564
 565	* mech/context.h: Protoypes for _gss_mg_.
 566
 567	* mech/context.c: Glue to catch the error from the lower gss-api
 568	layer and save that for later so gss_display_status() can show the
 569	error.
 570
 571	* gss.c: Detect NTLM.
 572	
 5732007-01-11  Love Hörnquist Åstrand  <lha@it.su.se>
 574	
 575	* mech/gss_accept_sec_context.c: spelling
 576	
 5772007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
 578	
 579	* Makefile.am: Include build (private) prototypes header files.
 580
 581	* Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
 582	
 5832006-12-28  Love Hörnquist Åstrand  <lha@it.su.se>
 584	
 585	* ntlm/accept_sec_context.c: Pass signseal argument to
 586	_gss_ntlm_set_key.
 587
 588	* ntlm/init_sec_context.c: Pass signseal argument to
 589	_gss_ntlm_set_key.
 590
 591	* ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
 592
 593	* test_ntlm.c: add ntlmv2 test
 594
 595	* ntlm/ntlm.h: break out struct ntlmv2_key;
 596
 597	* ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
 598
 599	* ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
 600
 601	* ntlm/ntlm.h: NTLMv2 keys.
 602
 603	* ntlm/crypto.c: NTLMv2 sign and verify.
 604	
 6052006-12-20  Love Hörnquist Åstrand  <lha@it.su.se>
 606
 607	* ntlm/accept_sec_context.c: Don't send targetinfo now.
 608	
 609	* ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
 610
 611	* ntlm/init_sec_context.c: Leak less memory.
 612
 613	* ntlm/init_sec_context.c: Announce that we support key exchange.
 614
 615	* ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
 616	session security (disable because missing sign and seal).
 617	
 6182006-12-19  Love Hörnquist Åstrand  <lha@it.su.se>
 619	
 620	* ntlm/accept_sec_context.c: split RC4 send and recv keystreams
 621
 622	* ntlm/init_sec_context.c: split RC4 send and recv keystreams
 623
 624	* ntlm/ntlm.h: split RC4 send and recv keystreams
 625
 626	* ntlm/crypto.c: Implement SEAL.
 627
 628	* ntlm/crypto.c: move gss_wrap/gss_unwrap here
 629
 630	* test_context.c: request INT and CONF from the gss layer, test
 631	get and verify MIC.
 632
 633	* ntlm/ntlm.h: add crypto bits.
 634
 635	* ntlm/accept_sec_context.c: Save session master key.
 636
 637	* Makefile.am: Move get and verify mic to the same file (crypto.c)
 638	since they share code.
 639
 640	* ntlm/crypto.c: Move get and verify mic to the same file since
 641	they share code, implement NTLM v1 and dummy signatures.
 642
 643	* ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
 644	GSS_C_INTEG_FLAG, save the session master key
 645	
 646	* spnego/accept_sec_context.c: try using gss_accept_sec_context()
 647	on the opportunistic token instead of guessing the acceptor name
 648	and do gss_acquire_cred, this make SPNEGO work like before.
 649	
 6502006-12-18  Love Hörnquist Åstrand  <lha@it.su.se>
 651	
 652	* ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
 653	key.
 654
 655	* spnego/accept_sec_context.c: Resurect negHints for the acceptor
 656	sends first packet.
 657	
 658	* Makefile.am: Add "windows" versions of the NegTokenInitWin and
 659	friends.
 660
 661	* test_context.c: add --wrapunwrap flag
 662
 663	* spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
 664	compat.c, use the sequence types of MechTypeList, make
 665	add_mech_type() static.
 666
 667	* spnego/accept_sec_context.c: move
 668	_gss_spnego_indicate_mechtypelist() to compat.c
 669
 670	* Makefile.am: Generate sequence code for MechTypeList
 671
 672	* spnego: check that the generated acceptor mechlist is acceptable too
 673
 674	* spnego/init_sec_context.c: Abstract out the initiator filter
 675	function, it will be needed for the acceptor too.
 676
 677	* spnego/accept_sec_context.c: Abstract out the initiator filter
 678	function, it will be needed for the acceptor too. Remove negHints.
 679
 680	* test_context.c: allow asserting return mech
 681
 682	* ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
 683
 684	* ntlm/acquire_cred.c: Check that the KDC seem to there and
 685	answering us, we can't do better then that wen checking if we will
 686	accept the credential.
 687
 688	* ntlm/get_mic.c: return GSS_S_UNAVAILABLE
 689
 690	* mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
 691
 692	* mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
 693
 694	* spnego/spnego.asn1: Its very sad, but NegHints its are not part
 695	of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
 696	
 697	* spnego: try harder to handle names better. handle missing
 698	acceptor and initator creds better (ie dont propose/accept mech
 699	that there are no credentials for) split NegTokenInit and
 700	NegTokenResp in acceptor
 701
 7022006-12-16  Love Hörnquist Åstrand  <lha@it.su.se>
 703
 704	* ntlm/import_name.c: Allocate the buffer from the right length.
 705	
 7062006-12-15  Love Hörnquist Åstrand  <lha@it.su.se>
 707
 708	* ntlm/init_sec_context.c (init_sec_context): Tell the other side
 709	what domain we think we are talking to.
 710
 711	* ntlm/delete_sec_context.c: free username and password
 712
 713	* ntlm/release_name.c (_gss_ntlm_release_name): free name.
 714
 715	* ntlm/import_name.c (_gss_ntlm_import_name): add support for
 716	GSS_C_NT_HOSTBASED_SERVICE names
 717
 718	* ntlm/ntlm.h: Add ntlm_name.
 719
 720	* test_context.c: allow testing of ntlm.
 721
 722	* gssapi_mech.h: add __gss_ntlm_initialize
 723
 724	* ntlm/accept_sec_context.c (handle_type3): verify that the kdc
 725	approved of the ntlm exchange too
 726
 727	* mech/gss_mech_switch.c: Add the builtin ntlm mech
 728
 729	* test_ntlm.c: NTLM test app.
 730
 731	* mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
 732
 733	* gssapi/gssapi.h: add ntlm mech oid
 734
 735	* ntlm/external.c: Switch OID to the ms ntlmssp oid
 736
 737	* Makefile.am: Add ntlm gss-api module.
 738
 739	* ntlm/accept_sec_context.c: Catch more error errors.
 740
 741	* ntlm/accept_sec_context.c: Check after a credential to use.
 742	
 7432006-12-14  Love Hörnquist Åstrand  <lha@it.su.se>
 744	
 745	* krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
 746	don't fail on success.  Bug report from Stefan Metzmacher.
 747	
 7482006-12-13  Love Hörnquist Åstrand  <lha@it.su.se>
 749	
 750	* krb5/init_sec_context.c (init_auth): only turn on
 751	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
 752	From Stefan Metzmacher.
 753	
 7542006-12-11  Love Hörnquist Åstrand  <lha@it.su.se>
 755	
 756	* Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
 757	spnego_asn1.h.
 758
 7592006-11-20  Love Hörnquist Åstrand  <lha@it.su.se>
 760
 761	* krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
 762	context argument.
 763	
 7642006-11-16  Love Hörnquist Åstrand <lha@it.su.se>
 765	
 766	* test_context.c: Test that token keys are the same, return
 767	actual_mech.
 768	
 7692006-11-15  Love Hörnquist Åstrand <lha@it.su.se>
 770
 771	* spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
 772
 773	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
 774	encode CHOICE structure now that we can handle it.
 775
 776	* spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
 777	CHOICE structure now that we can handle it.
 778
 779	* spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
 780	send back ad accept_completed when the security context is ->open,
 781	w/o this the client doesn't know that the server have completed
 782	the transaction.
 783
 784	* test_context.c: Add delegate flag and check that the delegated
 785	cred works.
 786
 787	* spnego/init_sec_context.c: Keep track of the opportunistic token
 788	in the inital message, it might be a complete gss-api context, in
 789	that case we'll get back accept_completed without any token. With
 790	this change, krb5 w/o mutual authentication works.
 791
 792	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
 793	encode CHOICE structure now that we can handle it.
 794
 795	* spnego/accept_sec_context.c: Filter out SPNEGO from the out
 796	supported mechs list and make sure we don't select that for the
 797	preferred mechamism.
 798	
 7992006-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
 800	
 801	* mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
 802	cred finding to its own function
 803
 804	* krb5/wrap.c: Better error strings, from Andrew Bartlet.
 805	
 8062006-11-13  Love Hörnquist Åstrand  <lha@it.su.se>
 807	
 808	* test_context.c: Create our own krb5_context.
 809
 810	* krb5: Switch from using a specific error message context in the
 811	TLS to have a whole krb5_context in TLS. This have some
 812	interestion side-effekts for the configruration setting options
 813	since they operate on per-thread basis now.
 814
 815	* mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
 816	and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
 817	
 8182006-11-12  Love Hörnquist Åstrand  <lha@it.su.se>
 819
 820	* Makefile.am: Help solaris make even more.
 821
 822	* Makefile.am: Help solaris make.
 823	
 8242006-11-09  Love Hörnquist Åstrand  <lha@it.su.se>
 825	
 826	* Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
 827
 828	* mech/gss_accept_sec_context.c: Try better guessing what is mech
 829	we are going to select by looking harder at the input_token, idea
 830	from Luke Howard's mechglue branch.
 831
 832	* Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
 833
 834	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
 835
 836	* mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
 837
 838	* gssapi/gssapi.h: GSS_KRB5_S_
 839
 840	* krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
 841
 842	* gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
 843
 844	* Makefile.am: Build and install gkrb5_err.h
 845
 846	* krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
 847	
 8482006-11-08  Love Hörnquist Åstrand  <lha@it.su.se>
 849	
 850	* mech/gss_krb5.c: Add gsskrb5_set_default_realm.
 851
 852	* krb5/set_sec_context_option.c: Support
 853	GSS_KRB5_SET_DEFAULT_REALM_X.
 854
 855	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
 856
 857	* krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
 858	
 8592006-11-07  Love Hörnquist Åstrand  <lha@it.su.se>
 860	
 861	* test_context.c: rename krb5_[gs]et_time_wrap to
 862	krb5_[gs]et_max_time_skew
 863
 864	* krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
 865	no longer used, bye bye
 866
 867	* mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
 868
 869	* mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
 870	_gsskrb5_decode_om_uint32. From Andrew Bartlet.
 871
 872	* mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
 873	now.
 874
 875	* spnego/spnego_locl.h: Include <roken.h> for compatiblity.
 876
 877	* krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
 878	DCE-STYLE, don't try to use to.  From Andrew Bartlett.
 879
 880	* test_context.c: test wrap/unwrap, add flag for dce-style and
 881	mutual auth, also support multi-roundtrip sessions
 882
 883	* krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
 884
 885	* krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
 886	krb5_rd_req_ctx
 887
 888	* mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
 889	token subkey
 890
 891	* krb5/inquire_sec_context_by_oid.c: check if there is any key at
 892	all
 893	
 8942006-11-06  Love Hörnquist Åstrand <lha@it.su.se>
 895	
 896	* krb5/inquire_sec_context_by_oid.c: Set more error strings, use
 897	right enum for acceptor subkey.  From Andrew Bartlett.
 898	
 8992006-11-04  Love Hörnquist Åstrand  <lha@it.su.se>
 900
 901	* test_context.c: Test gsskrb5_extract_service_keyblock, needed in
 902	PAC valication.  From Andrew Bartlett
 903
 904	* mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
 905	and keyblock extraction functions.
 906
 907	* gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
 908	Andrew Bartlett.
 909
 910	* krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
 911	
 9122006-11-03  Love Hörnquist Åstrand  <lha@it.su.se>
 913
 914	* test_context.c: Rename various routines and constants from
 915	canonize to canonicalize.  From Andrew Bartlett
 916
 917	* mech/gss_krb5.c: Rename various routines and constants from
 918	canonize to canonicalize.  From Andrew Bartlett
 919
 920	* krb5/set_sec_context_option.c: Rename various routines and
 921	constants from canonize to canonicalize.  From Andrew Bartlett
 922
 923	* krb5/external.c: Rename various routines and constants from
 924	canonize to canonicalize.  From Andrew Bartlett
 925	
 926	* gssapi/gssapi_krb5.h: Rename various routines and constants from
 927	canonize to canonicalize.  From Andrew Bartlett
 928	
 9292006-10-25  Love Hörnquist Åstrand  <lha@it.su.se>
 930
 931	* krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
 932	to free ccache
 933	
 9342006-10-24  Love Hörnquist Åstrand  <lha@it.su.se>
 935	
 936	* test_context.c (loop): free target_name
 937
 938	* mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
 939	
 940	* mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 
 941
 942	* krb5/init_sec_context.c: Avoid leaking memory.
 943
 944	* mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
 945	->elements memory.
 946
 947	* test_context.c: make compile
 948
 949	* krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
 950
 951	* krb5/set_cred_option.c (import_cred): free sp
 952	
 9532006-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
 954
 955	* mech/gss_add_oid_set_member.c: Use old implementation of
 956	gss_add_oid_set_member, it leaks less memory.
 957
 958	* krb5/test_cfx.c: free krb5_crypto.
 959
 960	* krb5/test_cfx.c: free krb5_context
 961
 962	* mech/gss_release_name.c (gss_release_name): free input_name
 963	it-self.
 964	
 9652006-10-21  Love Hörnquist Åstrand  <lha@it.su.se>
 966
 967	* test_context.c: Call setprogname.
 968
 969	* mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
 970
 971	* gssapi/gssapi_krb5.h: add
 972	gsskrb5_extract_authtime_from_sec_context
 973	
 9742006-10-20  Love Hörnquist Åstrand  <lha@it.su.se>
 975	
 976	* krb5/inquire_sec_context_by_oid.c: Add get_authtime.
 977
 978	* krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
 979
 980	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
 981
 982	* krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
 983
 984	* mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
 985
 986	* gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
 987	gsskrb5_set_send_to_kdc
 988
 989	* krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
 990
 991	* Makefile.am: more files
 992	
 9932006-10-19  Love Hörnquist Åstrand  <lha@it.su.se>
 994	
 995	* Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
 996
 997	* test_context.c: Allow specifing mech.
 998
 999	* krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
1000
1001	* gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
1002	GSS_SASL_DIGEST_MD5_MECHANISM
1003	
10042006-10-18  Love Hörnquist Åstrand  <lha@it.su.se>
1005	
1006	* mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
1007	except a tag.
1008
1009	* mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
1010
1011	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
1012
1013	* krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
1014
1015	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
1016	GSS_KRB5_GET_SUBKEY_X
1017
1018	* krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
1019	GSS_KRB5_GET_SUBKEY_X
1020	
10212006-10-17  Love Hörnquist Åstrand  <lha@it.su.se>
1022	
1023	* test_context.c: Support switching on name type oid's
1024
1025	* test_context.c: add test for dns canon flag
1026
1027	* mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
1028
1029	* gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
1030
1031	* gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
1032
1033	* krb5/set_sec_context_option.c: implement
1034	GSS_KRB5_SET_DNS_CANONIZE_X
1035
1036	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
1037
1038	* krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
1039
1040	* mech/gss_krb5.c: add bits to make lucid context work
1041	
10422006-10-14  Love Hörnquist Åstrand  <lha@it.su.se>
1043	
1044	* mech/gss_oid_to_str.c: Prefix der primitives with der_.
1045
1046	* krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
1047	der_.
1048
1049	* krb5/encapsulate.c: Prefix der primitives with der_.
1050
1051	* mech/gss_oid_to_str.c: New der_print_heim_oid signature.
1052	
10532006-10-12  Love Hörnquist Åstrand  <lha@it.su.se>
1054
1055	* Makefile.am: add test_context
1056
1057	* krb5/inquire_sec_context_by_oid.c: Make it work.
1058
1059	* test_oid.c: Test lucid oid.
1060
1061	* gssapi/gssapi.h: Add OM_uint64_t.
1062
1063	* krb5/inquire_sec_context_by_oid.c: Add lucid interface.
1064
1065	* krb5/external.c: Add lucid interface, renumber oids to my
1066	delegated space.
1067
1068	* mech/gss_krb5.c: Add lucid interface.
1069
1070	* gssapi/gssapi_krb5.h: Add lucid interface.
1071
1072	* spnego/spnego_locl.h: Maybe include <netdb.h>.
1073	
10742006-10-09  Love Hörnquist Åstrand  <lha@it.su.se>
1075	
1076	* mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
1077	
10782006-10-08  Love Hörnquist Åstrand  <lha@it.su.se>
1079
1080	* Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
1081
1082	* gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
1083
1084	* gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
1085
1086	* Makefile.am: Drop some -I no longer needed.
1087
1088	* gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
1089
1090	* krb5: reference all include files using 'krb5/'
1091
10922006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
1093
1094	* gssapi.h: Add file inclusion protection.
1095
1096	* gssapi/gssapi.h: Correct header file inclusion protection.
1097
1098	* gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
1099	lib/gssapi/gssapi/ to please automake.
1100	
1101	* spnego/spnego_locl.h: Maybe include <sys/types.h>.
1102
1103	* mech/mech_locl.h: Include <roken.h>.
1104
1105	* Makefile.am: split build files into dist_ and noinst_ SOURCES
1106	
11072006-10-06  Love Hörnquist Åstrand  <lha@it.su.se>
1108
1109	* gss.c: #if 0 out unused code.
1110
1111	* mech/gss_mech_switch.c: Cast argument to ctype(3) functions
1112	to (unsigned char).
1113	
11142006-10-05  Love Hörnquist Åstrand  <lha@it.su.se>
1115
1116	* mech/name.h: remove <sys/queue.h>
1117
1118	* mech/mech_switch.h: remove <sys/queue.h>
1119	
1120	* mech/cred.h: remove <sys/queue.h>
1121
11222006-10-02  Love Hörnquist Åstrand  <lha@it.su.se>
1123
1124	* krb5/arcfour.c: Thinker more with header lengths.
1125
1126	* krb5/arcfour.c: Improve the calcucation of header
1127	lengths. DCE-STYLE data is also padded so remove if (1 || ...)
1128	code.
1129
1130	* krb5/wrap.c (_gsskrb5_wrap_size_limit): use
1131	_gssapi_wrap_size_arcfour for arcfour
1132
1133	* krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
1134
1135	* Makefile.am: Split all mech to diffrent mechsrc variables.
1136
1137	* spnego/context_stubs.c: Make internal function static (and
1138	rename).
1139	
11402006-10-01  Love Hörnquist Åstrand  <lha@it.su.se>
1141
1142	* krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
1143	Barth.
1144
1145	* spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
1146	
11472006-09-25  Love Hörnquist Åstrand  <lha@it.su.se>
1148
1149	* krb5/arcfour.c: Add wrap support, interrop with itself but not
1150	w2k3s-sp1
1151
1152	* krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
1153	arcfour header.
1154
1155	* krb5/arcfour.c: Support DCE-style unwrap, tested with
1156	w2k3server-sp1.
1157
1158	* mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
1159	token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
1160	a DCE-style kerberos 5 connection. XXX this needs to be made
1161	better in cause we get another GSS-API protocol violating
1162	protocol. It should be possible to detach the Kerberos DCE-style
1163	since it starts with a AP-REQ PDU, but that have to wait for now.
1164	
11652006-09-22  Love Hörnquist Åstrand  <lha@it.su.se>
1166
1167	* gssapi.h: Add GSS_C flags from
1168	draft-brezak-win2k-krb-rc4-hmac-04.txt.
1169
1170	* krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
1171	indent.
1172
1173	* krb5/accept_sec_context.c: Merge of the acceptor part from the
1174	samba patch by Stefan Metzmacher and Andrew Bartlet.
1175
1176	* krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
1177
1178	* krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
1179	initiator part from the samba patch by Stefan Metzmacher and
1180	Andrew Bartlet (still missing DCE/RPC support)
1181
11822006-08-28  Love Hörnquist Åstrand  <lha@it.su.se>
1183
1184	* gss.c (help): use sl_slc_help().
1185	
11862006-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
1187
1188	* gss-commands.in: rename command to supported-mechanisms
1189
1190	* Makefile.am: Make gss objects depend on the slc built
1191	gss-commands.h
1192	
11932006-07-20  Love Hörnquist Åstrand  <lha@it.su.se>
1194	
1195	* gss-commands.in: add slc commands for gss
1196
1197	* krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
1198
1199	* Makefile.am: Add test_cfx
1200
1201	* krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
1202
1203	* krb5/set_sec_context_option.c: catch
1204	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
1205
1206	* krb5/accept_sec_context.c: reimplement
1207	gsskrb5_register_acceptor_identity
1208
1209	* mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
1210
1211	* mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
1212
1213	* mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
1214
1215	* mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
1216	only once, this have the side effect that _gss_mechs and
1217	_gss_mech_oids is only initialized once, so if just the users of
1218	these two global variables calls _gss_load_mech() first, it will
1219	act as a barrier and make sure the variables are never changed and
1220	we don't need to lock them.
1221
1222	* mech/utils.h: no need to mark functions extern.
1223
1224	* mech/name.h: no need to mark _gss_find_mn extern.
1225	
12262006-07-19  Love Hörnquist Åstrand <lha@it.su.se>
1227	
1228	* krb5/cfx.c: Redo the wrap length calculations.
1229
1230	* krb5/test_cfx.c: test max_wrap_size in cfx.c
1231
1232	* mech/gss_display_status.c: Handle more error codes.
1233	
12342006-07-07  Love Hörnquist Åstrand  <lha@it.su.se>
1235
1236	* mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
1237
1238	* mech/mechqueue.h: Add SLIST macros.
1239
1240	* krb5/inquire_context.c: Don't free return values on success.
1241
1242	* krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
1243	is the default cred, acquire the acceptor cred and initator cred
1244	in two diffrent steps and then query them for the information,
1245	this way, the code wont fail if there are no keytab, but there is
1246	a credential cache.
1247
1248	* mech/gss_inquire_cred.c: move the check if we found any cred
1249	where it matter for both cases
1250	(default cred and provided cred)
1251
1252	* mech/gss_init_sec_context.c: If the desired mechanism can't
1253	convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
1254	NULL de-reference.
1255	
12562006-07-06  Love Hörnquist Åstrand  <lha@it.su.se>
1257
1258	* spnego/external.c: readd gss_spnego_inquire_names_for_mech
1259
1260	* spnego/spnego_locl.h: reimplement
1261	gss_spnego_inquire_names_for_mech add support function
1262	_gss_spnego_supported_mechs
1263
1264	* spnego/context_stubs.h: reimplement
1265	gss_spnego_inquire_names_for_mech add support function
1266	_gss_spnego_supported_mechs
1267
1268	* spnego/context_stubs.c: drop gss_spnego_indicate_mechs
1269	
1270	* mech/gss_indicate_mechs.c: if the underlaying mech doesn't
1271	support gss_indicate_mechs, use the oid in the mechswitch
1272	structure
1273
1274	* spnego/external.c: let the mech glue layer implement
1275	gss_indicate_mechs
1276
1277	* spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
1278	desired_mechs, get our own list with indicate_mechs and remove
1279	ourself.
1280	
12812006-07-05 Love Hörnquist Åstrand <lha@it.su.se>
1282
1283	* spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
1284	the mechglue layer implement it
1285	
1286	* spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
1287	the mechglue layer implement it
1288
1289	* spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
1290	the mechglue layer implement it
1291
12922006-07-01  Love Hörnquist Åstrand  <lha@it.su.se>
1293	
1294	* mech/gss_set_cred_option.c: fix argument to gss_release_cred
1295	
12962006-06-30  Love Hörnquist Åstrand  <lha@it.su.se>
1297
1298	* krb5/init_sec_context.c: Make work on compilers that are
1299	somewhat more picky then gcc4 (like gcc2.95)
1300
1301	* krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
1302	convert fwd_flags to an integer, since otherwise int2KDCOptions in
1303	krb5_get_forwarded_creds wont do the right thing.
1304
1305	* mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
1306	failure
1307
1308	* krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
1309	init global kerberos context
1310
1311	* krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
1312	kerberos context
1313
1314	* mech/gss_accept_sec_context.c: Insert the delegated sub cred on
1315	the delegated cred handle, not cred handle
1316
1317	* mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
1318	the case where ret_flags == NULL
1319
1320	* mech/gss_mech_switch.c (add_builtin): set
1321	_gss_mech_switch->gm_mech_oid
1322
1323	* mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
1324
1325	* test_cred.c (gss_print_errors): don't try to print error when
1326	gss_display_status failed
1327
1328	* Makefile.am: Add mech/gss_release_oid.c
1329	
1330	* mech/gss_release_oid.c: Add gss_release_oid, reverse of
1331	gss_duplicate_oid
1332
1333	* spnego/compat.c: preferred_mech_type was allocated with
1334	gss_duplicate_oid in one place and assigned static varianbles a
1335	the second place. change that static assignement to
1336	gss_duplicate_oid and bring back gss_release_oid.
1337
1338	* spnego/compat.c (_gss_spnego_delete_sec_context): don't release
1339	preferred_mech_type and negotiated_mech_type, they where never
1340	allocated from the begining.
1341	
13422006-06-29  Love Hörnquist Åstrand  <lha@it.su.se>
1343
1344	* mech/gss_import_name.c (gss_import_name): avoid
1345	type-punned/strict aliasing rules
1346
1347	* mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
1348
1349	* gssapi.h: Make gss_name_t an opaque type.
1350	
1351	* krb5: make gss_name_t an opaque type
1352
1353	* krb5/set_cred_option.c: Add
1354
1355	* mech/gss_set_cred_option.c (gss_set_cred_option): support the
1356	case where *cred_handle == NULL
1357
1358	* mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
1359	GSS_C_NO_CREDENTIAL on failure.
1360
1361	* mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
1362	NO_OID_SET, there is a need to load the mechs, so always do that.
1363	
13642006-06-28  Love Hörnquist Åstrand  <lha@it.su.se>
1365	
1366	* krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
1367	to instead pass a fullname to the credential, then resolve and
1368	copy out the content, and then close the cred.
1369
1370	* mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
1371	pass a fullname to the credential, then resolve and copy out the
1372	content, and then close the cred.
1373	
1374	* krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
1375	interface needs to be re-done, currently its utterly broken.
1376
1377	* mech/gss_set_cred_option.c: Make work.
1378
1379	* krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
1380
1381	* mech/gss_krb5.c (gss_krb5_import_cred): implement
1382
1383	* Makefile.am: Add gss_set_{sec_context,cred}_option and sort
1384	
1385	* mech/gss_set_{sec_context,cred}_option.c: add
1386
1387	* gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
1388
1389	* test_*.c: make compile again
1390
1391	* Makefile.am: Add lib dependencies and test programs
1392
1393	* spnego: remove dependency on libkrb5
1394
1395	* mech: Bug fixes, cleanup, compiler warnings, restructure code.
1396
1397	* spnego: Rename gss_context_id_t and gss_cred_id_t to local names
1398
1399	* krb5: repro copy the krb5 files here
1400
1401	* mech: import Doug Rabson mechglue from freebsd
1402	
1403	* spnego: Import Luke Howard's SPNEGO from the mechglue branch
1404
14052006-06-22  Love Hörnquist Åstrand  <lha@it.su.se>
1406
1407	* gssapi.h: Add oid_to_str.
1408
1409	* Makefile.am: add oid_to_str and test_oid
1410	
1411	* oid_to_str.c: Add gss_oid_to_str
1412
1413	* test_oid.c: Add test for gss_oid_to_str()
1414	
14152006-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
1416
1417	* verify_mic.c: Less pointer signedness warnings.
1418
1419	* unwrap.c: Less pointer signedness warnings.
1420
1421	* arcfour.c: Less pointer signedness warnings.
1422
1423	* gssapi_locl.h: Use const void * to instead of unsigned char * to
1424	avoid pointer signedness warnings.
1425
1426	* encapsulate.c: Use const void * to instead of unsigned char * to
1427	avoid pointer signedness warnings.
1428
1429	* decapsulate.c: Use const void * to instead of unsigned char * to
1430	avoid pointer signedness warnings.
1431
1432	* decapsulate.c: Less pointer signedness warnings.
1433
1434	* cfx.c: Less pointer signedness warnings.
1435
1436	* init_sec_context.c: Less pointer signedness warnings (partly by
1437	using the new asn.1 CHOICE decoder)
1438
1439	* import_sec_context.c: Less pointer signedness warnings.
1440
14412006-05-09  Love Hörnquist Åstrand  <lha@it.su.se>
1442
1443	* accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
1444	Andrew Abartlet.
1445	
14462006-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
1447
1448	* get_mic.c (mic_des3): make sure message_buffer doesn't point to
1449	free()ed memory on failure. Pointed out by IBM checker.
1450	
14512006-05-05  Love Hörnquist Åstrand  <lha@it.su.se>
1452
1453	* Rename u_intXX_t to uintXX_t
1454	
14552006-05-04 Love Hörnquist Åstrand <lha@it.su.se>
1456
1457	* cfx.c: Less pointer signedness warnings.
1458
1459	* arcfour.c: Avoid pointer signedness warnings.
1460
1461	* gssapi_locl.h (gssapi_decode_*): make data argument const void *
1462	
1463	* 8003.c (gssapi_decode_*): make data argument const void *
1464	
14652006-04-12  Love Hörnquist Åstrand  <lha@it.su.se>
1466	
1467	* export_sec_context.c: Export sequence order element. From Wynn
1468	Wilkes <wynn.wilkes@quest.com>.
1469
1470	* import_sec_context.c: Import sequence order element. From Wynn
1471	Wilkes <wynn.wilkes@quest.com>.
1472
1473	* sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
1474	New functions, used by {import,export}_sec_context.  From Wynn
1475	Wilkes <wynn.wilkes@quest.com>.
1476
1477	* test_sequence.c: Add test for import/export sequence.
1478	
14792006-04-09  Love Hörnquist Åstrand  <lha@it.su.se>
1480	
1481	* add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
1482	standard conformance failure, but much better then a crash.
1483	
14842006-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
1485	
1486	* get_mic.c (get_mic*)_: make sure message_token is cleaned on
1487	error, found by IBM checker.
1488
1489	* wrap.c (wrap*): Reset output_buffer on error, found by IBM
1490	checker.
1491	
14922006-02-15  Love Hörnquist Åstrand  <lha@it.su.se>
1493	
1494	* import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
1495	GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
1496	
14972006-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
1498	
1499	* delete_sec_context.c (gss_delete_sec_context): if the context
1500	handle is GSS_C_NO_CONTEXT, don't fall over.
1501
15022005-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
1503
1504	* gss_acquire_cred.3: Replace gss_krb5_import_ccache with
1505	gss_krb5_import_cred and add more references
1506	
15072005-12-05  Love Hörnquist Åstrand  <lha@it.su.se>
1508
1509	* gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
1510	it can handle keytabs too.
1511
1512	* add_cred.c (gss_add_cred): avoid deadlock
1513
1514	* context_time.c (gssapi_lifetime_left): define the 0 lifetime as
1515	GSS_C_INDEFINITE.
1516	
15172005-12-01  Love Hörnquist Åstrand  <lha@it.su.se>
1518
1519	* acquire_cred.c (acquire_acceptor_cred): only check if principal
1520	exists if we got called with principal as an argument.
1521
1522	* acquire_cred.c (acquire_acceptor_cred): check that the acceptor
1523	exists in the keytab before returning ok.
1524	
15252005-11-29  Love Hörnquist Åstrand  <lha@it.su.se>
1526	
1527	* copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
1528	Bartlett.
1529	
15302005-11-25  Love Hörnquist Åstrand  <lha@it.su.se>
1531
1532	* test_kcred.c: Rename gss_krb5_import_ccache to
1533	gss_krb5_import_cred.
1534	
1535	* copy_ccache.c: Rename gss_krb5_import_ccache to
1536	gss_krb5_import_cred and let it grow code to handle keytabs too.
1537	
15382005-11-02  Love Hörnquist Åstrand  <lha@it.su.se>
1539
1540	* init_sec_context.c: Change sematics of ok-as-delegate to match
1541	windows if
1542	[gssapi]realm/ok-as-delegate=true is set, otherwise keep old
1543	sematics.
1544	
1545	* release_cred.c (gss_release_cred): use
1546	GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
1547	krb5_cc_destroy-ed
1548	
1549	* acquire_cred.c (acquire_initiator_cred):
1550	GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
1551
1552	* accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
1553	to use gss_krb5_import_ccache
1554	
15552005-11-01  Love Hörnquist Åstrand  <lha@it.su.se>
1556
1557	* arcfour.c: Remove signedness warnings.
1558	
15592005-10-31  Love Hörnquist Åstrand  <lha@it.su.se>
1560
1561	* gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
1562	by reference.
1563
1564	* copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
1565	of the ccache, make a reference by getting the name and resolving
1566	the name. This way the cache is shared, this flipp side is of
1567	course that if someone calls krb5_cc_destroy the cache is lost for
1568	everyone.
1569	
1570	* test_kcred.c: Remove memory leaks.
1571	
15722005-10-26  Love Hörnquist Åstrand  <lha@it.su.se>
1573	
1574	* Makefile.am: build test_kcred
1575	
1576	* gss_acquire_cred.3: Document gss_krb5_import_ccache
1577
1578	* gssapi.3: Sort and add gss_krb5_import_ccache.
1579	
1580	* acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
1581	used to extract lifetime from a credential cache
1582
1583	* gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
1584	lifetime from a credential cache.
1585
1586	* gssapi.h: add gss_krb5_import_ccache, reverse of
1587	gss_krb5_copy_ccache
1588
1589	* copy_ccache.c: add gss_krb5_import_ccache, reverse of
1590	gss_krb5_copy_ccache
1591
1592	* test_kcred.c: test gss_krb5_import_ccache
1593	
15942005-10-21  Love Hörnquist Åstrand  <lha@it.su.se>
1595
1596	* acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
1597	to find a matching creditial cache, if that failes, fallback to
1598	the default cache.
1599	
16002005-10-12  Love Hörnquist Åstrand  <lha@it.su.se>
1601
1602	* gssapi_locl.h: Add gssapi_krb5_set_status and
1603	gssapi_krb5_clear_status
1604	
1605	* init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
1606	errors, use GSS-API errors instead. From Michael B Allen.
1607
1608	* display_status.c: Add gssapi_krb5_clear_status,
1609	gssapi_krb5_set_status for handling error messages.
1610	
16112005-08-23  Love Hörnquist Åstrand  <lha@it.su.se>
1612
1613	* external.c: Use rk_UNCONST to avoid const warning.
1614	
1615	* display_status.c: Constify strings to avoid warnings.
1616	
16172005-08-11 Love Hörnquist Åstrand  <lha@it.su.se>
1618
1619	* init_sec_context.c: avoid warnings, update (c)
1620
16212005-07-13  Love Hörnquist Åstrand  <lha@it.su.se>
1622
1623	* init_sec_context.c (spnego_initial): use NegotiationToken
1624	encoder now that we have one with the new asn1. compiler.
1625	
1626	* Makefile.am: the new asn.1 compiler includes the modules name in
1627	the depend file
1628
16292005-06-16  Love Hörnquist Åstrand  <lha@it.su.se>
1630
1631	* decapsulate.c: use rk_UNCONST
1632
1633	* ccache_name.c: rename to avoid shadowing
1634
1635	* gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
1636	
1637	* process_context_token.c: use rk_UNCONST to unconstify
1638	
1639	* test_cred.c: rename optind to optidx
1640
16412005-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
1642
1643	* init_sec_context.c (init_auth): honor ok-as-delegate if local
1644	configuration approves
1645
1646	* gssapi_locl.h: prototype for _gss_check_compat
1647
1648	* compat.c: export check_compat as _gss_check_compat
1649
16502005-05-29  Love Hörnquist Åstrand  <lha@it.su.se>
1651
1652	* init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
1653	problems with system headerfiles that pollute the name space.
1654
1655	* accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
1656	problems with system headerfiles that pollute the name space.
1657
16582005-05-17  Love Hörnquist Åstrand  <lha@it.su.se>
1659
1660	* init_sec_context.c (init_auth): set
1661	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
1662	also while here, use krb5_auth_con_addflags
1663
16642005-05-06  Love Hörnquist Åstrand  <lha@it.su.se>
1665
1666	* arcfour.c (_…

Large files files are truncated, but you can click here to view the full file