PageRenderTime 59ms CodeModel.GetById 21ms app.highlight 19ms RepoModel.GetById 1ms app.codeStats 0ms

/crypto/heimdal/lib/gssapi/ChangeLog

https://bitbucket.org/freebsd/freebsd-head/
#! | 2970 lines | 1781 code | 1189 blank | 0 comment | 0 complexity | 064e0feaf998d4b0551c28c4ef696f4c MD5 | raw file
   12008-08-14  Love Hornquist Astrand  <lha@10a140laptop.local>
   2
   3	* krb5/accept_sec_context.c: If there is a initiator subkey, copy
   4	that to acceptor subkey to match windows behavior. From Metze.
   5
   62008-08-02  Love Hörnquist Åstrand  <lha@h5l.org>
   7
   8	* ntlm/init_sec_context.c: Catch error
   9
  10	* krb5/inquire_sec_context_by_oid.c: Catch store failure.
  11
  12	* mech/gss_canonicalize_name.c: Not init m, return never
  13	used (overwritten later).
  14
  152008-07-25  Love Hörnquist Åstrand  <lha@kth.se>
  16
  17	* ntlm/init_sec_context.c: Use krb5_cc_get_config.
  18
  192008-07-25  Love Hörnquist Åstrand  <lha@kth.se>
  20
  21	* krb5/init_sec_context.c: Match the orignal patch I got from
  22	metze, seems that DCE-STYLE is even more weirer then what I though
  23	when I merged the patch.
  24
  252008-06-02  Love Hörnquist Åstrand  <lha@kth.se>
  26
  27	* krb5/init_sec_context.c: Don't add asn1 wrapping to token when
  28	using DCE_STYLE.  Patch from Stefan Metzmacher.
  29
  302008-05-27  Love Hörnquist Åstrand  <lha@kth.se>
  31	
  32	* ntlm/init_sec_context.c: use krb5_get_error_message
  33
  342008-05-05  Love Hörnquist Åstrand  <lha@kth.se>
  35	
  36	* spnego/spnego_locl.h: Add back "mech/utils.h", its needed for
  37	oid/buffer functions.
  38
  392008-05-02  Love Hörnquist Åstrand  <lha@it.su.se>
  40
  41	* spnego: Changes from doug barton to make spnego indepedant of
  42	the heimdal version of the plugin system.
  43
  442008-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
  45
  46	* krb5: use DES_set_key_unchecked()
  47
  482008-04-17  Love Hörnquist Åstrand  <lha@it.su.se>
  49
  50	* add __declspec() for windows.
  51
  522008-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
  53
  54	* krb5/import_sec_context.c: Use tmp to read ac->flags value to
  55	avoid warning.
  56
  572008-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
  58
  59	* mech/gss_mech_switch.c: Use unsigned where appropriate.
  60
  612008-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
  62
  63	* test_context.c: Add test for gsskrb5_register_acceptor_identity.
  64
  652008-03-09  Love Hörnquist Åstrand  <lha@it.su.se>
  66
  67	* krb5/init_sec_context.c (init_auth): use right variable to
  68	detect if we want to free or not.
  69
  702008-02-26  Love Hörnquist Åstrand  <lha@it.su.se>
  71
  72	* Makefile.am: add missing \
  73
  74	* Makefile.am: reshuffle depenencies
  75
  76	* Add flag to krb5 to not add GSS-API INT|CONF to the negotiation
  77
  782008-02-21  Love Hörnquist Åstrand  <lha@it.su.se>
  79
  80	* make the SPNEGO mech store the error itself instead, works for
  81	everything except other stackable mechs
  82
  832008-02-18  Love Hörnquist Åstrand  <lha@it.su.se>
  84
  85	* spnego/init_sec_context.c (spnego_reply): if the reply token was
  86	of length 0, make it the same as no token. Pointed out by Zeqing
  87	Xia.
  88
  89	* krb5/acquire_cred.c (acquire_initiator_cred): handle the
  90	credential cache better, use destroy/close when appriate and for
  91	all cases. Thanks to Michael Allen for point out the memory-leak
  92	that I also fixed.
  93
  942008-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
  95
  96	* spnego/accept_sec_context.c: Make error reporting somewhat more
  97	correct for SPNEGO.
  98
  992008-01-27  Love Hörnquist Åstrand  <lha@it.su.se>
 100
 101	* test_common.c: Improve the error message.
 102
 1032008-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
 104
 105	* ntlm/accept_sec_context.c: Avoid free-ing type1 message before
 106	its allocated.
 107	
 1082008-01-13  Love Hörnquist Åstrand  <lha@it.su.se>
 109
 110	* test_ntlm.c: Test source name (and make the acceptor in ntlm gss
 111	mech useful).
 112
 1132007-12-30  Love Hörnquist Åstrand  <lha@it.su.se>
 114
 115	* ntlm/init_sec_context.c: Don't confuse target name and source
 116	name, make regressiont tests pass again.
 117	
 1182007-12-29  Love Hörnquist Åstrand  <lha@it.su.se>
 119	
 120	* ntlm: clean up name handling
 121
 1222007-12-04  Love Hörnquist Åstrand  <lha@it.su.se>
 123
 124	* ntlm/init_sec_context.c: Use credential if it was passed in.
 125
 126	* ntlm/acquire_cred.c: Check if there is initial creds with
 127	_gss_ntlm_get_user_cred().
 128
 129	* ntlm/init_sec_context.c: Add _gss_ntlm_get_user_info() that
 130	return the user info so it can be used by external modules.
 131
 132	* ntlm/inquire_cred.c: use the right error code.
 133
 134	* ntlm/inquire_cred.c: Return GSS_C_NO_CREDENTIAL if there is no
 135	credential, ntlm have (not yet) a default credential.
 136	
 137	* mech/gss_release_oid_set.c: Avoid trying to deref NULL, from
 138	Phil Fisher.
 139
 1402007-12-03  Love Hörnquist Åstrand  <lha@it.su.se>
 141	
 142	* test_acquire_cred.c: Always try to fetch cred (even with
 143	GSS_C_NO_NAME).
 144
 1452007-08-09  Love Hörnquist Åstrand  <lha@it.su.se>
 146
 147	* mech/gss_krb5.c: Readd gss_krb5_get_tkt_flags.
 148
 1492007-08-08  Love Hörnquist Åstrand  <lha@it.su.se>
 150
 151	* spnego/compat.c (_gss_spnego_internal_delete_sec_context):
 152	release ctx->target_name too From Rafal Malinowski.
 153
 1542007-07-26  Love Hörnquist Åstrand  <lha@it.su.se>
 155
 156	* mech/gss_mech_switch.c: Don't try to do dlopen if system doesn't
 157	have dlopen. From Rune of Chalmers.
 158
 1592007-07-10  Love Hörnquist Åstrand  <lha@it.su.se>
 160
 161	* mech/gss_duplicate_name.c: New signature of _gss_find_mn.
 162
 163	* mech/gss_init_sec_context.c: New signature of _gss_find_mn.
 164
 165	* mech/gss_acquire_cred.c: New signature of _gss_find_mn.
 166
 167	* mech/name.h: New signature of _gss_find_mn.
 168
 169	* mech/gss_canonicalize_name.c: New signature of _gss_find_mn.
 170
 171	* mech/gss_compare_name.c: New signature of _gss_find_mn.
 172
 173	* mech/gss_add_cred.c: New signature of _gss_find_mn.
 174
 175	* mech/gss_names.c (_gss_find_mn): Return an error code for
 176	caller.
 177
 178	* spnego/accept_sec_context.c: remove checks that are done by the
 179	previous function.
 180
 181	* Makefile.am: New library version.
 182
 1832007-07-04  Love Hörnquist Åstrand  <lha@it.su.se>
 184
 185	* mech/gss_oid_to_str.c: Refuse to print GSS_C_NULL_OID, from
 186	Rafal Malinowski.
 187
 188	* spnego/spnego.asn1: Indent and make NegTokenInit and
 189	NegTokenResp extendable.
 190
 1912007-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
 192
 193	* ntlm/inquire_cred.c: Implement _gss_ntlm_inquire_cred.
 194
 195	* mech/gss_display_status.c: Provide message for GSS_S_COMPLETE.
 196	
 197	* mech/context.c: If the canned string is "", its no use to the
 198	user, make it fall back to the default error string.
 199	
 2002007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
 201
 202	* mech/gss_display_name.c (gss_display_name): no name ->
 203	fail. From Rafal Malinswski.
 204
 205	* spnego/accept_sec_context.c: Wrap name in a spnego_name instead
 206	of just a copy of the underlaying object. From Rafal Malinswski.
 207
 208	* spnego/accept_sec_context.c: Handle underlaying mech not
 209	returning mn.
 210
 211	* mech/gss_accept_sec_context.c: Handle underlaying mech not
 212	returning mn.
 213
 214	* spnego/accept_sec_context.c: Make sure src_name is always set to
 215	GSS_C_NO_NAME when returning.
 216
 217	* krb5/acquire_cred.c (acquire_acceptor_cred): don't claim
 218	everything is well on failure.  From Phil Fisher.
 219
 220	* mech/gss_duplicate_name.c: catch error (and ignore it)
 221
 222	* ntlm/init_sec_context.c: Use heim_ntlm_calculate_ntlm2_sess.
 223
 224	* mech/gss_accept_sec_context.c: Only wrap the delegated cred if
 225	we got a delegated mech cred.  From Rafal Malinowski.
 226
 227	* spnego/accept_sec_context.c: Only wrap the delegated cred if we
 228	are going to return it to the consumer.  From Rafal Malinowski.
 229
 230	* spnego/accept_sec_context.c: Fixed memory leak pointed out by
 231	Rafal Malinowski, also while here moved to use NegotiationToken
 232	for decoding.
 233
 2342007-06-18  Love Hörnquist Åstrand  <lha@it.su.se>
 235
 236	* krb5/prf.c (_gsskrb5_pseudo_random): add missing break.
 237
 238	* krb5/release_name.c: Set *minor_status unconditionallty, its
 239	done later anyway.
 240
 241	* spnego/accept_sec_context.c: Init get_mic to 0.
 242
 243	* mech/gss_set_cred_option.c: Free memory in failure case, found
 244	by beam.
 245
 246	* mech/gss_inquire_context.c: Handle mech_type being NULL.
 247
 248	* mech/gss_inquire_cred_by_mech.c: Handle cred_name being NULL.
 249
 250	* mech/gss_krb5.c: Free memory in error case, found by beam.
 251
 2522007-06-12  Love Hörnquist Åstrand  <lha@it.su.se>
 253
 254	* ntlm/inquire_context.c: Use ctx->gssflags for flags.
 255
 256	* krb5/display_name.c: Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is
 257	not ment for machine consumption.
 258
 2592007-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
 260
 261	* ntlm/digest.c (kdc_alloc): free memory on failure, pointed out
 262	by Rafal Malinowski.
 263	
 264	* ntlm/digest.c (kdc_destroy): free context when done, pointed out
 265	by Rafal Malinowski.
 266
 267	* spnego/context_stubs.c (_gss_spnego_display_name): if input_name
 268	is null, fail.  From Rafal Malinowski.
 269	
 2702007-06-04  Love Hörnquist Åstrand  <lha@it.su.se>
 271	
 272	* ntlm/digest.c: Free memory when done.
 273	
 2742007-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
 275
 276	* test_ntlm.c: Test both with and without keyex.
 277
 278	* ntlm/digest.c: If we didn't set session key, don't expect one
 279	back.
 280
 281	* test_ntlm.c: Set keyex flag and calculate session key.
 282	
 2832007-05-31  Love Hörnquist Åstrand  <lha@it.su.se>
 284	
 285	* spnego/accept_sec_context.c: Use the return value before is
 286	overwritten by later calls.  From Rafal Malinowski
 287
 288	* krb5/release_cred.c: Give an minor_status argument to
 289	gss_release_oid_set.  From Rafal Malinowski
 290	
 2912007-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
 292
 293	* ntlm/accept_sec_context.c: Catch errors and return the up the
 294	stack.
 295
 296	* test_kcred.c: more testing of lifetimes
 297	
 2982007-05-17  Love Hörnquist Åstrand  <lha@it.su.se>
 299
 300	* Makefile.am: Drop the gss oid_set function for the krb5 mech,
 301	use the mech glue versions instead. Pointed out by Rafal
 302	Malinowski.
 303
 304	* krb5: Use gss oid_set functions from mechglue
 305
 3062007-05-14  Love Hörnquist Åstrand  <lha@it.su.se>
 307
 308	* ntlm/accept_sec_context.c: Set session key only if we are
 309	returned a session key. Found by David Love.
 310	
 3112007-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
 312	
 313	* krb5/prf.c: switched MIN to min to make compile on solaris,
 314	pointed out by David Love.
 315	
 3162007-05-09 Love Hörnquist Åstrand <lha@it.su.se>
 317
 318	* krb5/inquire_cred_by_mech.c: Fill in all of the variables if
 319	they are passed in. Pointed out by Phil Fisher.
 320	
 3212007-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
 322
 323	* krb5/inquire_cred.c: Fix copy and paste error, bug spotted by
 324	from Phil Fisher.
 325
 326	* mech: dont keep track of gc_usage, just figure it out at
 327	gss_inquire_cred() time
 328
 329	* mech/gss_mech_switch.c (add_builtin): ok for
 330	__gss_mech_initialize() to return NULL
 331
 332	* test_kcred.c: more correct tests
 333
 334	* spnego/cred_stubs.c (gss_inquire_cred*): wrap the name with a
 335	spnego_name.
 336
 337	* ntlm/inquire_cred.c: make ntlm gss_inquire_cred fail for now,
 338	need to find default cred and friends.
 339
 340	* krb5/inquire_cred_by_mech.c: reimplement
 341	
 3422007-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
 343	
 344	* ntlm/acquire_cred.c: drop unused variable.
 345
 346	* ntlm/acquire_cred.c: Reimplement.
 347
 348	* Makefile.am: add ntlm/digest.c
 349
 350	* ntlm: split out backend ntlm server processing
 351
 3522007-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
 353
 354	* ntlm/delete_sec_context.c (_gss_ntlm_delete_sec_context): free
 355	credcache when done
 356	
 3572007-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 358
 359	* ntlm/init_sec_context.c: ntlm-key credential entry is prefix with @
 360	
 361	* ntlm/init_sec_context.c (get_user_ccache): pick up the ntlm
 362	creds from the krb5 credential cache.
 363	
 3642007-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
 365
 366	* ntlm/delete_sec_context.c: free the key stored in the context
 367
 368	* ntlm/ntlm.h: switch password for a key
 369
 370	* test_oid.c: Switch oid to one that is exported.
 371	
 3722007-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
 373
 374	* ntlm/init_sec_context.c: move where hash is calculated to make
 375	it easier to add ccache support.
 376
 377	* Makefile.am: Add version-script.map to EXTRA_DIST.
 378	
 3792007-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
 380
 381	* Makefile.am: Unconfuse newer versions of automake that doesn't
 382	know the diffrence between depenences and setting variables. foo:
 383	vs foo=.
 384
 385	* test_ntlm.c: delete sec context when done.
 386
 387	* version-script.map: export more symbols.
 388	
 389	* Makefile.am: add version script if ld supports it
 390	
 391	* version-script.map: add version script if ld supports it
 392	
 3932007-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
 394	
 395	* Makefile.am: test_acquire_cred need test_common.[ch]
 396
 397	* test_acquire_cred.c: add more test options.
 398
 399	* krb5/external.c: add GSS_KRB5_CCACHE_NAME_X
 400
 401	* gssapi/gssapi_krb5.h: add GSS_KRB5_CCACHE_NAME_X
 402
 403	* krb5/set_sec_context_option.c: refactor code, implement
 404	GSS_KRB5_CCACHE_NAME_X
 405
 406	* mech/gss_krb5.c: reimplement gss_krb5_ccache_name
 407	
 4082007-04-17  Love Hörnquist Åstrand <lha@it.su.se>
 409	
 410	* spnego/cred_stubs.c: Need to import spnego name before we can
 411	use it as a gss_name_t.
 412
 413	* test_acquire_cred.c: use this test as part of the regression
 414	suite.
 415
 416	* mech/gss_acquire_cred.c (gss_acquire_cred): dont init
 417	cred->gc_mc every time in the loop.
 418	
 4192007-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
 420
 421	* Makefile.am: add test_common.h
 422	
 4232007-02-16  Love Hörnquist Åstrand  <lha@it.su.se>
 424
 425	* gss_acquire_cred.3: Add link for
 426	gsskrb5_register_acceptor_identity.
 427
 4282007-02-08  Love Hörnquist Åstrand  <lha@it.su.se>
 429
 430	* krb5/copy_ccache.c: Try to leak less memory in the failure case.
 431	
 4322007-01-31  Love Hörnquist Åstrand  <lha@it.su.se>
 433	
 434	* mech/gss_display_status.c: Use right printf formater.
 435
 436	* test_*.[ch]: split out the error printing function and try to
 437	return better errors
 438
 4392007-01-30  Love Hörnquist Åstrand  <lha@it.su.se>
 440
 441	* krb5/init_sec_context.c: revert 1.75: (init_auth): only turn on
 442	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
 443	
 444	This is because Kerberos always support INT|CONF, matches behavior
 445	with MS and MIT. The creates problems for the GSS-SPNEGO mech.
 446	
 4472007-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
 448	
 449	* krb5/prf.c: constrain desired_output_len
 450
 451	* krb5/external.c (krb5_mech): add _gsskrb5_pseudo_random
 452
 453	* mech/gss_pseudo_random.c: Catch error from underlaying mech on
 454	failure.
 455
 456	* Makefile.am: Add krb5/prf.c
 457
 458	* krb5/prf.c: gss_pseudo_random for krb5
 459
 460	* test_context.c: Checks for gss_pseudo_random.
 461
 462	* krb5/gkrb5_err.et: add KG_INPUT_TOO_LONG
 463
 464	* Makefile.am: Add mech/gss_pseudo_random.c
 465
 466	* gssapi/gssapi.h: try to load pseudo_random
 467
 468	* mech/gss_mech_switch.c: try to load pseudo_random
 469
 470	* mech/gss_pseudo_random.c: Add gss_pseudo_random.
 471
 472	* gssapi_mech.h: Add hook for gm_pseudo_random.
 473	
 4742007-01-17  Love Hörnquist Åstrand  <lha@it.su.se>
 475	
 476	* test_context.c: Don't assume bufer from gss_display_status is
 477	ok.
 478
 479	* mech/gss_wrap_size_limit.c: Reset out variables.
 480
 481	* mech/gss_wrap.c: Reset out variables.
 482
 483	* mech/gss_verify_mic.c: Reset out variables.
 484
 485	* mech/gss_utils.c: Reset out variables.
 486
 487	* mech/gss_release_oid_set.c: Reset out variables.
 488
 489	* mech/gss_release_cred.c: Reset out variables.
 490
 491	* mech/gss_release_buffer.c: Reset variables.
 492
 493	* mech/gss_oid_to_str.c: Reset out variables.
 494
 495	* mech/gss_inquire_sec_context_by_oid.c: Fix reset out variables.
 496
 497	* mech/gss_mech_switch.c: Reset out variables.
 498
 499	* mech/gss_inquire_sec_context_by_oid.c: Reset out variables.
 500
 501	* mech/gss_inquire_names_for_mech.c: Reset out variables.
 502
 503	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
 504
 505	* mech/gss_inquire_cred_by_oid.c: Reset out variables.
 506
 507	* mech/gss_inquire_cred_by_mech.c: Reset out variables.
 508
 509	* mech/gss_inquire_cred.c: Reset out variables, fix memory leak.
 510
 511	* mech/gss_inquire_context.c: Reset out variables.
 512
 513	* mech/gss_init_sec_context.c: Zero out outbuffer on failure.
 514
 515	* mech/gss_import_name.c: Reset out variables.
 516
 517	* mech/gss_import_name.c: Reset out variables.
 518
 519	* mech/gss_get_mic.c: Reset out variables.
 520
 521	* mech/gss_export_name.c: Reset out variables.
 522
 523	* mech/gss_encapsulate_token.c: Reset out variables.
 524
 525	* mech/gss_duplicate_oid.c: Reset out variables.
 526
 527	* mech/gss_duplicate_oid.c: Reset out variables.
 528
 529	* mech/gss_duplicate_name.c: Reset out variables.
 530
 531	* mech/gss_display_status.c: Reset out variables.
 532
 533	* mech/gss_display_name.c: Reset out variables.
 534
 535	* mech/gss_delete_sec_context.c: Reset out variables using propper
 536	macros.
 537
 538	* mech/gss_decapsulate_token.c: Reset out variables using propper
 539	macros.
 540
 541	* mech/gss_add_cred.c: Reset out variables.
 542
 543	* mech/gss_acquire_cred.c: Reset out variables.
 544
 545	* mech/gss_accept_sec_context.c: Reset out variables using propper
 546	macros.
 547
 548	* mech/gss_init_sec_context.c: Reset out variables.
 549
 550	* mech/mech_locl.h (_mg_buffer_zero): new macro that zaps a
 551	gss_buffer_t
 552
 5532007-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
 554	
 555	* mech: sprinkel _gss_mg_error
 556
 557	* mech/gss_display_status.c (gss_display_status): use
 558	_gss_mg_get_error to fetch the error from underlaying mech, if it
 559	failes, let do the regular dance for GSS-CODE version and a
 560	generic print-the-error code for MECH-CODE.
 561
 562	* mech/gss_oid_to_str.c: Don't include the NUL in the length of
 563	the string.
 564
 565	* mech/context.h: Protoypes for _gss_mg_.
 566
 567	* mech/context.c: Glue to catch the error from the lower gss-api
 568	layer and save that for later so gss_display_status() can show the
 569	error.
 570
 571	* gss.c: Detect NTLM.
 572	
 5732007-01-11  Love Hörnquist Åstrand  <lha@it.su.se>
 574	
 575	* mech/gss_accept_sec_context.c: spelling
 576	
 5772007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
 578	
 579	* Makefile.am: Include build (private) prototypes header files.
 580
 581	* Makefile.am (ntlmsrc): add ntlm/ntlm-private.h
 582	
 5832006-12-28  Love Hörnquist Åstrand  <lha@it.su.se>
 584	
 585	* ntlm/accept_sec_context.c: Pass signseal argument to
 586	_gss_ntlm_set_key.
 587
 588	* ntlm/init_sec_context.c: Pass signseal argument to
 589	_gss_ntlm_set_key.
 590
 591	* ntlm/crypto.c (_gss_ntlm_set_key): add signseal argument
 592
 593	* test_ntlm.c: add ntlmv2 test
 594
 595	* ntlm/ntlm.h: break out struct ntlmv2_key;
 596
 597	* ntlm/crypto.c (_gss_ntlm_set_key): set ntlm v2 keys.
 598
 599	* ntlm/accept_sec_context.c: Set dummy ntlmv2 keys and Check TI.
 600
 601	* ntlm/ntlm.h: NTLMv2 keys.
 602
 603	* ntlm/crypto.c: NTLMv2 sign and verify.
 604	
 6052006-12-20  Love Hörnquist Åstrand  <lha@it.su.se>
 606
 607	* ntlm/accept_sec_context.c: Don't send targetinfo now.
 608	
 609	* ntlm/init_sec_context.c: Build ntlmv2 answer buffer.
 610
 611	* ntlm/init_sec_context.c: Leak less memory.
 612
 613	* ntlm/init_sec_context.c: Announce that we support key exchange.
 614
 615	* ntlm/init_sec_context.c: Add NTLM_NEG_NTLM2_SESSION, NTLMv2
 616	session security (disable because missing sign and seal).
 617	
 6182006-12-19  Love Hörnquist Åstrand  <lha@it.su.se>
 619	
 620	* ntlm/accept_sec_context.c: split RC4 send and recv keystreams
 621
 622	* ntlm/init_sec_context.c: split RC4 send and recv keystreams
 623
 624	* ntlm/ntlm.h: split RC4 send and recv keystreams
 625
 626	* ntlm/crypto.c: Implement SEAL.
 627
 628	* ntlm/crypto.c: move gss_wrap/gss_unwrap here
 629
 630	* test_context.c: request INT and CONF from the gss layer, test
 631	get and verify MIC.
 632
 633	* ntlm/ntlm.h: add crypto bits.
 634
 635	* ntlm/accept_sec_context.c: Save session master key.
 636
 637	* Makefile.am: Move get and verify mic to the same file (crypto.c)
 638	since they share code.
 639
 640	* ntlm/crypto.c: Move get and verify mic to the same file since
 641	they share code, implement NTLM v1 and dummy signatures.
 642
 643	* ntlm/init_sec_context.c: pass on GSS_C_CONF_FLAG and
 644	GSS_C_INTEG_FLAG, save the session master key
 645	
 646	* spnego/accept_sec_context.c: try using gss_accept_sec_context()
 647	on the opportunistic token instead of guessing the acceptor name
 648	and do gss_acquire_cred, this make SPNEGO work like before.
 649	
 6502006-12-18  Love Hörnquist Åstrand  <lha@it.su.se>
 651	
 652	* ntlm/init_sec_context.c: Calculate the NTLM version 1 "master"
 653	key.
 654
 655	* spnego/accept_sec_context.c: Resurect negHints for the acceptor
 656	sends first packet.
 657	
 658	* Makefile.am: Add "windows" versions of the NegTokenInitWin and
 659	friends.
 660
 661	* test_context.c: add --wrapunwrap flag
 662
 663	* spnego/compat.c: move _gss_spnego_indicate_mechtypelist() to
 664	compat.c, use the sequence types of MechTypeList, make
 665	add_mech_type() static.
 666
 667	* spnego/accept_sec_context.c: move
 668	_gss_spnego_indicate_mechtypelist() to compat.c
 669
 670	* Makefile.am: Generate sequence code for MechTypeList
 671
 672	* spnego: check that the generated acceptor mechlist is acceptable too
 673
 674	* spnego/init_sec_context.c: Abstract out the initiator filter
 675	function, it will be needed for the acceptor too.
 676
 677	* spnego/accept_sec_context.c: Abstract out the initiator filter
 678	function, it will be needed for the acceptor too. Remove negHints.
 679
 680	* test_context.c: allow asserting return mech
 681
 682	* ntlm/accept_sec_context.c: add _gss_ntlm_allocate_ctx
 683
 684	* ntlm/acquire_cred.c: Check that the KDC seem to there and
 685	answering us, we can't do better then that wen checking if we will
 686	accept the credential.
 687
 688	* ntlm/get_mic.c: return GSS_S_UNAVAILABLE
 689
 690	* mech/utils.h: add _gss_free_oid, reverse of _gss_copy_oid
 691
 692	* mech/gss_utils.c: add _gss_free_oid, reverse of _gss_copy_oid
 693
 694	* spnego/spnego.asn1: Its very sad, but NegHints its are not part
 695	of the NegTokenInit, this makes SPNEGO acceptor life a lot harder.
 696	
 697	* spnego: try harder to handle names better. handle missing
 698	acceptor and initator creds better (ie dont propose/accept mech
 699	that there are no credentials for) split NegTokenInit and
 700	NegTokenResp in acceptor
 701
 7022006-12-16  Love Hörnquist Åstrand  <lha@it.su.se>
 703
 704	* ntlm/import_name.c: Allocate the buffer from the right length.
 705	
 7062006-12-15  Love Hörnquist Åstrand  <lha@it.su.se>
 707
 708	* ntlm/init_sec_context.c (init_sec_context): Tell the other side
 709	what domain we think we are talking to.
 710
 711	* ntlm/delete_sec_context.c: free username and password
 712
 713	* ntlm/release_name.c (_gss_ntlm_release_name): free name.
 714
 715	* ntlm/import_name.c (_gss_ntlm_import_name): add support for
 716	GSS_C_NT_HOSTBASED_SERVICE names
 717
 718	* ntlm/ntlm.h: Add ntlm_name.
 719
 720	* test_context.c: allow testing of ntlm.
 721
 722	* gssapi_mech.h: add __gss_ntlm_initialize
 723
 724	* ntlm/accept_sec_context.c (handle_type3): verify that the kdc
 725	approved of the ntlm exchange too
 726
 727	* mech/gss_mech_switch.c: Add the builtin ntlm mech
 728
 729	* test_ntlm.c: NTLM test app.
 730
 731	* mech/gss_accept_sec_context.c: Add detection of NTLMSSP.
 732
 733	* gssapi/gssapi.h: add ntlm mech oid
 734
 735	* ntlm/external.c: Switch OID to the ms ntlmssp oid
 736
 737	* Makefile.am: Add ntlm gss-api module.
 738
 739	* ntlm/accept_sec_context.c: Catch more error errors.
 740
 741	* ntlm/accept_sec_context.c: Check after a credential to use.
 742	
 7432006-12-14  Love Hörnquist Åstrand  <lha@it.su.se>
 744	
 745	* krb5/set_sec_context_option.c (GSS_KRB5_SET_DEFAULT_REALM_X):
 746	don't fail on success.  Bug report from Stefan Metzmacher.
 747	
 7482006-12-13  Love Hörnquist Åstrand  <lha@it.su.se>
 749	
 750	* krb5/init_sec_context.c (init_auth): only turn on
 751	GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the caller requseted it.
 752	From Stefan Metzmacher.
 753	
 7542006-12-11  Love Hörnquist Åstrand  <lha@it.su.se>
 755	
 756	* Makefile.am (libgssapi_la_OBJECTS): depends on gssapi_asn1.h
 757	spnego_asn1.h.
 758
 7592006-11-20  Love Hörnquist Åstrand  <lha@it.su.se>
 760
 761	* krb5/acquire_cred.c: Make krb5_get_init_creds_opt_free take a
 762	context argument.
 763	
 7642006-11-16  Love Hörnquist Åstrand <lha@it.su.se>
 765	
 766	* test_context.c: Test that token keys are the same, return
 767	actual_mech.
 768	
 7692006-11-15  Love Hörnquist Åstrand <lha@it.su.se>
 770
 771	* spnego/spnego_locl.h: Make bitfields unsigned, add maybe_open.
 772
 773	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
 774	encode CHOICE structure now that we can handle it.
 775
 776	* spnego/init_sec_context.c: Use ASN.1 encoder functions to encode
 777	CHOICE structure now that we can handle it.
 778
 779	* spnego/accept_sec_context.c (_gss_spnego_accept_sec_context):
 780	send back ad accept_completed when the security context is ->open,
 781	w/o this the client doesn't know that the server have completed
 782	the transaction.
 783
 784	* test_context.c: Add delegate flag and check that the delegated
 785	cred works.
 786
 787	* spnego/init_sec_context.c: Keep track of the opportunistic token
 788	in the inital message, it might be a complete gss-api context, in
 789	that case we'll get back accept_completed without any token. With
 790	this change, krb5 w/o mutual authentication works.
 791
 792	* spnego/accept_sec_context.c: Use ASN.1 encoder functions to
 793	encode CHOICE structure now that we can handle it.
 794
 795	* spnego/accept_sec_context.c: Filter out SPNEGO from the out
 796	supported mechs list and make sure we don't select that for the
 797	preferred mechamism.
 798	
 7992006-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
 800	
 801	* mech/gss_init_sec_context.c (_gss_mech_cred_find): break out the
 802	cred finding to its own function
 803
 804	* krb5/wrap.c: Better error strings, from Andrew Bartlet.
 805	
 8062006-11-13  Love Hörnquist Åstrand  <lha@it.su.se>
 807	
 808	* test_context.c: Create our own krb5_context.
 809
 810	* krb5: Switch from using a specific error message context in the
 811	TLS to have a whole krb5_context in TLS. This have some
 812	interestion side-effekts for the configruration setting options
 813	since they operate on per-thread basis now.
 814
 815	* mech/gss_set_cred_option.c: When calling ->gm_set_cred_option
 816	and checking for success, use GSS_S_COMPLETE. From Andrew Bartlet.
 817	
 8182006-11-12  Love Hörnquist Åstrand  <lha@it.su.se>
 819
 820	* Makefile.am: Help solaris make even more.
 821
 822	* Makefile.am: Help solaris make.
 823	
 8242006-11-09  Love Hörnquist Åstrand  <lha@it.su.se>
 825	
 826	* Makefile.am: remove include $(srcdir)/Makefile-digest.am for now
 827
 828	* mech/gss_accept_sec_context.c: Try better guessing what is mech
 829	we are going to select by looking harder at the input_token, idea
 830	from Luke Howard's mechglue branch.
 831
 832	* Makefile.am: libgssapi_la_OBJECTS: add depency on gkrb5_err.h
 833
 834	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
 835
 836	* mech/gss_krb5.c: implement gss_krb5_set_allowable_enctypes
 837
 838	* gssapi/gssapi.h: GSS_KRB5_S_
 839
 840	* krb5/gsskrb5_locl.h: Include <gkrb5_err.h>.
 841
 842	* gssapi/gssapi_krb5.h: Add gss_krb5_set_allowable_enctypes.
 843
 844	* Makefile.am: Build and install gkrb5_err.h
 845
 846	* krb5/gkrb5_err.et: Move the GSS_KRB5_S error here.
 847	
 8482006-11-08  Love Hörnquist Åstrand  <lha@it.su.se>
 849	
 850	* mech/gss_krb5.c: Add gsskrb5_set_default_realm.
 851
 852	* krb5/set_sec_context_option.c: Support
 853	GSS_KRB5_SET_DEFAULT_REALM_X.
 854
 855	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DEFAULT_REALM_X
 856
 857	* krb5/external.c: add GSS_KRB5_SET_DEFAULT_REALM_X
 858	
 8592006-11-07  Love Hörnquist Åstrand  <lha@it.su.se>
 860	
 861	* test_context.c: rename krb5_[gs]et_time_wrap to
 862	krb5_[gs]et_max_time_skew
 863
 864	* krb5/copy_ccache.c: _gsskrb5_extract_authz_data_from_sec_context
 865	no longer used, bye bye
 866
 867	* mech/gss_krb5.c: No depenency of the krb5 gssapi mech.
 868
 869	* mech/gss_krb5.c (gsskrb5_extract_authtime_from_sec_context): use
 870	_gsskrb5_decode_om_uint32. From Andrew Bartlet.
 871
 872	* mech/gss_krb5.c: Add dummy gss_krb5_set_allowable_enctypes for
 873	now.
 874
 875	* spnego/spnego_locl.h: Include <roken.h> for compatiblity.
 876
 877	* krb5/arcfour.c: Use IS_DCE_STYLE flag. There is no padding in
 878	DCE-STYLE, don't try to use to.  From Andrew Bartlett.
 879
 880	* test_context.c: test wrap/unwrap, add flag for dce-style and
 881	mutual auth, also support multi-roundtrip sessions
 882
 883	* krb5/gsskrb5_locl.h: Add IS_DCE_STYLE macro.
 884
 885	* krb5/accept_sec_context.c (gsskrb5_acceptor_start): use
 886	krb5_rd_req_ctx
 887
 888	* mech/gss_krb5.c (gsskrb5_get_subkey): return the per message
 889	token subkey
 890
 891	* krb5/inquire_sec_context_by_oid.c: check if there is any key at
 892	all
 893	
 8942006-11-06  Love Hörnquist Åstrand <lha@it.su.se>
 895	
 896	* krb5/inquire_sec_context_by_oid.c: Set more error strings, use
 897	right enum for acceptor subkey.  From Andrew Bartlett.
 898	
 8992006-11-04  Love Hörnquist Åstrand  <lha@it.su.se>
 900
 901	* test_context.c: Test gsskrb5_extract_service_keyblock, needed in
 902	PAC valication.  From Andrew Bartlett
 903
 904	* mech/gss_krb5.c: Add gsskrb5_extract_authz_data_from_sec_context
 905	and keyblock extraction functions.
 906
 907	* gssapi/gssapi_krb5.h: Add extraction of keyblock function, from
 908	Andrew Bartlett.
 909
 910	* krb5/external.c: Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
 911	
 9122006-11-03  Love Hörnquist Åstrand  <lha@it.su.se>
 913
 914	* test_context.c: Rename various routines and constants from
 915	canonize to canonicalize.  From Andrew Bartlett
 916
 917	* mech/gss_krb5.c: Rename various routines and constants from
 918	canonize to canonicalize.  From Andrew Bartlett
 919
 920	* krb5/set_sec_context_option.c: Rename various routines and
 921	constants from canonize to canonicalize.  From Andrew Bartlett
 922
 923	* krb5/external.c: Rename various routines and constants from
 924	canonize to canonicalize.  From Andrew Bartlett
 925	
 926	* gssapi/gssapi_krb5.h: Rename various routines and constants from
 927	canonize to canonicalize.  From Andrew Bartlett
 928	
 9292006-10-25  Love Hörnquist Åstrand  <lha@it.su.se>
 930
 931	* krb5/accept_sec_context.c (gsskrb5_accept_delegated_token): need
 932	to free ccache
 933	
 9342006-10-24  Love Hörnquist Åstrand  <lha@it.su.se>
 935	
 936	* test_context.c (loop): free target_name
 937
 938	* mech/gss_accept_sec_context.c: SLIST_INIT the ->gc_mc'
 939	
 940	* mech/gss_acquire_cred.c : SLIST_INIT the ->gc_mc' 
 941
 942	* krb5/init_sec_context.c: Avoid leaking memory.
 943
 944	* mech/gss_buffer_set.c (gss_release_buffer_set): don't leak the
 945	->elements memory.
 946
 947	* test_context.c: make compile
 948
 949	* krb5/cfx.c (_gssapi_verify_mic_cfx): always free crypto context.
 950
 951	* krb5/set_cred_option.c (import_cred): free sp
 952	
 9532006-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
 954
 955	* mech/gss_add_oid_set_member.c: Use old implementation of
 956	gss_add_oid_set_member, it leaks less memory.
 957
 958	* krb5/test_cfx.c: free krb5_crypto.
 959
 960	* krb5/test_cfx.c: free krb5_context
 961
 962	* mech/gss_release_name.c (gss_release_name): free input_name
 963	it-self.
 964	
 9652006-10-21  Love Hörnquist Åstrand  <lha@it.su.se>
 966
 967	* test_context.c: Call setprogname.
 968
 969	* mech/gss_krb5.c: Add gsskrb5_extract_authtime_from_sec_context.
 970
 971	* gssapi/gssapi_krb5.h: add
 972	gsskrb5_extract_authtime_from_sec_context
 973	
 9742006-10-20  Love Hörnquist Åstrand  <lha@it.su.se>
 975	
 976	* krb5/inquire_sec_context_by_oid.c: Add get_authtime.
 977
 978	* krb5/external.c: add GSS_KRB5_GET_AUTHTIME_X
 979
 980	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_AUTHTIME_X
 981
 982	* krb5/set_sec_context_option.c: Implement GSS_KRB5_SEND_TO_KDC_X.
 983
 984	* mech/gss_krb5.c: Add gsskrb5_set_send_to_kdc
 985
 986	* gssapi/gssapi_krb5.h: Add GSS_KRB5_SEND_TO_KDC_X and
 987	gsskrb5_set_send_to_kdc
 988
 989	* krb5/external.c: add GSS_KRB5_SEND_TO_KDC_X
 990
 991	* Makefile.am: more files
 992	
 9932006-10-19  Love Hörnquist Åstrand  <lha@it.su.se>
 994	
 995	* Makefile.am: remove spnego/gssapi_spnego.h, its now in gssapi/
 996
 997	* test_context.c: Allow specifing mech.
 998
 999	* krb5/external.c: add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
1000
1001	* gssapi/gssapi.h: Rename GSS_DIGEST_MECHANISM to
1002	GSS_SASL_DIGEST_MD5_MECHANISM
1003	
10042006-10-18  Love Hörnquist Åstrand  <lha@it.su.se>
1005	
1006	* mech/gssapi.asn1: Make it into a heim_any_set, its doesn't
1007	except a tag.
1008
1009	* mech/gssapi.asn1: GSSAPIContextToken is IMPLICIT SEQUENCE
1010
1011	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
1012
1013	* krb5/external.c: Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
1014
1015	* gssapi/gssapi_krb5.h: add GSS_KRB5_GET_INITIATOR_SUBKEY_X and
1016	GSS_KRB5_GET_SUBKEY_X
1017
1018	* krb5/external.c: add GSS_KRB5_GET_INITIATOR_SUBKEY_X,
1019	GSS_KRB5_GET_SUBKEY_X
1020	
10212006-10-17  Love Hörnquist Åstrand  <lha@it.su.se>
1022	
1023	* test_context.c: Support switching on name type oid's
1024
1025	* test_context.c: add test for dns canon flag
1026
1027	* mech/gss_krb5.c: Add gsskrb5_set_dns_canonlize.
1028
1029	* gssapi/gssapi_krb5.h: remove gss_krb5_compat_des3_mic
1030
1031	* gssapi/gssapi_krb5.h: Add gsskrb5_set_dns_canonlize.
1032
1033	* krb5/set_sec_context_option.c: implement
1034	GSS_KRB5_SET_DNS_CANONIZE_X
1035
1036	* gssapi/gssapi_krb5.h: add GSS_KRB5_SET_DNS_CANONIZE_X
1037
1038	* krb5/external.c: add GSS_KRB5_SET_DNS_CANONIZE_X
1039
1040	* mech/gss_krb5.c: add bits to make lucid context work
1041	
10422006-10-14  Love Hörnquist Åstrand  <lha@it.su.se>
1043	
1044	* mech/gss_oid_to_str.c: Prefix der primitives with der_.
1045
1046	* krb5/inquire_sec_context_by_oid.c: Prefix der primitives with
1047	der_.
1048
1049	* krb5/encapsulate.c: Prefix der primitives with der_.
1050
1051	* mech/gss_oid_to_str.c: New der_print_heim_oid signature.
1052	
10532006-10-12  Love Hörnquist Åstrand  <lha@it.su.se>
1054
1055	* Makefile.am: add test_context
1056
1057	* krb5/inquire_sec_context_by_oid.c: Make it work.
1058
1059	* test_oid.c: Test lucid oid.
1060
1061	* gssapi/gssapi.h: Add OM_uint64_t.
1062
1063	* krb5/inquire_sec_context_by_oid.c: Add lucid interface.
1064
1065	* krb5/external.c: Add lucid interface, renumber oids to my
1066	delegated space.
1067
1068	* mech/gss_krb5.c: Add lucid interface.
1069
1070	* gssapi/gssapi_krb5.h: Add lucid interface.
1071
1072	* spnego/spnego_locl.h: Maybe include <netdb.h>.
1073	
10742006-10-09  Love Hörnquist Åstrand  <lha@it.su.se>
1075	
1076	* mech/gss_mech_switch.c: define RTLD_LOCAL to 0 if not defined.
1077	
10782006-10-08  Love Hörnquist Åstrand  <lha@it.su.se>
1079
1080	* Makefile.am: install gssapi_krb5.H and gssapi_spnego.h
1081
1082	* gssapi/gssapi_krb5.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
1083
1084	* gssapi/gssapi.h: Move krb5 stuff to <gssapi/gssapi_krb5.h>.
1085
1086	* Makefile.am: Drop some -I no longer needed.
1087
1088	* gssapi/gssapi_spnego.h: Move gssapi_spengo.h over here.
1089
1090	* krb5: reference all include files using 'krb5/'
1091
10922006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
1093
1094	* gssapi.h: Add file inclusion protection.
1095
1096	* gssapi/gssapi.h: Correct header file inclusion protection.
1097
1098	* gssapi/gssapi.h: Move the gssapi.h from lib/gssapi/ to
1099	lib/gssapi/gssapi/ to please automake.
1100	
1101	* spnego/spnego_locl.h: Maybe include <sys/types.h>.
1102
1103	* mech/mech_locl.h: Include <roken.h>.
1104
1105	* Makefile.am: split build files into dist_ and noinst_ SOURCES
1106	
11072006-10-06  Love Hörnquist Åstrand  <lha@it.su.se>
1108
1109	* gss.c: #if 0 out unused code.
1110
1111	* mech/gss_mech_switch.c: Cast argument to ctype(3) functions
1112	to (unsigned char).
1113	
11142006-10-05  Love Hörnquist Åstrand  <lha@it.su.se>
1115
1116	* mech/name.h: remove <sys/queue.h>
1117
1118	* mech/mech_switch.h: remove <sys/queue.h>
1119	
1120	* mech/cred.h: remove <sys/queue.h>
1121
11222006-10-02  Love Hörnquist Åstrand  <lha@it.su.se>
1123
1124	* krb5/arcfour.c: Thinker more with header lengths.
1125
1126	* krb5/arcfour.c: Improve the calcucation of header
1127	lengths. DCE-STYLE data is also padded so remove if (1 || ...)
1128	code.
1129
1130	* krb5/wrap.c (_gsskrb5_wrap_size_limit): use
1131	_gssapi_wrap_size_arcfour for arcfour
1132
1133	* krb5/arcfour.c: Move _gssapi_wrap_size_arcfour here.
1134
1135	* Makefile.am: Split all mech to diffrent mechsrc variables.
1136
1137	* spnego/context_stubs.c: Make internal function static (and
1138	rename).
1139	
11402006-10-01  Love Hörnquist Åstrand  <lha@it.su.se>
1141
1142	* krb5/inquire_cred.c: Fix "if (x) lock(y)" bug. From Harald
1143	Barth.
1144
1145	* spnego/spnego_locl.h: Include <sys/param.h> for MAXHOSTNAMELEN.
1146	
11472006-09-25  Love Hörnquist Åstrand  <lha@it.su.se>
1148
1149	* krb5/arcfour.c: Add wrap support, interrop with itself but not
1150	w2k3s-sp1
1151
1152	* krb5/gsskrb5_locl.h: move the arcfour specific stuff to the
1153	arcfour header.
1154
1155	* krb5/arcfour.c: Support DCE-style unwrap, tested with
1156	w2k3server-sp1.
1157
1158	* mech/gss_accept_sec_context.c (gss_accept_sec_context): if the
1159	token doesn't start with [APPLICATION 0] SEQUENCE, lets assume its
1160	a DCE-style kerberos 5 connection. XXX this needs to be made
1161	better in cause we get another GSS-API protocol violating
1162	protocol. It should be possible to detach the Kerberos DCE-style
1163	since it starts with a AP-REQ PDU, but that have to wait for now.
1164	
11652006-09-22  Love Hörnquist Åstrand  <lha@it.su.se>
1166
1167	* gssapi.h: Add GSS_C flags from
1168	draft-brezak-win2k-krb-rc4-hmac-04.txt.
1169
1170	* krb5/delete_sec_context.c: Free service_keyblock and fwd_data,
1171	indent.
1172
1173	* krb5/accept_sec_context.c: Merge of the acceptor part from the
1174	samba patch by Stefan Metzmacher and Andrew Bartlet.
1175
1176	* krb5/init_sec_context.c: Add GSS_C_DCE_STYLE.
1177
1178	* krb5/{init_sec_context.c,gsskrb5_locl.h}: merge most of the
1179	initiator part from the samba patch by Stefan Metzmacher and
1180	Andrew Bartlet (still missing DCE/RPC support)
1181
11822006-08-28  Love Hörnquist Åstrand  <lha@it.su.se>
1183
1184	* gss.c (help): use sl_slc_help().
1185	
11862006-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
1187
1188	* gss-commands.in: rename command to supported-mechanisms
1189
1190	* Makefile.am: Make gss objects depend on the slc built
1191	gss-commands.h
1192	
11932006-07-20  Love Hörnquist Åstrand  <lha@it.su.se>
1194	
1195	* gss-commands.in: add slc commands for gss
1196
1197	* krb5/gsskrb5_locl.h: Remove dup prototype of _gsskrb5_init()
1198
1199	* Makefile.am: Add test_cfx
1200
1201	* krb5/external.c: add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
1202
1203	* krb5/set_sec_context_option.c: catch
1204	GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
1205
1206	* krb5/accept_sec_context.c: reimplement
1207	gsskrb5_register_acceptor_identity
1208
1209	* mech/gss_krb5.c: implement gsskrb5_register_acceptor_identity
1210
1211	* mech/gss_inquire_mechs_for_name.c: call _gss_load_mech
1212
1213	* mech/gss_inquire_cred.c (gss_inquire_cred): call _gss_load_mech
1214
1215	* mech/gss_mech_switch.c: Make _gss_load_mech() atomic and run
1216	only once, this have the side effect that _gss_mechs and
1217	_gss_mech_oids is only initialized once, so if just the users of
1218	these two global variables calls _gss_load_mech() first, it will
1219	act as a barrier and make sure the variables are never changed and
1220	we don't need to lock them.
1221
1222	* mech/utils.h: no need to mark functions extern.
1223
1224	* mech/name.h: no need to mark _gss_find_mn extern.
1225	
12262006-07-19  Love Hörnquist Åstrand <lha@it.su.se>
1227	
1228	* krb5/cfx.c: Redo the wrap length calculations.
1229
1230	* krb5/test_cfx.c: test max_wrap_size in cfx.c
1231
1232	* mech/gss_display_status.c: Handle more error codes.
1233	
12342006-07-07  Love Hörnquist Åstrand  <lha@it.su.se>
1235
1236	* mech/mech_locl.h: Include <krb5-types.h> and "mechqueue.h"
1237
1238	* mech/mechqueue.h: Add SLIST macros.
1239
1240	* krb5/inquire_context.c: Don't free return values on success.
1241
1242	* krb5/inquire_cred.c (_gsskrb5_inquire_cred): When cred provided
1243	is the default cred, acquire the acceptor cred and initator cred
1244	in two diffrent steps and then query them for the information,
1245	this way, the code wont fail if there are no keytab, but there is
1246	a credential cache.
1247
1248	* mech/gss_inquire_cred.c: move the check if we found any cred
1249	where it matter for both cases
1250	(default cred and provided cred)
1251
1252	* mech/gss_init_sec_context.c: If the desired mechanism can't
1253	convert the name to a MN, fail with GSS_S_BAD_NAME rather then a
1254	NULL de-reference.
1255	
12562006-07-06  Love Hörnquist Åstrand  <lha@it.su.se>
1257
1258	* spnego/external.c: readd gss_spnego_inquire_names_for_mech
1259
1260	* spnego/spnego_locl.h: reimplement
1261	gss_spnego_inquire_names_for_mech add support function
1262	_gss_spnego_supported_mechs
1263
1264	* spnego/context_stubs.h: reimplement
1265	gss_spnego_inquire_names_for_mech add support function
1266	_gss_spnego_supported_mechs
1267
1268	* spnego/context_stubs.c: drop gss_spnego_indicate_mechs
1269	
1270	* mech/gss_indicate_mechs.c: if the underlaying mech doesn't
1271	support gss_indicate_mechs, use the oid in the mechswitch
1272	structure
1273
1274	* spnego/external.c: let the mech glue layer implement
1275	gss_indicate_mechs
1276
1277	* spnego/cred_stubs.c (gss_spnego_acquire_cred): don't care about
1278	desired_mechs, get our own list with indicate_mechs and remove
1279	ourself.
1280	
12812006-07-05 Love Hörnquist Åstrand <lha@it.su.se>
1282
1283	* spnego/external.c: remove gss_spnego_inquire_names_for_mech, let
1284	the mechglue layer implement it
1285	
1286	* spnego/context_stubs.c: remove gss_spnego_inquire_names_for_mech, let
1287	the mechglue layer implement it
1288
1289	* spnego/spnego_locl.c: remove gss_spnego_inquire_names_for_mech, let
1290	the mechglue layer implement it
1291
12922006-07-01  Love Hörnquist Åstrand  <lha@it.su.se>
1293	
1294	* mech/gss_set_cred_option.c: fix argument to gss_release_cred
1295	
12962006-06-30  Love Hörnquist Åstrand  <lha@it.su.se>
1297
1298	* krb5/init_sec_context.c: Make work on compilers that are
1299	somewhat more picky then gcc4 (like gcc2.95)
1300
1301	* krb5/init_sec_context.c (do_delegation): use KDCOptions2int to
1302	convert fwd_flags to an integer, since otherwise int2KDCOptions in
1303	krb5_get_forwarded_creds wont do the right thing.
1304
1305	* mech/gss_set_cred_option.c (gss_set_cred_option): free memory on
1306	failure
1307
1308	* krb5/set_sec_context_option.c (_gsskrb5_set_sec_context_option):
1309	init global kerberos context
1310
1311	* krb5/set_cred_option.c (_gsskrb5_set_cred_option): init global
1312	kerberos context
1313
1314	* mech/gss_accept_sec_context.c: Insert the delegated sub cred on
1315	the delegated cred handle, not cred handle
1316
1317	* mech/gss_accept_sec_context.c (gss_accept_sec_context): handle
1318	the case where ret_flags == NULL
1319
1320	* mech/gss_mech_switch.c (add_builtin): set
1321	_gss_mech_switch->gm_mech_oid
1322
1323	* mech/gss_set_cred_option.c (gss_set_cred_option): laod mechs
1324
1325	* test_cred.c (gss_print_errors): don't try to print error when
1326	gss_display_status failed
1327
1328	* Makefile.am: Add mech/gss_release_oid.c
1329	
1330	* mech/gss_release_oid.c: Add gss_release_oid, reverse of
1331	gss_duplicate_oid
1332
1333	* spnego/compat.c: preferred_mech_type was allocated with
1334	gss_duplicate_oid in one place and assigned static varianbles a
1335	the second place. change that static assignement to
1336	gss_duplicate_oid and bring back gss_release_oid.
1337
1338	* spnego/compat.c (_gss_spnego_delete_sec_context): don't release
1339	preferred_mech_type and negotiated_mech_type, they where never
1340	allocated from the begining.
1341	
13422006-06-29  Love Hörnquist Åstrand  <lha@it.su.se>
1343
1344	* mech/gss_import_name.c (gss_import_name): avoid
1345	type-punned/strict aliasing rules
1346
1347	* mech/gss_add_cred.c: avoid type-punned/strict aliasing rules
1348
1349	* gssapi.h: Make gss_name_t an opaque type.
1350	
1351	* krb5: make gss_name_t an opaque type
1352
1353	* krb5/set_cred_option.c: Add
1354
1355	* mech/gss_set_cred_option.c (gss_set_cred_option): support the
1356	case where *cred_handle == NULL
1357
1358	* mech/gss_krb5.c (gss_krb5_import_cred): make sure cred is
1359	GSS_C_NO_CREDENTIAL on failure.
1360
1361	* mech/gss_acquire_cred.c (gss_acquire_cred): if desired_mechs is
1362	NO_OID_SET, there is a need to load the mechs, so always do that.
1363	
13642006-06-28  Love Hörnquist Åstrand  <lha@it.su.se>
1365	
1366	* krb5/inquire_cred_by_oid.c: Reimplement GSS_KRB5_COPY_CCACHE_X
1367	to instead pass a fullname to the credential, then resolve and
1368	copy out the content, and then close the cred.
1369
1370	* mech/gss_krb5.c: Reimplement GSS_KRB5_COPY_CCACHE_X to instead
1371	pass a fullname to the credential, then resolve and copy out the
1372	content, and then close the cred.
1373	
1374	* krb5/inquire_cred_by_oid.c: make "work", GSS_KRB5_COPY_CCACHE_X
1375	interface needs to be re-done, currently its utterly broken.
1376
1377	* mech/gss_set_cred_option.c: Make work.
1378
1379	* krb5/external.c: Add _gsskrb5_set_{sec_context,cred}_option
1380
1381	* mech/gss_krb5.c (gss_krb5_import_cred): implement
1382
1383	* Makefile.am: Add gss_set_{sec_context,cred}_option and sort
1384	
1385	* mech/gss_set_{sec_context,cred}_option.c: add
1386
1387	* gssapi.h: Add GSS_KRB5_IMPORT_CRED_X
1388
1389	* test_*.c: make compile again
1390
1391	* Makefile.am: Add lib dependencies and test programs
1392
1393	* spnego: remove dependency on libkrb5
1394
1395	* mech: Bug fixes, cleanup, compiler warnings, restructure code.
1396
1397	* spnego: Rename gss_context_id_t and gss_cred_id_t to local names
1398
1399	* krb5: repro copy the krb5 files here
1400
1401	* mech: import Doug Rabson mechglue from freebsd
1402	
1403	* spnego: Import Luke Howard's SPNEGO from the mechglue branch
1404
14052006-06-22  Love Hörnquist Åstrand  <lha@it.su.se>
1406
1407	* gssapi.h: Add oid_to_str.
1408
1409	* Makefile.am: add oid_to_str and test_oid
1410	
1411	* oid_to_str.c: Add gss_oid_to_str
1412
1413	* test_oid.c: Add test for gss_oid_to_str()
1414	
14152006-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
1416
1417	* verify_mic.c: Less pointer signedness warnings.
1418
1419	* unwrap.c: Less pointer signedness warnings.
1420
1421	* arcfour.c: Less pointer signedness warnings.
1422
1423	* gssapi_locl.h: Use const void * to instead of unsigned char * to
1424	avoid pointer signedness warnings.
1425
1426	* encapsulate.c: Use const void * to instead of unsigned char * to
1427	avoid pointer signedness warnings.
1428
1429	* decapsulate.c: Use const void * to instead of unsigned char * to
1430	avoid pointer signedness warnings.
1431
1432	* decapsulate.c: Less pointer signedness warnings.
1433
1434	* cfx.c: Less pointer signedness warnings.
1435
1436	* init_sec_context.c: Less pointer signedness warnings (partly by
1437	using the new asn.1 CHOICE decoder)
1438
1439	* import_sec_context.c: Less pointer signedness warnings.
1440
14412006-05-09  Love Hörnquist Åstrand  <lha@it.su.se>
1442
1443	* accept_sec_context.c (gsskrb5_is_cfx): always set is_cfx. From
1444	Andrew Abartlet.
1445	
14462006-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
1447
1448	* get_mic.c (mic_des3): make sure message_buffer doesn't point to
1449	free()ed memory on failure. Pointed out by IBM checker.
1450	
14512006-05-05  Love Hörnquist Åstrand  <lha@it.su.se>
1452
1453	* Rename u_intXX_t to uintXX_t
1454	
14552006-05-04 Love Hörnquist Åstrand <lha@it.su.se>
1456
1457	* cfx.c: Less pointer signedness warnings.
1458
1459	* arcfour.c: Avoid pointer signedness warnings.
1460
1461	* gssapi_locl.h (gssapi_decode_*): make data argument const void *
1462	
1463	* 8003.c (gssapi_decode_*): make data argument const void *
1464	
14652006-04-12  Love Hörnquist Åstrand  <lha@it.su.se>
1466	
1467	* export_sec_context.c: Export sequence order element. From Wynn
1468	Wilkes <wynn.wilkes@quest.com>.
1469
1470	* import_sec_context.c: Import sequence order element. From Wynn
1471	Wilkes <wynn.wilkes@quest.com>.
1472
1473	* sequence.c (_gssapi_msg_order_import,_gssapi_msg_order_export):
1474	New functions, used by {import,export}_sec_context.  From Wynn
1475	Wilkes <wynn.wilkes@quest.com>.
1476
1477	* test_sequence.c: Add test for import/export sequence.
1478	
14792006-04-09  Love Hörnquist Åstrand  <lha@it.su.se>
1480	
1481	* add_cred.c: Check that cred != GSS_C_NO_CREDENTIAL, this is a
1482	standard conformance failure, but much better then a crash.
1483	
14842006-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
1485	
1486	* get_mic.c (get_mic*)_: make sure message_token is cleaned on
1487	error, found by IBM checker.
1488
1489	* wrap.c (wrap*): Reset output_buffer on error, found by IBM
1490	checker.
1491	
14922006-02-15  Love Hörnquist Åstrand  <lha@it.su.se>
1493	
1494	* import_name.c: Accept both GSS_C_NT_HOSTBASED_SERVICE and
1495	GSS_C_NT_HOSTBASED_SERVICE_X as nametype for hostbased names.
1496	
14972006-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
1498	
1499	* delete_sec_context.c (gss_delete_sec_context): if the context
1500	handle is GSS_C_NO_CONTEXT, don't fall over.
1501
15022005-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
1503
1504	* gss_acquire_cred.3: Replace gss_krb5_import_ccache with
1505	gss_krb5_import_cred and add more references
1506	
15072005-12-05  Love Hörnquist Åstrand  <lha@it.su.se>
1508
1509	* gssapi.h: Change gss_krb5_import_ccache to gss_krb5_import_cred,
1510	it can handle keytabs too.
1511
1512	* add_cred.c (gss_add_cred): avoid deadlock
1513
1514	* context_time.c (gssapi_lifetime_left): define the 0 lifetime as
1515	GSS_C_INDEFINITE.
1516	
15172005-12-01  Love Hörnquist Åstrand  <lha@it.su.se>
1518
1519	* acquire_cred.c (acquire_acceptor_cred): only check if principal
1520	exists if we got called with principal as an argument.
1521
1522	* acquire_cred.c (acquire_acceptor_cred): check that the acceptor
1523	exists in the keytab before returning ok.
1524	
15252005-11-29  Love Hörnquist Åstrand  <lha@it.su.se>
1526	
1527	* copy_ccache.c (gss_krb5_import_cred): fix buglet, from Andrew
1528	Bartlett.
1529	
15302005-11-25  Love Hörnquist Åstrand  <lha@it.su.se>
1531
1532	* test_kcred.c: Rename gss_krb5_import_ccache to
1533	gss_krb5_import_cred.
1534	
1535	* copy_ccache.c: Rename gss_krb5_import_ccache to
1536	gss_krb5_import_cred and let it grow code to handle keytabs too.
1537	
15382005-11-02  Love Hörnquist Åstrand  <lha@it.su.se>
1539
1540	* init_sec_context.c: Change sematics of ok-as-delegate to match
1541	windows if
1542	[gssapi]realm/ok-as-delegate=true is set, otherwise keep old
1543	sematics.
1544	
1545	* release_cred.c (gss_release_cred): use
1546	GSS_CF_DESTROY_CRED_ON_RELEASE to decide if the cache should be
1547	krb5_cc_destroy-ed
1548	
1549	* acquire_cred.c (acquire_initiator_cred):
1550	GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
1551
1552	* accept_sec_context.c (gsskrb5_accept_delegated_token): rewrite
1553	to use gss_krb5_import_ccache
1554	
15552005-11-01  Love Hörnquist Åstrand  <lha@it.su.se>
1556
1557	* arcfour.c: Remove signedness warnings.
1558	
15592005-10-31  Love Hörnquist Åstrand  <lha@it.su.se>
1560
1561	* gss_acquire_cred.3: Document that gss_krb5_import_ccache is copy
1562	by reference.
1563
1564	* copy_ccache.c (gss_krb5_import_ccache): Instead of making a copy
1565	of the ccache, make a reference by getting the name and resolving
1566	the name. This way the cache is shared, this flipp side is of
1567	course that if someone calls krb5_cc_destroy the cache is lost for
1568	everyone.
1569	
1570	* test_kcred.c: Remove memory leaks.
1571	
15722005-10-26  Love Hörnquist Åstrand  <lha@it.su.se>
1573	
1574	* Makefile.am: build test_kcred
1575	
1576	* gss_acquire_cred.3: Document gss_krb5_import_ccache
1577
1578	* gssapi.3: Sort and add gss_krb5_import_ccache.
1579	
1580	* acquire_cred.c (_gssapi_krb5_ccache_lifetime): break out code
1581	used to extract lifetime from a credential cache
1582
1583	* gssapi_locl.h: Add _gssapi_krb5_ccache_lifetime, used to extract
1584	lifetime from a credential cache.
1585
1586	* gssapi.h: add gss_krb5_import_ccache, reverse of
1587	gss_krb5_copy_ccache
1588
1589	* copy_ccache.c: add gss_krb5_import_ccache, reverse of
1590	gss_krb5_copy_ccache
1591
1592	* test_kcred.c: test gss_krb5_import_ccache
1593	
15942005-10-21  Love Hörnquist Åstrand  <lha@it.su.se>
1595
1596	* acquire_cred.c (acquire_initiator_cred): use krb5_cc_cache_match
1597	to find a matching creditial cache, if that failes, fallback to
1598	the default cache.
1599	
16002005-10-12  Love Hörnquist Åstrand  <lha@it.su.se>
1601
1602	* gssapi_locl.h: Add gssapi_krb5_set_status and
1603	gssapi_krb5_clear_status
1604	
1605	* init_sec_context.c (spnego_reply): Don't pass back raw Kerberos
1606	errors, use GSS-API errors instead. From Michael B Allen.
1607
1608	* display_status.c: Add gssapi_krb5_clear_status,
1609	gssapi_krb5_set_status for handling error messages.
1610	
16112005-08-23  Love Hörnquist Åstrand  <lha@it.su.se>
1612
1613	* external.c: Use rk_UNCONST to avoid const warning.
1614	
1615	* display_status.c: Constify strings to avoid warnings.
1616	
16172005-08-11 Love Hörnquist Åstrand  <lha@it.su.se>
1618
1619	* init_sec_context.c: avoid warnings, update (c)
1620
16212005-07-13  Love Hörnquist Åstrand  <lha@it.su.se>
1622
1623	* init_sec_context.c (spnego_initial): use NegotiationToken
1624	encoder now that we have one with the new asn1. compiler.
1625	
1626	* Makefile.am: the new asn.1 compiler includes the modules name in
1627	the depend file
1628
16292005-06-16  Love Hörnquist Åstrand  <lha@it.su.se>
1630
1631	* decapsulate.c: use rk_UNCONST
1632
1633	* ccache_name.c: rename to avoid shadowing
1634
1635	* gssapi_locl.h: give kret in GSSAPI_KRB5_INIT a more unique name
1636	
1637	* process_context_token.c: use rk_UNCONST to unconstify
1638	
1639	* test_cred.c: rename optind to optidx
1640
16412005-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
1642
1643	* init_sec_context.c (init_auth): honor ok-as-delegate if local
1644	configuration approves
1645
1646	* gssapi_locl.h: prototype for _gss_check_compat
1647
1648	* compat.c: export check_compat as _gss_check_compat
1649
16502005-05-29  Love Hörnquist Åstrand  <lha@it.su.se>
1651
1652	* init_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
1653	problems with system headerfiles that pollute the name space.
1654
1655	* accept_sec_context.c: Prefix Der_class with ASN1_C_ to avoid
1656	problems with system headerfiles that pollute the name space.
1657
16582005-05-17  Love Hörnquist Åstrand  <lha@it.su.se>
1659
1660	* init_sec_context.c (init_auth): set
1661	KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java compatibility),
1662	also while here, use krb5_auth_con_addflags
1663
16642005-05-06  Love Hörnquist Åstrand  <lha@it.su.se>
1665
1666	* arcfour.c (_gssapi_wrap_arcfour): fix calculating the encap
1667	length. From: Tom Maher <tmaher@eecs.berkeley.edu>
1668
16692005-05-02  Dave Love  <fx@gnu.org>
1670
1671	* test_cred.c (main): Call setprogname.
1672
16732005-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
1674
1675	* prefix all sequence symbols with _, they are not part of the
1676	GSS-API api. By comment from Wynn Wilkes <wynnw@vintela.com>
1677
16782005-04-10  Love Hörnquist Åstrand  <lha@it.su.se>
1679
1680	* accept_sec_context.c: break out the processing of the delegated
1681	credential to a separate function to make error handling easier,
1682	move the credential handling to after other setup is done
1683	
1684	* test_sequence.c: make less verbose in case of success
1685
1686	* Makefile.am: add test_sequence to TESTS
1687
16882005-04-01  Love Hörnquist Åstrand  <lha@it.su.se>
1689
1690	* 8003.c (gssapi_krb5_verify_8003_checksum): check that cksum
1691	isn't NULL From: Nicolas Pouvesle <npouvesle@tenablesecurity.com>
1692
16932005-03-21  Love Hörnquist Åstrand  <lha@it.su.se>
1694
1695	* Makefile.am: use $(LIB_roken)
1696
16972005-03-16  Love Hörnquist Åstrand  <lha@it.su.se>
1698
1699	* display_status.c (gssapi_krb5_set_error_string): pass in the
1700	krb5_context to krb5_free_error_string
1701	
17022005-03-15  Love Hörnquist Åstrand  <lha@it.su.se>
1703
1704	* display_status.c (gssapi_krb5_set_error_string): don't misuse
1705	the krb5_get_error_string api
1706
17072005-03-01  Love Hörnquist Åstrand  <lha@it.su.se>
1708
1709	* compat.c (_gss_DES3_get_mic_compat): don't unlock mutex
1710	here. Bug reported by Stefan Metzmacher <metze@samba.org>
1711
17122005-02-21  Luke Howard  <lukeh@padl.com>
1713
1714	* init_sec_context.c: don't call krb5_get_credentials() with
1715	  KRB5_TC_MATCH_KEYTYPE, it can lead to the credentials cache
1716	  growing indefinitely as no key is found with KEYTYPE_NULL
1717
1718	* compat.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is
1719	  no longer used (however the mechListMIC behaviour is broken,
1720	  rfc2478bis support requires the code in the mechglue branch)
1721
1722	* init_sec_context.c: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
1723
1724	* gssapi.h: remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
1725
17262005-01-05  Luke Howard  <lukeh@padl.com>
1727
1728	* 8003.c: use symbolic name for checksum type
1729
1730	* accept_sec_context.c: allow client to indicate
1731	  that subkey should be used
1732
1733	* acquire_cred.c: plug leak
1734
1735	* get_mic.c: use gss_krb5_get_subkey() instead
1736	  of gss_krb5_get_{local,remote}key(), support
1737	  KEYTYPE_ARCFOUR_56
1738
1739	* gssapi_local.c: use gss_krb5_get_subkey(),
1740	  support KEYTYPE_ARCFOUR_56
1741
1742	* import_sec_context.c: plug leak
1743
1744	* unwrap.c: use gss_krb5_get_subkey(),
1745	  support KEYTYPE_ARCFOUR_56
1746
1747	* verify_mic.c: use gss_krb5_get_subkey(),
1748	  support KEYTYPE_ARCFOUR_56
1749
1750	* wrap.c: use gss_krb5_get_subkey(),
1751	  support KEYTYPE_ARCFOUR_56
1752
17532004-11-30  Love Hörnquist Åstrand  <lha@it.su.se>
1754
1755	* inquire_cred.c: Reverse order of HEIMDAL_MUTEX_unlock and
1756	gss_release_cred to avoid deadlock, from Luke Howard
1757	<lukeh@padl.com>.
1758
17592004-09-06  Love Hörnquist Åstrand  <lha@it.su.se>
1760
1761	* gss_acquire_cred.3: gss_krb5_extract_authz_data_from_sec_context
1762	was renamed to gsskrb5_extract_authz_data_from_sec_context
1763	
17642004-08-07  Love Hörnquist Åstrand  <lha@it.su.se>
1765
1766	* unwrap.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
1767	
1768	* arcfour.c: mutex buglet, From: Luke Howard <lukeh@PADL.COM>
1769	
17702004-05-06  Love Hörnquist Åstrand  <lha@it.su.se>
1771
1772	* gssapi.3: spelling from Josef El-Rayes <josef@FreeBSD.org> while
1773	here, write some text about the SPNEGO situation
1774	
17752004-04-08  Love Hörnquist Åstrand  <lha@it.su.se>
1776
1777	* cfx.c: s/CTXAcceptorSubkey/CFXAcceptorSubkey/
1778	
17792004-04-07  Love Hörnquist Åstrand  <lha@it.su.se>
1780
1781	* gssapi.h: add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG From: Luke
1782	Howard <lukeh@padl.com>
1783	
1784	* init_sec_context.c (spnego_reply): use
1785	_gss_spnego_require_mechlist_mic to figure out if we need to check
1786	MechListMIC; From: Luke Howard <lukeh@padl.com>
1787
1788	* accept_sec_context.c (send_accept): use
1789	_gss_spnego_require_mechlist_mic to figure out if we need to send
1790	MechListMIC; From: Luke Howard <lukeh@padl.com>
1791
1792	* gssapi_locl.h: add _gss_spnego_require_mechlist_mic
1793	From: Luke Howard <lukeh@padl.com>
1794
1795	* compat.c: add _gss_spnego_require_mechlist_mic for compatibility
1796	with MS SPNEGO, From: Luke Howard <lukeh@padl.com>
1797	
17982004-04-05  Love Hörnquist Åstrand  <lha@it.su.se>
1799
1800	* accept_sec_context.c (gsskrb5_is_cfx): krb5_keyblock->keytype is
1801	an enctype, not keytype
1802
1803	* accept_sec_context.c: use ASN1_MALLOC_ENCODE
1804	
1805	* init_sec_context.c: avoid the malloc loop and just allocate the
1806	propper amount of data
1807
1808	* init_sec_context.c (spnego_initial): handle mech_token better
1809	
18102004-03-19  Love Hörnquist Åstrand  <lha@it.su.se>
1811
1812	* gssapi.h: add gss_krb5_get_tkt_flags
1813	
1814	* Makefile.am: add ticket_flags.c
1815	
1816	* ticket_flags.c: Get ticket-flags from acceptor ticket From: Luke
1817	Howard <lukeh@PADL.COM>
1818	
1819	* gss_acquire_cred.3: document gss_krb5_get_tkt_flags
1820	
18212004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
1822
1823	* acquire_cred.c (gss_acquire_cred): check usage before even
1824	bothering to process it, add both keytab and initial tgt if
1825	requested
1826
1827	* wrap.c: support cfx, try to handle acceptor asserted subkey
1828	
1829	* unwrap.c: support cfx, try to handle acceptor asserted subkey
1830	
1831	* verify_mic.c: support cfx
1832	
1833	* get_mic.c: support cfx
1834	
1835	* test_sequence.c: handle changed signature of
1836	gssapi_msg_order_create
1837
1838	* import_sec_context.c: handle acceptor asserted subkey
1839	
1840	* init_sec_context.c: handle acceptor asserted subkey
1841	
1842	* accept_sec_context.c: handle acceptor asserted subkey
1843	
1844	* sequence.c: add dummy use_64 argument to gssapi_msg_order_create
1845	
1846	* gssapi_locl.h: add partial support for CFX
1847	
1848	* Makefile.am (noinst_PROGRAMS) += test_cred
1849	
1850	* test_cred.c: gssapi credential testing
1851
1852	* test_acquire_cred.c: fix comment
1853	
18542004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>
1855
1856	* arcfour.h: drop structures for message formats, no longer used
1857	
1858	* arcfour.c: comment describing message formats
1859
1860	* accept_sec_context.c (spnego_accept_sec_context): make sure the
1861	length of the choice element doesn't overrun us
1862	
1863	* init_sec_context.c (spnego_reply): make sure the length of the
1864	choice element doesn't overrun us
1865	
1866	* spnego.asn1: move NegotiationToken to avoid warning
1867	
1868	* spnego.asn1: uncomment NegotiationToken
1869	
1870	* Makefile.am: spnego_files += asn1_NegotiationToken.x
1871	
18722004-01-25  Love Hörnquist Åstrand  <lha@it.su.se>
1873
1874	* gssapi.h: add gss_krb5_ccache_name
1875	
1876	* Makefile.am (libgssapi_la_SOURCES): += ccache_name.c
1877	
1878	* ccache_name.c (gss_krb5_ccache_name): help function enable to
1879	set krb5 name, using out_name argument makes function no longer
1880	thread-safe
1881
1882	* gssapi.3: add missing gss_krb5_ references
1883	
1884	* gss_acquire_cred.3: document gss_krb5_ccache_name
1885	
18862003-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
1887
1888	* cfx.c: make rrc a modulus operation if its longer then the
1889	length of the message, noticed by Sam Hartman
1890
18912003-12-07  Love Hörnquist Åstrand  <lha@it.su.se>
1892
1893	* accept_sec_context.c: use krb5_auth_con_addflags
1894	
18952003-12-05  Love Hörnquist Åstrand  <lha@it.su.se>
1896
1897	* cfx.c: Wrap token id was in wrong order, found by Sam Hartman
1898	
18992003-12-04  Love Hörnquist Åstrand  <lha@it.su.se>
1900
1901	* cfx.c: add AcceptorSubkey (but no code understand it yet) ignore
1902	unknown token flags
1903	
19042003-11-22  Love Hörnquist Åstrand  <lha@it.su.se>
1905
1906	* accept_sec_context.c: Don't require timestamp to be set on
1907	delegated token, its already protected by the outer token (and
1908	windows doesn't alway send it) Pointed out by Zi-Bin Yang
1909	<zbyang@decru.com> on heimdal-discuss
1910
19112003-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
1912
1913	* cfx.c: fix {} error, pointed out by Liqiang Zhu
1914	
19152003-11-10  Love Hörnquist Åstrand  <lha@it.su.se>
1916
1917	* cfx.c: Sequence number should be stored in bigendian order From:
1918	Luke Howard <lukeh@padl.com>
1919	
19202003-11-09  Love Hörnquist Åstrand  <lha@it.su.se>
1921
1922	* delete_sec_context.c (gss_delete_sec_context): don't free
1923	ticket, krb5_free_ticket does that now
1924
19252003-11-06  Love Hörnquist Åstrand  <lha@it.su.se>
1926
1927	* cfx.c: checksum the header last in MIC token, update to -03
1928	From: Luke Howard <lukeh@padl.com>
1929	
19302003-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
1931
1932	* add_cred.c: If its a MEMORY cc, make a copy. We need to do this
1933	since now gss_release_cred will destroy the cred. This should be
1934	really be solved a better way.
1935
1936	* acquire_cred.c (gss_release_cred): if its a mcc, destroy it
1937	rather the just release it Found by: "Zi-Bin Yang"
1938	<zbyang@decru.com>
1939
1940	* acquire_cred.c (acquire_initiator_cred): use kret instead of ret
1941	where appropriate
1942
19432003-09-30  Love Hörnquist Åstrand  <lha@it.su.se>
1944
1945	* gss_acquire_cred.3: spelling
1946	From: jmc <jmc@prioris.mini.pw.edu.pl>
1947	
19482003-09-23  Love Hörnquist Åstrand  <lha@it.su.se>
1949
1950	* cfx.c: - EC and RRC are big-endian, not little-endian - The
1951	default is now to rotate regardless of GSS_C_DCE_STYLE. There are
1952	no longer any references to GSS_C_DCE_STYLE.  - rrc_rotate()
1953	avoids allocating memory on the heap if rrc <= 256
1954	From: Luke Howard <lukeh@padl.com>
1955	
19562003-09-22  Love Hörnquist Åstrand  <lha@it.su.se>
1957
1958	* cfx.[ch]: rrc_rotate() was untested and broken, fix it.
1959	Set and verify wrap Token->Filler.
1960	Correct token ID for wrap tokens, 
1961	were accidentally swapped with delete tokens.
1962	From: Luke Howard <lukeh@PADL.COM>
1963
19642003-09-21  Love Hörnquist Åstrand  <lha@it.su.se>
1965
1966	* cfx.[ch]: no ASN.1-ish header on per-message tokens
1967	From: Luke Howard <lukeh@PADL.COM>
1968	
19692003-09-19  Love Hörnquist Åstrand  <lha@it.su.se>
1970
1971	* arcfour.h: remove depenency on gss_arcfour_mic_token and
1972	gss_arcfour_warp_token
1973
1974	* arcfour.c: remove depenency on gss_arcfour_mic_token and
1975	gss_arcfour_warp_token
1976
19772003-09-18  Love Hörnquist Åstrand  <lha@it.su.se>
1978
1979	* 8003.c: remove #if 0'ed code
1980	
19812003-09-17  Love Hörnquist Åstrand  <lha@it.su.se>
1982
1983	* accept_sec_context.c (gsskrb5_accept_sec_context): set sequence
1984	number when not requesting mutual auth From: Luke Howard
1985	<lukeh@PADL.COM>
1986
1987	* init_sec_context.c (init_auth): set sequence number when not
1988	requesting mutual auth From: Luke Howard <lukeh@PADL.COM>
1989	
19902003-09-16  Love Hörnquist Åstrand  <lha@it.su.se>
1991
1992	* arcfour.c (*): set minor_status
1993	(gss_wrap): set conf_state to conf_req_flags on success
1994	From: Luke Howard <lukeh@PADL.COM>
1995	
1996	* wrap.c (gss_wrap_size_limit): use existing function From: Luke
1997	Howard <lukeh@PADL.COM>
1998	
19992003-09-12  Love Hörnquist Åstrand  <lha@it.su.se>
2000
2001	* indicate_mechs.c (gss_indicate_mechs): in case of error, free
2002	mech_set
2003
2004	* indicate_mechs.c (gss_indicate_mechs): add SPNEGO
2005
20062003-09-10  Love Hörnquist Åstrand  <lha@it.su.se>
2007
2008	* init_sec_context.c (spnego_initial): catch errors and return
2009	them
2010
2011	* init_sec_context.c (spnego_initial): add #if 0 out version of
2012	the CHOICE branch encoding, also where here, free no longer used
2013	memory
2014
20152003-09-09  Love Hörnquist Åstrand  <lha@it.su.se>
2016
2017	* gss_acquire_cred.3: support GSS_SPNEGO_MECHANISM
2018	
2019	* accept_sec_context.c: SPNEGO doesn't include gss wrapping on
2020	SubsequentContextToken like the Kerberos 5 mech does.
2021	
2022	* init_sec_context.c (spnego_reply): SPNEGO doesn't include gss
2023	wrapping on SubsequentContextToken like the Kerberos 5 mech
2024	does. Lets check for it anyway.
2025	
2026	* accept_sec_context.c: Add support for SPNEGO on the initator
2027	side.  Implementation initially from Assar Westerlund, passes
2028	though quite a lot of hands before I commited it.
2029	
2030	* init_sec_context.c: Add support for SPNEGO on the initator side.
2031	Tested with ldap server on a Windows 2000 DC. Implementation
2032	initially from Assar Westerlund, passes though quite a lot of
2033	hands before I commited it.
2034	
2035	* gssapi.h: export GSS_SPNEGO_MECHANISM
2036	
2037	* gssapi_locl.h: include spnego_as.h add prototype for
2038	gssapi_krb5_get_mech
2039	
2040	* decapsulate.c (gssapi_krb5_get_mech): make non static
2041	
2042	* Makefile.am: build SPNEGO file
2043	
20442003-09-08  Love Hörnquist Åstrand  <lha@it.su.se>
2045
2046	* external.c: SPENGO and IAKERB oids
2047	
2048	* spnego.asn1: SPENGO ASN1
2049	
20502003-09-05  Love Hörnquist Åstrand  <lha@it.su.se>
2051
2052	* cfx.c: RRC also need to be zero before wraping them
2053	From: Luke Howard <lukeh@PADL.COM>
2054	
20552003-09-04  Love Hörnquist Åstrand  <lha@it.su.se>
2056
2057	* encapsulate.c (gssapi_krb5_encap_length): don't return void
2058	
20592003-09-03  Love Hörnquist Åstrand  <lha@it.su.se>
2060
2061	* verify_mic.c: switch from the des_ to the DES_ api
2062	
2063	* get_mic.c: switch from the des_ to the DES_ api
2064	
2065	* unwrap.c: switch from the des_ to the DES_ api
2066	
2067	* wrap.c: switch from the des_ to the DES_ api
2068	
2069	* cfx.c: EC is not included in the checksum since the length might
2070	change depending on the data.  From: Luke Howard <lukeh@PADL.COM>
2071	
2072	* acquire_cred.c: use
2073	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
2074
20752003-09-01  Love Hörnquist Åstrand  <lha@it.su.se>
2076
2077	* copy_ccache.c: rename
2078	gss_krb5_extract_authz_data_from_sec_context to
2079	gsskrb5_extract_authz_data_from_sec_context
2080
2081	* gssapi.h: rename gss_krb5_extract_authz_data_from_sec_context to
2082	gsskrb5_extract_authz_data_from_sec_context
2083	
20842003-08-31  Love Hörnquist Åstrand  <lha@it.su.se>
2085
2086	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
2087	check that we have a ticket before we start to use it
2088	
2089	* gss_acquire_cred.3: document
2090	gss_krb5_extract_authz_data_from_sec_context
2091	
2092	* gssapi.h (gss_krb5_extract_authz_data_from_sec_context):
2093	return the kerberos authorizationdata, from idea of Luke Howard
2094
2095	* copy_ccache.c (gss_krb5_extract_authz_data_from_sec_context):
2096	return the kerberos authorizationdata, from idea of Luke Howard
2097	
2098	* verify_mic.c (gss_verify_mic_internal): switch type and key
2099	argument
2100
21012003-08-30  Love Hörnquist Åstrand  <lha@it.su.se>
2102
2103	* cfx.[ch]: draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
2104	From: Luke Howard <lukeh@PADL.COM>
2105	
21062003-08-28  Love Hörnquist Åstrand  <lha@it.su.se>
2107
2108	* arcfour.c (arcfour_mic_cksum): use free_Checksum to free the
2109	checksum
2110
2111	* arcfour.h: swap two last arguments to verify_mic for consistency
2112	with des3
2113
2114	* wrap.c,unwrap.c,get_mic.c,verify_mic.c,cfx.c,cfx.h:
2115	prefix cfx symbols with _gssapi_
2116
2117	* arcfour.c: release the right buffer
2118	
2119	* arcfour.c: rename token structure in consistency with rest of
2120	GSS-API From: Luke Howard <lukeh@PADL.COM>
2121	
2122	* unwrap.c (unwrap_des3): use _gssapi_verify_pad
2123	(unwrap_des): use _gssapi_verify_pad
2124
2125	* arcfour.c (_gssapi_wrap_arcfour): set the correct padding
2126	(_gssapi_unwrap_arcfour): verify and strip padding
2127
2128	* gssapi_locl.h: added _gssapi_verify_pad
2129	
2130	* decapsulate.c (_gssapi_verify_pad): verify padding of a gss
2131	wrapped message and return its length
2132	
2133	* arcfour.c: support KEYTYPE_ARCFOUR_56 keys, from Luke Howard
2134	<lukeh@PADL.COM>
2135	
2136	* arcfour.c: use right seal alg, inherit keytype from parent key
2137	
2138	* arcfour.c: include the confounder in the checksum use the right
2139	key usage number for warped/unwraped tokens
2140	
2141	* gssapi.h: add gss_krb5_nt_general_name as an mit compat glue
2142	(same as GSS_KRB5_NT_PRINCIPAL_NAME)
2143
2144	* unwrap.c: hook in arcfour unwrap
2145	
2146	* wrap.c: hook in arcfour wrap
2147	
2148	* verify_mic.c: hook in arcfour verify_mic
2149	
2150	* get_mic.c: hook in arcfour get_mic
2151	
2152	* arcfour.c: implement wrap/unwarp
2153	
2154	* gssapi_locl.h: add gssapi_{en,de}code_be_om_uint32
2155	
2156	* 8003.c: add gssapi_{en,de}code_be_om_uint32
2157	
21582003-08-27  Love Hörnquist Åstrand  <lha@it.su.se>
2159
2160	* arcfour.c (_gssapi_verify_mic_arcfour): Do the checksum on right
2161	area. Swap filler check, it was reversed.
2162	
2163	* Makefile.am (libgssapi_la_SOURCES): += arcfour.c
2164	
2165	* gssapi_locl.h: include "arcfour.h"
2166	
2167	* arcfour.c: arcfour gss-api mech, get_mic/verify_mic working
2168
2169	* arcfour.h: arcfour gss-api mech, get_mic/verify_mic working
2170	
21712003-08-26  Love Hörnquist Åstrand  <lha@it.su.se>
2172
2173	* gssapi_locl.h: always include cfx.h add prototype for
2174	_gssapi_decapsulate
2175
2176	* cfx.[ch]: Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt
2177	from Luke Howard <lukeh@PADL.COM>
2178
2179	* decapsulate.c: add _gssapi_decapsulate, from Luke Howard
2180	<lukeh@PADL.COM>
2181	
21822003-08-25  Love Hörnquist Åstrand  <lha@it.su.se>
2183
2184	* unwrap.c: encap/decap now takes a oid if the enctype/keytype is
2185	arcfour, return error add hook for cfx
2186	
2187	* verify_mic.c: encap/decap now takes a oid if the enctype/keytype
2188	is arcfour, return error add hook for cfx
2189	
2190	* get_mic.c: encap/decap now takes a oid if the enctype/keytype is
2191	arcfour, return error add hook for cfx
2192	
2193	* accept_sec_context.c: encap/decap now takes a oid
2194	
2195	* init_sec_context.c: encap/decap now takes a oid
2196	
2197	* gssapi_locl.h: include cfx.h if we need it lifetime is a
2198	OM_uint32, depend on gssapi interface add all new encap/decap
2199	functions
2200	
2201	* decapsulate.c: add decap functions that doesn't take the token
2202	type also make all decap function take the oid mech that they
2203	should use
2204
2205	* encapsulate.c: add encap functions that doesn't take the token
2206	type also make all encap function take the oid mech that they
2207	should use
2208
2209	* sequence.c (elem_insert): fix a off by one index counter
2210	
2211	* inquire_cred.c (gss_inquire_cred): handle cred_handle being
2212	GSS_C_NO_CREDENTIAL and use the default cred then.
2213	
22142003-08-19  Love Hörnquist Åstrand  <lha@it.su.se>
2215
2216	* gss_acquire_cred.3: break out extensions and document
2217	gsskrb5_register_acceptor_identity
2218
22192003-08-18  Love Hörnquist Åstrand  <lha@it.su.se>
2220
2221	* test_acquire_cred.c (print_time): time is returned in seconds
2222	from now, not unix time
2223
22242003-08-17  Love Hörnquist Åstrand  <lha@it.su.se>
2225	
2226	* compat.c (check_compat): avoid leaking principal when finding a
2227	match
2228
2229	* address_to_krb5addr.c: sa_size argument to krb5_addr2sockaddr is
2230	a krb5_socklen_t
2231
2232	* acquire_cred.c (gss_acquire_cred): 4th argument to
2233	gss_test_oid_set_member is a int
2234
22352003-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
2236
2237	* init_sec_context.c (repl_mutual): don't set kerberos error where
2238	there was no kerberos error
2239
2240	* gssapi_locl.h: Add destruction/creation prototypes and structure
2241	for the thread specific storage.
2242
2243	* display_status.c: use thread specific storage to set/get the
2244	kerberos error message
2245
2246	* init.c: Provide locking around the creation of the global
2247	krb5_context. Add destruction/creation functions for the thread
2248	specific storage that the error string handling is using.
2249	
22502003-07-20  Love Hörnquist Åstrand  <lha@it.su.se>
2251
2252	* gss_acquire_cred.3: add missing prototype and missing .Ft
2253	arguments
2254
22552003-06-17  Love Hörnquist Åstrand  <lha@it.su.se>
2256
2257	* verify_mic.c: reorder code so sequence numbers can can be used
2258	
2259	* unwrap.c: reorder code so sequence numbers can can be used
2260	
2261	* sequence.c: remove unused function, indent, add
2262	gssapi_msg_order_f that filter gss flags to gss_msg_order flags
2263	
2264	* gssapi_locl.h: prototypes for
2265	gssapi_{encode_om_uint32,decode_om_uint32} add sequence number
2266	verifier prototypes
2267
2268	* delete_sec_context.c: destroy sequence number verifier
2269	
2270	* init_sec_context.c: remember to free data use sequence number
2271	verifier
2272	
2273	* accept_sec_context.c: don't clear output_token twice remember to
2274	free data use sequence number verifier
2275	
2276	* 8003.c: export and rename encode_om_uint32/decode_om_uint32 and
2277	start to use them
2278
22792003-06-09  Johan Danielsson  <joda@pdc.kth.se>
2280
2281	* Makefile.am: can't have sequence.c in two different places
2282
22832003-06-06  Love Hörnquist Åstrand  <lha@it.su.se>
2284
2285	* test_sequence.c: check rollover, print summery
2286	
2287	* wrap.c (sub_wrap_size): gss_wrap_size_limit() has
2288	req_output_size and max_input_size around the wrong way -- it
2289	returns the output token size for a given input size, rather than
2290	the maximum input size for a given output token size.
2291	
2292	From: Luke Howard <lukeh@PADL.COM>
2293	
22942003-06-05  Love Hörnquist Åstrand  <lha@it.su.se>
2295
2296	* gssapi_locl.h: add prototypes for sequence.c
2297	
2298	* Makefile.am (libgssapi_la_SOURCES): add sequence.c
2299	(test_sequence): build
2300
2301	* sequence.c: sequence number checks, order and replay
2302	* test_sequence.c: sequence number checks, order and replay
2303
23042003-06-03  Love Hörnquist Åstrand  <lha@it.su.se>
2305
2306	* accept_sec_context.c (gss_accept_sec_context): make sure time is
2307	returned in seconds from now, not in kerberos time
2308	
2309	* acquire_cred.c (gss_aquire_cred): make sure time is returned in
2310	seconds from now, not in kerberos time
2311	
2312	* init_sec_context.c (init_auth): if the cred is expired before we
2313	tries to create a token, fail so the peer doesn't need reject us
2314	(*): make sure time is returned in seconds from now, 
2315	not in kerberos time
2316	(repl_mutual): remember to unlock the context mutex
2317
2318	* context_time.c (gss_context_time): remove unused variable
2319	
2320	* verify_mic.c: make sure minor_status is always set, pointed out
2321	by Luke Howard <lukeh@PADL.COM>
2322
23232003-05-21  Love Hörnquist Åstrand  <lha@it.su.se>
2324
2325	* *.[ch]: do some basic locking (no reference counting so contexts 
2326	  can be removed while still used)
2327	- don't export gss_ctx_id_t_desc_struct and gss_cred_id_t_desc_struct
2328	- make sure all lifetime are returned in seconds left until expired,
2329	  not in unix epoch
2330
2331	* gss_acquire_cred.3: document argument lifetime_rec to function
2332	gss_inquire_context
2333
23342003-05-17  Love Hörnquist Åstrand  <lha@it.su.se>
2335
2336	* test_acquire_cred.c: test gss_add_cred more then once
2337	
23382003-05-06  Love Hörnquist Åstrand  <lha@it.su.se>
2339
2340	* gssapi.h: if __cplusplus, wrap the extern variable (just to be
2341	safe) and functions in extern "C" { }
2342	
23432003-04-30  Love Hörnquist Åstrand  <lha@it.su.se>
2344
2345	* gssapi.3: more about the des3 mic mess
2346	
2347	* verify_mic.c (verify_mic_des3): always check if the mic is the
2348	correct mic or the mic that old heimdal would have generated
2349	
23502003-04-28  Jacques Vidrine  <nectar@kth.se>
2351
2352	* verify_mic.c (verify_mic_des3): If MIC verification fails,
2353	retry using the `old' MIC computation (with zero IV).
2354
23552003-04-26  Love Hörnquist Åstrand  <lha@it.su.se>
2356
2357	* gss_acquire_cred.3: more about difference between comparing IN
2358	and MN
2359
2360	* gss_acquire_cred.3: more about name type and access control
2361	
23622003-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
2363
2364	* gss_acquire_cred.3: document gss_context_time
2365	
2366	* context_time.c: if lifetime of context have expired, set
2367	time_rec to 0 and return GSS_S_CONTEXT_EXPIRED
2368	
2369	* gssapi.3: document [gssapi]correct_des3_mic
2370	[gssapi]broken_des3_mic
2371
2372	* gss_acquire_cred.3: document gss_krb5_compat_des3_mic
2373	
2374	* compat.c (gss_krb5_compat_des3_mic): enable turning on/off des3
2375	mic compat
2376	(_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too
2377
2378	* gssapi.h (gss_krb5_compat_des3_mic): new function, turn on/off
2379	des3 mic compat
2380	(GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if
2381	gss_krb5_compat_des3_mic exists
2382	
23832003-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
2384
2385	* Makefile.am:  (libgssapi_la_LDFLAGS): update major
2386	version of gssapi for incompatiblity in 3des getmic support
2387	
23882003-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
2389
2390	* Makefile.am: test_acquire_cred_LDADD: use libgssapi.la not
2391	./libgssapi.la (make make -jN work)
2392
23932003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>
2394
2395	* gssapi.3: spelling
2396	
2397	* gss_acquire_cred.3: Change .Fd #include <header.h> to .In
2398	header.h, from Thomas Klausner <wiz@netbsd.org>
2399
2400	
24012003-04-06  Love Hörnquist Åstrand  <lha@it.su.se>
2402
2403	* gss_acquire_cred.3: spelling
2404	
2405	* Makefile.am: remove stuff that sneaked in with last commit
2406	
2407	* acquire_cred.c (acquire_initiator_cred): if the requested name
2408	isn't in the ccache, also check keytab.  Extact the krbtgt for the
2409	default realm to check how long the credentials will last.
2410	
2411	* add_cred.c (gss_add_cred): don't create a new ccache, just open
2412	the old one; better check if output handle is compatible with new
2413	(copied) handle
2414
2415	* test_acquire_cred.c: test gss_add_cred too
2416	
24172003-04-03  Love Hörnquist Åstrand  <lha@it.su.se>
2418
2419	* Makefile.am: build test_acquire_cred
2420	
2421	* test_acquire_cred.c: simple gss_acquire_cred test
2422	
24232003-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
2424
2425	* gss_acquire_cred.3: s/gssapi/GSS-API/
2426	
24272003-03-19  Love Hörnquist Åstrand  <lha@it.su.se>
2428
2429	* gss_acquire_cred.3: document v1 interface (and that they are
2430	obsolete)
2431
24322003-03-18  Love Hörnquist Åstrand  <lha@it.su.se>
2433
2434	* gss_acquire_cred.3: list supported mechanism and nametypes
2435	
24362003-03-16  Love Hörnquist Åstrand  <lha@it.su.se>
2437	
2438	* gss_acquire_cred.3: text about gss_display_name
2439
2440	* Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2
2441	(libgssapi_la_SOURCES): add all new functions
2442
2443	* gssapi.3: now that we have a functions, uncomment the missing
2444	ones
2445
2446	* gss_acquire_cred.3: now that we have a functions, uncomment the
2447	missing ones
2448
2449	* process_context_token.c: implement gss_process_context_token
2450	
2451	* inquire_names_for_mech.c: implement gss_inquire_names_for_mech
2452	
2453	* inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name
2454	
2455	* inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech
2456	
2457	* add_cred.c: implement gss_add_cred
2458	
2459	* acquire_cred.c (gss_acquire_cred): more testing of input
2460	argument, make sure output arguments are ok, since we don't know
2461	the time_rec (for now), set it to time_req
2462	
2463	* export_sec_context.c: send lifetime, also set minor_status
2464	
2465	* get_mic.c: set minor_status
2466	
2467	* import_sec_context.c (gss_import_sec_context): add error
2468	checking, pick up lifetime (if there is no lifetime, use
2469	GSS_C_INDEFINITE)
2470
2471	* init_sec_context.c: take care to set export value to something
2472	sane before we start so caller will have harmless values in them
2473	if then function fails
2474
2475	* release_buffer.c (gss_release_buffer): set minor_status
2476	
2477	* wrap.c: make sure minor_status get set
2478	
2479	* verify_mic.c (gss_verify_mic_internal): rename verify_mic to
2480	gss_verify_mic_internal and let it take the type as an argument,
2481	(gss_verify_mic): call gss_verify_mic_internal
2482	set minor_status
2483	
2484	* unwrap.c: set minor_status
2485	
2486	* test_oid_set_member.c (gss_test_oid_set_member): use
2487	gss_oid_equal
2488
2489	* release_oid_set.c (gss_release_oid_set): set minor_status
2490	
2491	* release_name.c (gss_release_name): set minor_status
2492	
2493	* release_cred.c (gss_release_cred): set minor_status
2494	
2495	* add_oid_set_member.c (gss_add_oid_set_member): set minor_status
2496	
2497	* compare_name.c (gss_compare_name): set minor_status
2498	
2499	* compat.c (check_compat): make sure ret have a defined value
2500	
2501	* context_time.c (gss_context_time): set minor_status
2502	
2503	* copy_ccache.c (gss_krb5_copy_ccache): set minor_status
2504	
2505	* create_emtpy_oid_set.c (gss_create_empty_oid_set): set
2506	minor_status
2507
2508	* delete_sec_context.c (gss_delete_sec_context): set minor_status
2509	
2510	* display_name.c (gss_display_name): set minor_status
2511	
2512	* display_status.c (gss_display_status): use gss_oid_equal, handle
2513	supplementary errors
2514
2515	* duplicate_name.c (gss_duplicate_name): set minor_status
2516	
2517	* inquire_context.c (gss_inquire_context): set lifetime_rec now
2518	when we know it, set minor_status
2519
2520	* inquire_cred.c (gss_inquire_cred): take care to set export value
2521	to something sane before we start so caller will have harmless
2522	values in them if the function fails
2523	
2524	* accept_sec_context.c (gss_accept_sec_context): take care to set
2525	export value to something sane before we start so caller will have
2526	harmless values in them if then function fails, set lifetime from
2527	ticket expiration date
2528
2529	* indicate_mechs.c (gss_indicate_mechs): use
2530	gss_create_empty_oid_set and gss_add_oid_set_member
2531
2532	* gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred,
2533	since there is no ticket transfered in the exported context
2534	
2535	* export_name.c (gss_export_name): export name with
2536	GSS_C_NT_EXPORT_NAME wrapping, not just the principal
2537	
2538	* import_name.c (import_export_name): new function, parses a
2539	GSS_C_NT_EXPORT_NAME
2540	(import_krb5_name): factor out common code of parsing krb5 name
2541	(gss_oid_equal): rename from oid_equal
2542
2543	* gssapi_locl.h: add prototypes for gss_oid_equal and
2544	gss_verify_mic_internal
2545
2546	* gssapi.h: comment out the argument names
2547	
25482003-03-15  Love Hörnquist Åstrand  <lha@it.su.se>
2549
2550	* gssapi.3: add LIST OF FUNCTIONS and copyright/license
2551
2552	* Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/
2553	
2554	* Makefile.am: man_MANS += gss_aquire_cred.3
2555	
25562003-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
2557
2558	* gss_aquire_cred.3: the gssapi api manpage
2559	
25602003-03-03  Love Hörnquist Åstrand  <lha@it.su.se>
2561
2562	* inquire_context.c: (gss_inquire_context): rename argument open
2563	to open_context
2564
2565	* gssapi.h (gss_inquire_context): rename argument open to open_context
2566
25672003-02-27  Love Hörnquist Åstrand  <lha@it.su.se>
2568
2569	* init_sec_context.c (do_delegation): remove unused variable
2570	subkey
2571
2572	* gssapi.3: all 0.5.x version had broken token delegation
2573	
25742003-02-21  Love Hörnquist Åstrand  <lha@it.su.se>
2575
2576	* (init_auth): only generate one subkey
2577
25782003-01-27  Love Hörnquist Åstrand  <lha@it.su.se>
2579
2580	* verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform
2581	to rfc (and mit kerberos), provide backward compat hook
2582	
2583	* get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and
2584	mit kerberos), provide backward compat hook
2585	
2586	* init_sec_context.c (init_auth): check if we need compat for
2587	older get_mic/verify_mic
2588
2589	* gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat
2590	
2591	* gssapi.h (more_flags): add COMPAT_OLD_DES3
2592	
2593	* Makefile.am: add gssapi.3 and compat.c
2594	
2595	* gssapi.3: add gssapi COMPATIBILITY documentation
2596	
2597	* accept_sec_context.c (gss_accept_sec_context): check if we need
2598	compat for older get_mic/verify_mic
2599
2600	* compat.c: check for compatiblity with other heimdal's 3des
2601	get_mic/verify_mic
2602
26032002-10-31  Johan Danielsson  <joda@pdc.kth.se>
2604
2605	* check return value from gssapi_krb5_init
2606	
2607	* 8003.c (gssapi_krb5_verify_8003_checksum): check size of input
2608
26092002-09-03  Johan Danielsson  <joda@pdc.kth.se>
2610
2611	* wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE
2612
2613	* unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE
2614
26152002-09-02  Johan Danielsson  <joda@pdc.kth.se>
2616
2617	* init_sec_context.c: we need to generate a local subkey here
2618
26192002-08-20  Jacques Vidrine <n@nectar.com>
2620
2621	* acquire_cred.c, inquire_cred.c, release_cred.c: Use default
2622	  credential resolution if gss_acquire_cred is called with
2623	  GSS_C_NO_NAME.
2624
26252002-06-20  Jacques Vidrine <n@nectar.com>
2626
2627	* import_name.c: Compare name types by value if pointers do
2628	  not match.  Reported by: "Douglas E. Engert" <deengert@anl.gov>
2629
26302002-05-20  Jacques Vidrine <n@nectar.com>
2631
2632	* verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize
2633	  the qop_state parameter.  from Doug Rabson <dfr@nlsystems.com>
2634
26352002-05-09  Jacques Vidrine <n@nectar.com>
2636
2637	* acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH
2638
26392002-05-08  Jacques Vidrine <n@nectar.com>
2640
2641	* acquire_cred.c: initialize gssapi; handle null desired_name
2642
26432002-03-22  Johan Danielsson  <joda@pdc.kth.se>
2644
2645	* Makefile.am: remove non-functional stuff accidentally committed
2646
26472002-03-11  Assar Westerlund  <assar@sics.se>
2648
2649	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2
2650	* 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel
2651	bindings
2652
26532001-10-31  Jacques Vidrine <n@nectar.com>
2654
2655	* get_mic.c (mic_des3): MIC computation using DES3/SHA1
2656	was bogusly appending the message buffer to the result,
2657	overwriting a heap buffer in the process.
2658
26592001-08-29  Assar Westerlund  <assar@sics.se>
2660
2661	* 8003.c (gssapi_krb5_verify_8003_checksum,
2662	gssapi_krb5_create_8003_checksum): make more consistent by always
2663	returning an gssapi error and setting minor status.  update
2664	callers
2665
26662001-08-28  Jacques Vidrine  <n@nectar.com>
2667
2668	* accept_sec_context.c: Create a cache for delegated credentials
2669	  when needed.
2670
26712001-08-28  Assar Westerlund  <assar@sics.se>
2672
2673	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2
2674
26752001-08-23  Assar Westerlund  <assar@sics.se>
2676
2677	*  *.c: handle minor_status more consistently
2678
2679	* display_status.c (gss_display_status): handle krb5_get_err_text
2680	failing
2681
26822001-08-15  Johan Danielsson  <joda@pdc.kth.se>
2683
2684	* gssapi_locl.h: fix prototype for gssapi_krb5_init
2685
26862001-08-13  Johan Danielsson  <joda@pdc.kth.se>
2687
2688	* accept_sec_context.c (gsskrb5_register_acceptor_identity): init
2689	context and check return value from kt_resolve
2690
2691	* init.c: return error code
2692
26932001-07-19  Assar Westerlund  <assar@sics.se>
2694
2695	* Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2
2696
26972001-07-12  Assar Westerlund  <assar@sics.se>
2698
2699	* Makefile.am (libgssapi_la_LIBADD): add required library
2700	dependencies
2701
27022001-07-06  Assar Westerlund  <assar@sics.se>
2703
2704	* accept_sec_context.c (gsskrb5_register_acceptor_identity): set
2705	the keytab to be used for gss_acquire_cred too'
2706
27072001-07-03  Assar Westerlund  <assar@sics.se>
2708
2709	* Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2
2710
27112001-06-18  Assar Westerlund  <assar@sics.se>
2712
2713	* wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
2714	and gss_krb5_get_remotekey
2715	* verify_mic.c: update krb5_auth_con function names use
2716	gss_krb5_get_remotekey
2717	* unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey
2718	and gss_krb5_get_remotekey
2719	* gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey):
2720	add prototypes
2721	* get_mic.c: update krb5_auth_con function names. use
2722	gss_krb5_get_localkey
2723	* accept_sec_context.c: update krb5_auth_con function names
2724
27252001-05-17  Assar Westerlund  <assar@sics.se>
2726
2727	* Makefile.am: bump version to 3:1:2
2728
27292001-05-14  Assar Westerlund  <assar@sics.se>
2730
2731	* address_to_krb5addr.c: adapt to new address functions
2732
27332001-05-11  Assar Westerlund  <assar@sics.se>
2734
2735	* try to return the error string from libkrb5 where applicable
2736
27372001-05-08  Assar Westerlund  <assar@sics.se>
2738
2739	* delete_sec_context.c (gss_delete_sec_context): remember to free
2740	the memory used by the ticket itself. from <tmartin@mirapoint.com>
2741
27422001-05-04  Assar Westerlund  <assar@sics.se>
2743
2744	* gssapi_locl.h: add config.h for completeness
2745	* gssapi.h: remove config.h, this is an installed header file
2746	sys/types.h is not needed either
2747	
27482001-03-12  Assar Westerlund  <assar@sics.se>
2749
2750	* acquire_cred.c (gss_acquire_cred): remove memory leaks.  from
2751	Jason R Thorpe <thorpej@zembu.com>
2752
27532001-02-18  Assar Westerlund  <assar@sics.se>
2754
2755	* accept_sec_context.c (gss_accept_sec_context): either return
2756	gss_name NULL-ed or set
2757
2758	* import_name.c: set minor_status in some cases where it was not
2759	done
2760
27612001-02-15  Assar Westerlund  <assar@sics.se>
2762
2763	* wrap.c: use krb5_generate_random_block for the confounders
2764
27652001-01-30  Assar Westerlund  <assar@sics.se>
2766
2767	* Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2
2768	* acquire_cred.c, init_sec_context.c, release_cred.c: add support
2769	for getting creds from a keytab, from fvdl@netbsd.org
2770
2771	* copy_ccache.c: add gss_krb5_copy_ccache
2772
27732001-01-27  Assar Westerlund  <assar@sics.se>
2774
2775	* get_mic.c: cast parameters to des function to non-const pointers
2776 	to handle the case where these functions actually take non-const
2777 	des_cblock *
2778
27792001-01-09  Assar Westerlund  <assar@sics.se>
2780
2781	* accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2
2782	instead of krb5_rd_cred
2783
27842000-12-11  Assar Westerlund  <assar@sics.se>
2785
2786	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1
2787
27882000-12-08  Assar Westerlund  <assar@sics.se>
2789
2790	* wrap.c (wrap_des3): use the checksum as ivec when encrypting the
2791	sequence number
2792	* unwrap.c (unwrap_des3): use the checksum as ivec when encrypting
2793	the sequence number
2794	* init_sec_context.c (init_auth): always zero fwd_data
2795
27962000-12-06  Johan Danielsson  <joda@pdc.kth.se>
2797
2798	* accept_sec_context.c: de-pointerise auth_context parameter to
2799	krb5_mk_rep
2800
28012000-11-15  Assar Westerlund  <assar@sics.se>
2802
2803	* init_sec_context.c (init_auth): update to new
2804	krb5_build_authenticator
2805
28062000-09-19  Assar Westerlund  <assar@sics.se>
2807
2808	* Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1
2809
28102000-08-27  Assar Westerlund  <assar@sics.se>
2811
2812	* init_sec_context.c: actually pay attention to `time_req'
2813	* init_sec_context.c: re-organize.  leak less memory.
2814	* gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey):
2815	update prototypes add assert.h
2816	* gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD):
2817	add
2818	* verify_mic.c: re-organize and add 3DES code
2819	* wrap.c: re-organize and add 3DES code
2820	* unwrap.c: re-organize and add 3DES code
2821	* get_mic.c: re-organize and add 3DES code
2822	* encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data',
2823	let the caller do that.  fix the callers.
2824
28252000-08-16  Assar Westerlund  <assar@sics.se>
2826
2827	* Makefile.am: bump version to 2:1:1
2828
28292000-07-29  Assar Westerlund  <assar@sics.se>
2830
2831	* decapsulate.c (gssapi_krb5_verify_header): sanity-check length
2832
28332000-07-25  Johan Danielsson  <joda@pdc.kth.se>
2834
2835	* Makefile.am: bump version to 2:0:1
2836
28372000-07-22  Assar Westerlund  <assar@sics.se>
2838
2839	* gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other
2840	details from rfc2744
2841
28422000-06-29  Assar Westerlund  <assar@sics.se>
2843
2844	* address_to_krb5addr.c (gss_address_to_krb5addr): actually use
2845	`int' instead of `sa_family_t' for the address family.
2846
28472000-06-21  Assar Westerlund  <assar@sics.se>
2848
2849	* add support for token delegation.  From Daniel Kouril
2850	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>
2851
28522000-05-15  Assar Westerlund  <assar@sics.se>
2853
2854	* Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1
2855
28562000-04-12  Assar Westerlund  <assar@sics.se>
2857
2858	* release_oid_set.c (gss_release_oid_set): clear set for
2859	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
2860	* release_name.c (gss_release_name): reset input_name for
2861	robustness.  From GOMBAS Gabor <gombasg@inf.elte.hu>
2862	* release_buffer.c (gss_release_buffer): set value to NULL to be
2863	more robust.  From GOMBAS Gabor <gombasg@inf.elte.hu>
2864	* add_oid_set_member.c (gss_add_oid_set_member): actually check if
2865	the oid is a member first.  leave the oid_set unchanged if realloc
2866	fails.
2867
28682000-02-13  Assar Westerlund  <assar@sics.se>
2869
2870	* Makefile.am: set version to 1:0:1
2871
28722000-02-12  Assar Westerlund  <assar@sics.se>
2873
2874	* gssapi_locl.h: add flags for import/export
2875	* import_sec_context.c (import_sec_context: add flags for what
2876	fields are included.  do not include the authenticator for now.
2877	* export_sec_context.c (export_sec_context: add flags for what
2878	fields are included.  do not include the authenticator for now.
2879	* accept_sec_context.c (gss_accept_sec_context): set target in
2880	context_handle
2881
28822000-02-11  Assar Westerlund  <assar@sics.se>
2883
2884	* delete_sec_context.c (gss_delete_sec_context): set context to
2885	GSS_C_NO_CONTEXT
2886
2887	* Makefile.am: add {export,import}_sec_context.c
2888	* export_sec_context.c: new file
2889	* import_sec_context.c: new file
2890	* accept_sec_context.c (gss_accept_sec_context): set trans flag
2891
28922000-02-07  Assar Westerlund  <assar@sics.se>
2893
2894	* Makefile.am: set version to 0:5:0
2895
28962000-01-26  Assar Westerlund  <assar@sics.se>
2897
2898	* delete_sec_context.c (gss_delete_sec_context): handle a NULL
2899	output_token
2900
2901	* wrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
2902	changes to libdes calls to make them more portable.
2903	* verify_mic.c: update to pseudo-standard APIs for md4,md5,sha.
2904	some changes to libdes calls to make them more portable.
2905	* unwrap.c: update to pseudo-standard APIs for md4,md5,sha.  some
2906	changes to libdes calls to make them more portable.
2907	* get_mic.c: update to pseudo-standard APIs for md4,md5,sha.  some
2908	changes to libdes calls to make them more portable.
2909	* 8003.c: update to pseudo-standard APIs for md4,md5,sha.
2910
29112000-01-06  Assar Westerlund  <assar@sics.se>
2912
2913	* Makefile.am: set version to 0:4:0
2914
29151999-12-26  Assar Westerlund  <assar@sics.se>
2916
2917	* accept_sec_context.c (gss_accept_sec_context): always set
2918 	`output_token'
2919	* init_sec_context.c (init_auth): always initialize `output_token'
2920	* delete_sec_context.c (gss_delete_sec_context): always set
2921 	`output_token'
2922
29231999-12-06  Assar Westerlund  <assar@sics.se>
2924
2925	* Makefile.am: bump version to 0:3:0
2926
29271999-10-20  Assar Westerlund  <assar@sics.se>
2928
2929	* Makefile.am: set version to 0:2:0
2930
29311999-09-21  Assar Westerlund  <assar@sics.se>
2932
2933	* init_sec_context.c (gss_init_sec_context): initialize `ticket'
2934
2935	* gssapi.h (gss_ctx_id_t_desc): add ticket in here.  ick.
2936
2937	* delete_sec_context.c (gss_delete_sec_context): free ticket
2938
2939	* accept_sec_context.c (gss_accept_sec_context): stove away
2940 	`krb5_ticket' in context so that ugly programs such as
2941 	gss_nt_server can get at it.  uck.
2942
29431999-09-20  Johan Danielsson  <joda@pdc.kth.se>
2944
2945	* accept_sec_context.c: set minor_status
2946
29471999-08-04  Assar Westerlund  <assar@sics.se>
2948
2949	* display_status.c (calling_error, routine_error): right shift the
2950 	code to make it possible to index into the arrays
2951
29521999-07-28  Assar Westerlund  <assar@sics.se>
2953
2954	* gssapi.h (GSS_C_AF_INET6): add
2955
2956	* import_name.c (import_hostbased_name): set minor_status
2957
29581999-07-26  Assar Westerlund  <assar@sics.se>
2959
2960	* Makefile.am: set version to 0:1:0
2961
2962Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@hella.pdc.kth.se>
2963
2964	* display_status.c: set minor_status
2965
2966	* init_sec_context.c: set minor_status
2967
2968	* lib/gssapi/init.c: remove donep (check gssapi_krb5_context
2969 	directly)
2970