2003-12-19 Love Hörnquist Åstrand * accept_sec_context.c: 1.40->1.41: Don't require timestamp to be set on delegated token, its already protected by the outer token (and windows doesn't alway send it) Pointed out by Zi-Bin Yang on heimdal-discuss 2003-10-21 Love Hörnquist Åstrand * add_cred.c: 1.3->1.4: If its a MEMORY cc, make a copy. We need to do this since now gss_release_cred will destroy the cred. This should be really be solved a better way. 2003-10-07 Love Hörnquist Åstrand * release_cred.c: 1.9->1.10: (gss_release_cred): if its a mcc, destroy it rather the just release it Found by: "Zi-Bin Yang" 2003-09-19 Love Hörnquist Åstrand * arcfour.c: 1.13->1.14: remove depenency on gss_arcfour_mic_token and gss_arcfour_warp_token * arcfour.h: 1.3->1.4: remove depenency on gss_arcfour_mic_token and gss_arcfour_warp_token * arcfour.c: make build * get_mic.c, verify_mic.c, unwrap.c, wrap.c: glue in arcfour support * gssapi_locl.h: 1.32->1.33: add _gssapi_verify_pad 2003-09-18 Love Hörnquist Åstrand * encapsulate.c: add _gssapi_make_mech_header * gssapi_locl.h: add "arcfour.h" and prototype for _gssapi_make_mech_header * gssapi_locl.h: add gssapi_{en,de}code_{be_,}om_uint32 * 8003.c: 1.12->1.13: export and rename encode_om_uint32/decode_om_uint32 and start to use them 2003-08-16 Love Hörnquist Åstrand * verify_mic.c: 1.21->1.22: make sure minor_status is always set, pointed out by Luke Howard 2003-08-15 Love Hörnquist Åstrand * context_time.c: 1.7->1.10: return time in seconds from now * gssapi_locl.h: add gssapi_lifetime_left * init_sec_context.c: part of 1.37->1.38: (init_auth): if the cred is expired before we tries to create a token, fail so the peer doesn't need reject us (*): make sure time is returned in seconds from now, not in kerberos time * acquire_cred.c: 1.14->1.15: (gss_aquire_cred): make sure time is returned in seconds from now, not in kerberos time * accept_sec_context.c: 1.34->1.35: (gss_accept_sec_context): make sure time is returned in seconds from now, not in kerberos time 2003-05-07 Love Hörnquist Åstrand * gssapi.h: 1.27->1.28: if __cplusplus, wrap the extern variable (just to be safe) and functions in extern "C" { } 2003-04-30 Love Hörnquist Åstrand * gssapi.3: more about the des3 mic mess * verify_mic.c 1.19->1.20 : (verify_mic_des3): always check if the mic is the correct mic or the mic that old heimdal would have generated 2003-04-29 Jacques Vidrine * verify_mic.c: 1.18->1.19: verify_mic_des3: If MIC verification fails, retry using the `old' MIC computation (with zero IV). 2003-04-28 Love Hörnquist Åstrand * compat.c (_gss_DES3_get_mic_compat): default to use compat * gssapi.3: 1.5->1.6: document [gssapi]correct_des3_mic and [gssapi]broken_des3_mic * compat.c: 1.2->1.4: (gss_krb5_compat_des3_mci): return a value (gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat (_gss_DES3_get_mic_compat): handle [gssapi]correct_des3_mic too * gssapi.h: 1.26->1.27: (gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat (GSS_C_KRB5_COMPAT_DES3_MIC): cpp symbol that exists if gss_krb5_compat_des3_mic exists 2003-04-23 Love Hörnquist Åstrand * Makefile.am: 1.44->1.45: test_acquire_cred_LDADD: use libgssapi.la not ./libgssapi.la (makes make -jN work) 2003-04-16 Love Hörnquist Åstrand * gssapi.3: spelling * gss_acquire_cred.3: Change .Fd #include to .In header.h, from Thomas Klausner 2003-04-06 Love Hörnquist Åstrand * gss_acquire_cred.3: spelling * Makefile.am: remove stuff that sneaked in with last commit * acquire_cred.c (acquire_initiator_cred): if the requested name isn't in the ccache, also check keytab. Extact the krbtgt for the default realm to check how long the credentials will last. * add_cred.c (gss_add_cred): don't create a new ccache, just open the old one; better check if output handle is compatible with new (copied) handle * test_acquire_cred.c: test gss_add_cred too 2003-04-03 Love Hörnquist Åstrand * Makefile.am: build test_acquire_cred * test_acquire_cred.c: simple gss_acquire_cred test 2003-04-02 Love Hörnquist Åstrand * gss_acquire_cred.3: s/gssapi/GSS-API/ 2003-03-19 Love Hörnquist Åstrand * gss_acquire_cred.3: document v1 interface (and that they are obsolete) 2003-03-18 Love Hörnquist Åstrand * gss_acquire_cred.3: list supported mechanism and nametypes 2003-03-16 Love Hörnquist Åstrand * gss_acquire_cred.3: text about gss_display_name * Makefile.am (libgssapi_la_LDFLAGS): bump to 3:6:2 (libgssapi_la_SOURCES): add all new functions * gssapi.3: now that we have a functions, uncomment the missing ones * gss_acquire_cred.3: now that we have a functions, uncomment the missing ones * process_context_token.c: implement gss_process_context_token * inquire_names_for_mech.c: implement gss_inquire_names_for_mech * inquire_mechs_for_name.c: implement gss_inquire_mechs_for_name * inquire_cred_by_mech.c: implement gss_inquire_cred_by_mech * add_cred.c: implement gss_add_cred * acquire_cred.c (gss_acquire_cred): more testing of input argument, make sure output arguments are ok, since we don't know the time_rec (for now), set it to time_req * export_sec_context.c: send lifetime, also set minor_status * get_mic.c: set minor_status * import_sec_context.c (gss_import_sec_context): add error checking, pick up lifetime (if there is no lifetime, use GSS_C_INDEFINITE) * init_sec_context.c: take care to set export value to something sane before we start so caller will have harmless values in them if then function fails * release_buffer.c (gss_release_buffer): set minor_status * wrap.c: make sure minor_status get set * verify_mic.c (gss_verify_mic_internal): rename verify_mic to gss_verify_mic_internal and let it take the type as an argument, (gss_verify_mic): call gss_verify_mic_internal set minor_status * unwrap.c: set minor_status * test_oid_set_member.c (gss_test_oid_set_member): use gss_oid_equal * release_oid_set.c (gss_release_oid_set): set minor_status * release_name.c (gss_release_name): set minor_status * release_cred.c (gss_release_cred): set minor_status * add_oid_set_member.c (gss_add_oid_set_member): set minor_status * compare_name.c (gss_compare_name): set minor_status * compat.c (check_compat): make sure ret have a defined value * context_time.c (gss_context_time): set minor_status * copy_ccache.c (gss_krb5_copy_ccache): set minor_status * create_emtpy_oid_set.c (gss_create_empty_oid_set): set minor_status * delete_sec_context.c (gss_delete_sec_context): set minor_status * display_name.c (gss_display_name): set minor_status * display_status.c (gss_display_status): use gss_oid_equal, handle supplementary errors * duplicate_name.c (gss_duplicate_name): set minor_status * inquire_context.c (gss_inquire_context): set lifetime_rec now when we know it, set minor_status * inquire_cred.c (gss_inquire_cred): take care to set export value to something sane before we start so caller will have harmless values in them if the function fails * accept_sec_context.c (gss_accept_sec_context): take care to set export value to something sane before we start so caller will have harmless values in them if then function fails, set lifetime from ticket expiration date * indicate_mechs.c (gss_indicate_mechs): use gss_create_empty_oid_set and gss_add_oid_set_member * gssapi.h (gss_ctx_id_t_desc): store the lifetime in the cred, since there is no ticket transfered in the exported context * export_name.c (gss_export_name): export name with GSS_C_NT_EXPORT_NAME wrapping, not just the principal * import_name.c (import_export_name): new function, parses a GSS_C_NT_EXPORT_NAME (import_krb5_name): factor out common code of parsing krb5 name (gss_oid_equal): rename from oid_equal * gssapi_locl.h: add prototypes for gss_oid_equal and gss_verify_mic_internal * gssapi.h: comment out the argument names 2003-03-15 Love Hörnquist Åstrand * gssapi.3: add LIST OF FUNCTIONS and copyright/license * Makefile.am: s/gss_aquire_cred.3/gss_acquire_cred.3/ * Makefile.am: man_MANS += gss_aquire_cred.3 2003-03-14 Love Hörnquist Åstrand * gss_aquire_cred.3: the gssapi api manpage 2003-03-03 Love Hörnquist Åstrand * inquire_context.c: (gss_inquire_context): rename argument open to open_context * gssapi.h (gss_inquire_context): rename argument open to open_context 2003-02-27 Love Hörnquist Åstrand * init_sec_context.c (do_delegation): remove unused variable subkey * gssapi.3: all 0.5.x version had broken token delegation 2003-02-21 Love Hörnquist Åstrand * (init_auth): only generate one subkey 2003-01-27 Love Hörnquist Åstrand * verify_mic.c (verify_mic_des3): fix 3des verify_mic to conform to rfc (and mit kerberos), provide backward compat hook * get_mic.c (mic_des3): fix 3des get_mic to conform to rfc (and mit kerberos), provide backward compat hook * init_sec_context.c (init_auth): check if we need compat for older get_mic/verify_mic * gssapi_locl.h: add prototype for _gss_DES3_get_mic_compat * gssapi.h (more_flags): add COMPAT_OLD_DES3 * Makefile.am: add gssapi.3 and compat.c * gssapi.3: add gssapi COMPATIBILITY documentation * accept_sec_context.c (gss_accept_sec_context): check if we need compat for older get_mic/verify_mic * compat.c: check for compatiblity with other heimdal's 3des get_mic/verify_mic 2002-10-31 Johan Danielsson * check return value from gssapi_krb5_init * 8003.c (gssapi_krb5_verify_8003_checksum): check size of input 2002-09-03 Johan Danielsson * wrap.c (wrap_des3): use ETYPE_DES3_CBC_NONE * unwrap.c (unwrap_des3): use ETYPE_DES3_CBC_NONE 2002-09-02 Johan Danielsson * init_sec_context.c: we need to generate a local subkey here 2002-08-20 Jacques Vidrine * acquire_cred.c, inquire_cred.c, release_cred.c: Use default credential resolution if gss_acquire_cred is called with GSS_C_NO_NAME. 2002-06-20 Jacques Vidrine * import_name.c: Compare name types by value if pointers do not match. Reported by: "Douglas E. Engert" 2002-05-20 Jacques Vidrine * verify_mic.c (gss_verify_mic), unwrap.c (gss_unwrap): initialize the qop_state parameter. from Doug Rabson 2002-05-09 Jacques Vidrine * acquire_cred.c: handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH 2002-05-08 Jacques Vidrine * acquire_cred.c: initialize gssapi; handle null desired_name 2002-03-22 Johan Danielsson * Makefile.am: remove non-functional stuff accidentally committed 2002-03-11 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:5:2 * 8003.c (gssapi_krb5_verify_8003_checksum): handle zero channel bindings 2001-10-31 Jacques Vidrine * get_mic.c (mic_des3): MIC computation using DES3/SHA1 was bogusly appending the message buffer to the result, overwriting a heap buffer in the process. 2001-08-29 Assar Westerlund * 8003.c (gssapi_krb5_verify_8003_checksum, gssapi_krb5_create_8003_checksum): make more consistent by always returning an gssapi error and setting minor status. update callers 2001-08-28 Jacques Vidrine * accept_sec_context.c: Create a cache for delegated credentials when needed. 2001-08-28 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:4:2 2001-08-23 Assar Westerlund * *.c: handle minor_status more consistently * display_status.c (gss_display_status): handle krb5_get_err_text failing 2001-08-15 Johan Danielsson * gssapi_locl.h: fix prototype for gssapi_krb5_init 2001-08-13 Johan Danielsson * accept_sec_context.c (gsskrb5_register_acceptor_identity): init context and check return value from kt_resolve * init.c: return error code 2001-07-19 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): update to 3:3:2 2001-07-12 Assar Westerlund * Makefile.am (libgssapi_la_LIBADD): add required library dependencies 2001-07-06 Assar Westerlund * accept_sec_context.c (gsskrb5_register_acceptor_identity): set the keytab to be used for gss_acquire_cred too' 2001-07-03 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): set version to 3:2:2 2001-06-18 Assar Westerlund * wrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey and gss_krb5_get_remotekey * verify_mic.c: update krb5_auth_con function names use gss_krb5_get_remotekey * unwrap.c: replace gss_krb5_getsomekey with gss_krb5_get_localkey and gss_krb5_get_remotekey * gssapi_locl.h (gss_krb5_get_remotekey, gss_krb5_get_localkey): add prototypes * get_mic.c: update krb5_auth_con function names. use gss_krb5_get_localkey * accept_sec_context.c: update krb5_auth_con function names 2001-05-17 Assar Westerlund * Makefile.am: bump version to 3:1:2 2001-05-14 Assar Westerlund * address_to_krb5addr.c: adapt to new address functions 2001-05-11 Assar Westerlund * try to return the error string from libkrb5 where applicable 2001-05-08 Assar Westerlund * delete_sec_context.c (gss_delete_sec_context): remember to free the memory used by the ticket itself. from 2001-05-04 Assar Westerlund * gssapi_locl.h: add config.h for completeness * gssapi.h: remove config.h, this is an installed header file sys/types.h is not needed either 2001-03-12 Assar Westerlund * acquire_cred.c (gss_acquire_cred): remove memory leaks. from Jason R Thorpe 2001-02-18 Assar Westerlund * accept_sec_context.c (gss_accept_sec_context): either return gss_name NULL-ed or set * import_name.c: set minor_status in some cases where it was not done 2001-02-15 Assar Westerlund * wrap.c: use krb5_generate_random_block for the confounders 2001-01-30 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): bump version to 3:0:2 * acquire_cred.c, init_sec_context.c, release_cred.c: add support for getting creds from a keytab, from fvdl@netbsd.org * copy_ccache.c: add gss_krb5_copy_ccache 2001-01-27 Assar Westerlund * get_mic.c: cast parameters to des function to non-const pointers to handle the case where these functions actually take non-const des_cblock * 2001-01-09 Assar Westerlund * accept_sec_context.c (gss_accept_sec_context): use krb5_rd_cred2 instead of krb5_rd_cred 2000-12-11 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:3:1 2000-12-08 Assar Westerlund * wrap.c (wrap_des3): use the checksum as ivec when encrypting the sequence number * unwrap.c (unwrap_des3): use the checksum as ivec when encrypting the sequence number * init_sec_context.c (init_auth): always zero fwd_data 2000-12-06 Johan Danielsson * accept_sec_context.c: de-pointerise auth_context parameter to krb5_mk_rep 2000-11-15 Assar Westerlund * init_sec_context.c (init_auth): update to new krb5_build_authenticator 2000-09-19 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): bump to 2:2:1 2000-08-27 Assar Westerlund * init_sec_context.c: actually pay attention to `time_req' * init_sec_context.c: re-organize. leak less memory. * gssapi_locl.h (gssapi_krb5_encapsulate, gss_krb5_getsomekey): update prototypes add assert.h * gssapi.h (GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): add * verify_mic.c: re-organize and add 3DES code * wrap.c: re-organize and add 3DES code * unwrap.c: re-organize and add 3DES code * get_mic.c: re-organize and add 3DES code * encapsulate.c (gssapi_krb5_encapsulate): do not free `in_data', let the caller do that. fix the callers. 2000-08-16 Assar Westerlund * Makefile.am: bump version to 2:1:1 2000-07-29 Assar Westerlund * decapsulate.c (gssapi_krb5_verify_header): sanity-check length 2000-07-25 Johan Danielsson * Makefile.am: bump version to 2:0:1 2000-07-22 Assar Westerlund * gssapi.h: update OID for GSS_C_NT_HOSTBASED_SERVICE and other details from rfc2744 2000-06-29 Assar Westerlund * address_to_krb5addr.c (gss_address_to_krb5addr): actually use `int' instead of `sa_family_t' for the address family. 2000-06-21 Assar Westerlund * add support for token delegation. From Daniel Kouril and Miroslav Ruda 2000-05-15 Assar Westerlund * Makefile.am (libgssapi_la_LDFLAGS): set version to 1:1:1 2000-04-12 Assar Westerlund * release_oid_set.c (gss_release_oid_set): clear set for robustness. From GOMBAS Gabor * release_name.c (gss_release_name): reset input_name for robustness. From GOMBAS Gabor * release_buffer.c (gss_release_buffer): set value to NULL to be more robust. From GOMBAS Gabor * add_oid_set_member.c (gss_add_oid_set_member): actually check if the oid is a member first. leave the oid_set unchanged if realloc fails. 2000-02-13 Assar Westerlund * Makefile.am: set version to 1:0:1 2000-02-12 Assar Westerlund * gssapi_locl.h: add flags for import/export * import_sec_context.c (import_sec_context: add flags for what fields are included. do not include the authenticator for now. * export_sec_context.c (export_sec_context: add flags for what fields are included. do not include the authenticator for now. * accept_sec_context.c (gss_accept_sec_context): set target in context_handle 2000-02-11 Assar Westerlund * delete_sec_context.c (gss_delete_sec_context): set context to GSS_C_NO_CONTEXT * Makefile.am: add {export,import}_sec_context.c * export_sec_context.c: new file * import_sec_context.c: new file * accept_sec_context.c (gss_accept_sec_context): set trans flag 2000-02-07 Assar Westerlund * Makefile.am: set version to 0:5:0 2000-01-26 Assar Westerlund * delete_sec_context.c (gss_delete_sec_context): handle a NULL output_token * wrap.c: update to pseudo-standard APIs for md4,md5,sha. some changes to libdes calls to make them more portable. * verify_mic.c: update to pseudo-standard APIs for md4,md5,sha. some changes to libdes calls to make them more portable. * unwrap.c: update to pseudo-standard APIs for md4,md5,sha. some changes to libdes calls to make them more portable. * get_mic.c: update to pseudo-standard APIs for md4,md5,sha. some changes to libdes calls to make them more portable. * 8003.c: update to pseudo-standard APIs for md4,md5,sha. 2000-01-06 Assar Westerlund * Makefile.am: set version to 0:4:0 1999-12-26 Assar Westerlund * accept_sec_context.c (gss_accept_sec_context): always set `output_token' * init_sec_context.c (init_auth): always initialize `output_token' * delete_sec_context.c (gss_delete_sec_context): always set `output_token' 1999-12-06 Assar Westerlund * Makefile.am: bump version to 0:3:0 1999-10-20 Assar Westerlund * Makefile.am: set version to 0:2:0 1999-09-21 Assar Westerlund * init_sec_context.c (gss_init_sec_context): initialize `ticket' * gssapi.h (gss_ctx_id_t_desc): add ticket in here. ick. * delete_sec_context.c (gss_delete_sec_context): free ticket * accept_sec_context.c (gss_accept_sec_context): stove away `krb5_ticket' in context so that ugly programs such as gss_nt_server can get at it. uck. 1999-09-20 Johan Danielsson * accept_sec_context.c: set minor_status 1999-08-04 Assar Westerlund * display_status.c (calling_error, routine_error): right shift the code to make it possible to index into the arrays 1999-07-28 Assar Westerlund * gssapi.h (GSS_C_AF_INET6): add * import_name.c (import_hostbased_name): set minor_status 1999-07-26 Assar Westerlund * Makefile.am: set version to 0:1:0 Wed Apr 7 14:05:15 1999 Johan Danielsson * display_status.c: set minor_status * init_sec_context.c: set minor_status * lib/gssapi/init.c: remove donep (check gssapi_krb5_context directly)