1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
|
Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o <tytso@mit.edu>
* ser_sctx.c (kg_oid_externalize, kg_oid_internalize,
kg_oid_size): Add a GSSAPI OID magic number to the
externalized OID, so that if the OID is skipped, (it is
optional), the serialization code can resyncronize if
necessary.
(kg_queue_internalize, kg_queue_externalize,
kg_queue_size): New functions to externalize the gssapi
queue.
(kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed
to include the mech_used field and to include the auth
context.
* gssapi_krb5.c (kg_get_context): Add calls to correctly
initialize the serializers needed by import and export sec
context.
* delete_sec_context.c (krb5_gss_delete_sec_context): Remember to
release the mech_used OID if necessary!
Wed Oct 16 17:53:17 1996 Marc Horowitz <marc@mit.edu>
* accept_sec_context.c (krb5_gss_accept_sec_context): return an
error if the ticket endtime is in the past. also, cleaned up
some error cleanup code.
Thu Oct 10 13:50:49 1996 Theodore Y. Ts'o <tytso@mit.edu>
* acquire_cred.c (krb5_gss_acquire_cred): Don't let the "timeleft"
returned by krb5_gss_acquire_cred be negative!
Wed Oct 9 18:02:43 1996 Theodore Y. Ts'o <tytso@mit.edu>
* gssapi_krb5.c: Definition of gss_nt_krb5_name was incorrect;
someone was being a bonehead.
Wed Aug 28 17:45:55 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* util_cksum.c (kg_checksum_channel_bindings): Fix stupid bug;
don't free buf before it's allocated!
Thu Aug 15 20:52:37 1996 Sam Hartman <hartmans@tertius.mit.edu>
* init_sec_context.c (make_ap_req): Require des-cbc-crc for now;
DES3 support is broken.
Fri Aug 2 13:40:16 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* acquire_cred.c (krb5_gss_acquire_cred): Add const to local
variable which is pointing to const data.
Fri Jul 26 16:58:31 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* Makefile.in (OBJS): Remove trailing backslash on a comment; it
was keeping HDRS from getting set.
Fri Jul 26 00:40:43 1996 Theodore Y. Ts'o <tytso@mit.edu>
* configure.in: Add AC_PROG_INSTALL, since it's needed for a "make
install"
Thu Jul 25 20:21:33 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* Makefile.in: remove trailing backslash from comment under SRCS
because it was causing line that set OBJS variable to
become part of a comment
Thu Jul 25 02:08:17 1996 Theodore Y. Ts'o <tytso@mit.edu>
* init_sec_context.c (krb5_gss_init_sec_context): Fixed error
checking so that if you pass a bad mechanism type, it
*will* get flagged as an error.
Wed Jul 24 22:54:37 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* acquire_cred.c (krb5_gss_acquire_cred): Initialize variable
before use if GSS_C_NULL_OID_SET.
Wed Jul 24 19:40:55 1996 Theodore Y. Ts'o <tytso@mit.edu>
* rel_oid.c (krb5_gss_release_oid):
* krb5_gss_glue.c(gss_release_oid): Re-enable function
* ser_sctx.c (kg_oid_externalize): Add proper return code
* accept_sec_context.c (krb5_gss_accept_sec_context):
* init_sec_context.c (krb5_gss_init_sec_context): Test (gss_flags &
XXXX) against 0 so that we pass a int value to
g_order_init. Needed since int is 16 bits for Win16 build.
Tue Jul 23 22:35:53 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in (all-windows): Fix broken Windows commands to copy
gssapi_krb5.h to include/gssapi.
* gssapiP_krb5.h: Must include k5-int.h on Windows and Macintosh
builds.
Thu Jul 18 19:48:48 1996 Marc Horowitz <marc@mit.edu>
* init_sec_context.c (krb5_gss_init_sec_context),
accept_sec_context.c (krb5_gss_accept_sec_context): ifdef'd out
reference to 3des.
Fri Jul 5 15:27:29 1996 Marc Horowitz <marc@mit.edu>
* gssapi_krb5.h: Add declarations for _old mech set, and _both
mech set
Thu Jun 20 23:15:57 1996 Marc Horowitz <marc@mit.edu>
* ser_sctx.c (kg_oid_size, kg_ctx_size): pull the oid-related code
out of kg_ctx_size into kg_oid_size.
* k5unseal.c (kg_unseal), k5seal.c (make_seal_token): == cannot be
used to compare oid's. The g_OID_equal macro must be used.
* init_sec_context.c (make_ap_req, krb5_gss_init_sec_context): -
gss_init_sec_context should use the mech set in the credential.
If the default mech is requested, but the old mech oid was
explicitly passed to gss_acquire_cred, then the context should be
the old mech, otherwise, the new mech. If a mech was requested
explicitly, then the code should insure that the credential is
compatible.
* acquire_cred.c (krb5_gss_acquire_cred), gssapiP_krb5.h (struct
_krb5_gss_cred_it_rec), gssapi_krb5.c (gss_mech_set_krb5*),
inq_cred.c (krb5_gss_inquire_cred): gss_acquire_cred needs to be
able to deal with both mech oid's. It should return in
actual_mechs the intersection of the set passed in and the
{old,new} mechs, or if the default was requested, it should return
both mech oid's. This state should be stored in the credential
handle, and regurgitated by gss_inquire_cred.
* accept_sec_context.c (krb5_gss_accept_sec_context): make sure
that the oid in the token is compatible with the mechanisms
specified by the credential.
Thu Jun 13 22:11:30 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* configure.in: remove ref to ET_RULES
Wed Jun 12 00:48:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Update special rule for gssapi_err_krb5.obj so that
it uses the right Win-32 library command.
* pname_to_uid.c: Add #ifdef _WIN32 in places where we had #ifdef
_MSDOS
Fri Jun 7 14:52:56 1996 Kevin L Mitchell <klmitch@mit.edu>
* accept_sec_context.c, init_sec_context.c, inq_context.c,
gssapiP_krb5.h: changed `mutual' element of struct
_krb5_gss_ctx_id_rec into more general `gss_flags' and
updated functions that process it
Tue May 14 19:09:49 1996 Richard Basch <basch@lehman.com>
* k5seal.c k5unseal.c util_cksum.c:
setup krb5_checksum "contents" and "length" field prior to
calling krb5_calculate_checksum().
Tue May 14 04:42:11 1996 Theodore Y. Ts'o <tytso@mit.edu>
* init_sec_context.c (make_ap_req): Change call to
krb5_auth_con_setcksumtype to use
krb5_auth_con_set_req_cksumtype by default instead.
Sun May 12 00:54:35 1996 Marc Horowitz <marc@mit.edu>
* util_crypt.c (kg_encrypt): It used to be that krb5_encrypt could
be used to encrypt in place. That's broken now. This would need
to be fixed in several places in the crypto layer, and it's not
clear what the right thing is, so it's worked around here in the
interests of portability and reliablility, at the expense of a
malloc/memcpy/free.
* Makefile.in, configure.in: gssapi_krb5.h should be installed
inside the tree. This is really only half the work, as it should
be installed outside of the tree, too.
Sat Apr 20 00:02:51 1996 Marc Horowitz <marc@mit.edu>
* accept_sec_context.c, export_sec_context.c, gssapiP_krb5.h,
import_sec_context.c, init_sec_context.c, k5seal.c, k5unseal.c,
ser_sctx.c, wrap_size_limit.c: Implemented triple-des changes
based on Richard's patches.
Wed Apr 17 21:08:59 1996 Marc Horowitz <marc@mit.edu>
* accept_sec_context.c (krb5_gss_set_backward_mode): removed
* krb5_gss_glue.c, wrap_size_limit.c: added
* import_sec_context.c: intern the newly created context id so
that the validation functions will accept it.
* Makefile.in (CFLAGS): Don't need md5 header files anymore.
(OBJS, SRCS): Change the list of files to build.
* export_sec_context.c, import_sec_context.c, gssapiP_krb5.h,
ser_sctx.c: don't use the serialization abstraction, since it
doesn't add anything, and is internal to kerberos. Instead, make
the {de,}serialization functions internal gssapi functions, and
call those directly.
* accept_sec_context.c, acquire_cred.c, context_time.c,
delete_sec_context.c, disp_name.c, disp_status.c,
export_sec_context.c, gssapi_krb5.c (kg_get_context),
import_name.c, import_sec_context.c, indicate_mechs.c,
init_sec_context.c, inq_context.c, inq_cred.c, inq_names.c,
process_context_token.c, rel_cred.c, rel_name.c, seal.c, sign.c,
unseal.c, verify.c:
Don't pass in the context from the caller. Instead, call
kg_get_context() to find out the kerberos library context. Also,
random minor compile-time fixes.
* accept_sec_context.c, gssapi_krb5.c (kg_get_defcred),
gssapiP_krb5.h, init_sec_context.c, k5seal.c, k5unseal.c,
util_cksum.c (kg_checksum_channel_bindings), util_seqnum.c
(kg_make_seq_num, kg_get_seq_num), util_seed.c (kg_make_seed),
util_crypt.c (kg_encrypt, kg_decrypt):
pass the context to the kg_* functions which need it instead of
determining it directly.
Fri Apr 12 21:47:46 1996 Richard Basch <basch@lehman.com>
* k5seal.c k5unseal.c:
Renamed MD5 routines to be preceded with krb5_
Thu Apr 11 18:53:09 1996 Theodore Y. Ts'o <tytso@dcl>
* acquire_cred.c (acquire_init_cred): Return GSS_S_CRED_UNAVAIL on
if krb5_cc_set_flags() returns an error, since that's the
call that will return an error if the credentials files
doesn't exist.
Wed Apr 3 16:10:24 1996 Theodore Y. Ts'o <tytso@dcl>
* init_sec_context.c (krb5_gss_init_sec_context): If make_ap_req()
returns KRB5APP_TKT_EXPIRED, then return
GSS_S_CREDENTIALS_EXPIRED as the major return code.
Tue Apr 2 15:20:24 1996 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in (SRCS): Inlined list of source files for SRCS and
OBJS (for Macintosh build).
* k5mech.c: Added Macintosh #ifdef so that the #include path is
right for the Macintosh.
Wed Mar 20 20:25:53 1996 Theodore Y. Ts'o <tytso@dcl>
* rel_oid.c (krb5_gss_release_oid): Don't compile this procedure,
since it's not used. The mechanism glue layer uses the
krb5_gss_internal_relase_oid() function.
* pname_to_uid.c: Comment out #ident line. This causes the
Macintosh C compiler indigestion. Remove #include of
gssapi/gssapi.h, since that gets included by
gssapiP_generic.h.
Fri Mar 8 21:36:29 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* util_cksum.c (kg_checksum_channel_bindings): Change sizeof(long)
to sizeof(krb5_int32).
Sat Mar 2 02:22:30 1996 Theodore Y. Ts'o <tytso@dcl>
* k5mech.c (krb5_gss_get_context): Initialize the serializers
here, instead of in export and import security context.
This will speed things up a little.
* export_sec_context.c (krb5_gss_export_sec_context):
* import_sec_context.c (krb5_gss_import_sec_context): Don't create
a serialization context just for importing/exporting
credentials. Use the passed-in gssapi context. This
speeds things up significantly. Assume the serializers
are initialized in krb5_gss_get_context.
Tue Feb 27 17:53:22 1996 Theodore Y. Ts'o <tytso@dcl>
* accept_sec_context.c (krb5_gss_accept_sec_context): Remove dead
code which used geteuid().
* Makefile.in (gssapi_err_krb5.$(OBJEXT)): Add Windows production
to add file to library.
* pname_to_uid.c: Don't try to compile pname_to_uid.c for MS-DOS
or Macintosh.
Mon Feb 26 18:08:57 1996 Sam Hartman <hartmans@tertius.mit.edu>
* k5mech.c : do not declare kg_context static as it is declared in
another file, and declared extern in a header.
Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o <tytso@dcl>
* k5mech.c (krb5_gss_initialize): No longer need to call
name-type/mechanism registration function. This is now
done for us by the generic intialization function.
Add support for new V2 call gss_wrap_size_limit.
Sat Feb 24 11:45:05 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* import_sec_context.c (krb5_gss_import_sec_context): Do not
shadow parameter ctx.
* inq_context.c (krb5_gss_inquire_context): Do not shadow
parameter ctx.
* rel_oid.c (krb5_gss_internal_release_oid): Change to match prototype.
* process_context_token.c (krb5_gss_process_context_token): Change
to match prototype.
Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o <tytso@dcl>
* gssapiP_krb5.h: Changed most krb5 gssapi functions to take a
void * as their first argument, instead of a krb5_context.
Makes for a cleaner interface to the mechanism glue layer.
* k5mech.c (krb5_gss_initialize): Call name-type/mechanism
registration function so that mechanism glue layer knows
whether or not a name needs to be lazy evaluated or not.
Tue Feb 6 23:55:45 1996 Theodore Y. Ts'o <tytso@dcl>
* pname_to_uid.c (krb5_pname_to_uid): Instead of using specialized
code to derive the username from a kerberos principal, use
krb5_aname_to_lname(). Added extra argument for the
context structure.
Fri Jan 26 03:09:32 1996 Sam Hartman <hartmans@tertius.mit.edu>
* init_sec_context.c (make_ap_req): Make sure we get a DES session key.
Wed Jan 24 20:46:37 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU>
* pname_to_uid.c (krb5_pname_to_uid): Changed def'n of
krb5principalname to static so K&R compilers won't lose on
automatic aggregate initialization.
Wed Jan 24 13:21:37 1996 Theodore Y. Ts'o <tytso@dcl>
* import_name.c (krb5_gss_import_name): Don't assume that the
input_name_buffer is null terminated, when it contains a
string. Fix gcc warnings.
Tue Jan 23 13:01:42 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* configure.in: Check for stdlib.h
* pname_to_uid.c: Include string.h and stdlib.h.
* init_sec_context.c (make_ap_req): Handle gcc warning.
Tue Jan 23 04:05:23 1996 <tytso@rsts-11.mit.edu>
* Makefile.in: Add support for building GSSAPI as a shared
library.
Tue Jan 23 03:25:02 1996 Theodore Y. Ts'o <tytso@dcl>
* rel_oid.c (krb5_gss_internal_release_oid): Add the new interface
for the mechglue layer.
* inq_cred.c (krb5_gss_inquire_cred): Call gss_release_oid_set()
instead of generic_gss_release_oid_set().
* gssapiP_krb5.h: Added prototype for krb5_gss_internal_release_oid
* Makefile.in (CCSRCS): Removed the file krb5_gss_glue.c and added
the file k5mech.c and pname_to_uid.c
Tue Jan 9 22:11:25 1996 Theodore Y. Ts'o <tytso@dcl>
* gssapiP_krb5.h (KRB5_GSS_FOR_CREDS_OPTION): New constant added
for delegation (forwarding) of credentials.
* init_sec_context.c (make_ap_req): Add support for sending
delegated credentials. Misc lint cleanups.
* accept_sec_context.c (krb5_gss_accept_sec_context): Add support
for accepting delegated credentials. Misc lint cleanups.
Fri Dec 1 17:27:33 1995 <tytso@rsts-11.mit.edu>
* configure.in: Add rule for building shared object files.
Fri Dec 1 17:11:43 1995 Theodore Y. Ts'o <tytso@dcl>
* gssapiP_krb5.h (KG_TOK_WRAP_MSG): Changed token ID for
KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both should be
0x0201.
* krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context
argument to the call of krb5_gss_inquire_names_for_mech().
* inq_names.c (krb5_gss_inquire_names_for_mech): Added new context
argument to the arg list.
Thu Nov 16 17:04:00 1995 <tytso@rsts-11.mit.edu>
* gssapiP_krb5.h (KG_TOK_MIC_MSG, KG_TOK_WRAP_MSG, KG_DEL_CTX):
Fixed token type numbers so they conform with the protocol
spec. Paul Park didn't realize that he wasn't allowed to
change these willy-nilly...
Wed Oct 25 15:38:00 1995 Theodore Y. Ts'o <tytso@dcl>
* init_sec_context.c (make_ap_req): Change the input type of
do_mutual to be OM_int32 instead of an int, to prevent
lossage under windows, since the passed in type size is a
OM_int32.
Fri Oct 6 22:02:24 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in: Remove ##DOS!include of config/windows.in.
config/windows.in is now included by wconfig.
Mon Sep 25 16:52:49 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the
Makefile.
Sun Sep 24 10:39:13 1995 John Rivlin (jrivlin@fusion.com)
* gssapiP_krb5.h: Fixed kb_seal_size prototype
Wed Sep 13 10:39:13 1995 Keith Vetter (keithv@fusion.com)
* acquire_.c: changed int to size_t.
* gssapip_.h: added prototype for kg_seal_size.
* k5seal.c: 16/32 bit mismatch and removed unused variables.
* seal.c: 16/32 bit mismatch.
* sign.c: 16/32 bit mismatch.
* ser_sctx.c: added prototypes for all functions since they get
assigned into a structure that has been prototyped.
Sat Sep 16 03:18:02 1995 Theodore Y. Ts'o <tytso@dcl>
* gssapiP_krb5.h: Remove context and cred from the gssapi security
context, as they aren't needed. kg_seal and kg_unseal now
take a krb5_context argument.
* ser_sctx.c (kg_ctx_size, kg_ctx_externalize,
kg_ctx_internalize): No longer serialize the context and
cred fields of the gssapi security context.
* krb5_gss_glue.c: Don't rely on the context field of the gssapi
security context. Use kg_context instead.
* verify.c (krb5_gss_verify, krb5_gss_verify_mic):
* unseal.c (krb5_gss_unwrap, krb5_gss_unseal):
* sign.c (krb5_gss_sign, krb5_gss_get_mic):
* seal.c (krb5_gss_seal, krb5_gss_wrap):
* process_context_token.c (krb5_gss_process_context_token):
* k5unseal.c (kg_unseal):
* k5seal.c (kg_seal_size): Add a krb5_context argument to this
function, so we don't have to depend on the context field
in the gssapi security context.
* init_sec_context.c (krb5_gss_init_sec_context): Don't initialize
the context and cred fields in the gssapi security
context. Copy ctx->subkey to ctx->seq.key, so they are
separately allocated.
* gssapi_krb5.c (kg_get_context): When initialize kg_context, call
krb5_init_ets() so that the error tables are initialized.
* export_sec_context.c (krb5_gss_export_sec_context): Don't depend
on the context field from the gssapi security context.
Free ctx->seq.key.
* delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal()
now takes a krb5_context argument. Free ctx->seq.key.
* acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi
credential before setting it, to prevent purify from
complaining.
* accept_sec_context.c (krb5_gss_accept_sec_context): Remove
context and cred from the gssapi security context. Make
sure the ticket is freed after we're done with it.
Fri Sep 15 22:12:49 1995 Theodore Y. Ts'o <tytso@dcl>
* import_sec_context.c (krb5_gss_import_sec_context): Don't bash
the input interprocess_token. Otherwise, it can't be
freed. Don't depend on the context field in the gss
security context.
Tue Sep 12 19:07:52 1995 Theodore Y. Ts'o <tytso@dcl>
* export_sec_context.c (krb5_gss_export_sec_context): Free the
auth context when freeing the GSSAPI context structure.
* delete_sec_context.c (krb5_gss_delete_sec_context): Free the
auth context when freeing the GSSAPI context structure.
Tue Sep 12 13:05:51 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* k5seal.c, k5unseal.c, accept_sec_context.c: Undo MACINTOSH
change for paths. The old ones were correct.
Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com>
* gssapi_krb5.h: changed a path bearing include for MACINTOSH
* accept_sec_context.c: changed a path bearing include for MACINTOSH
* k5seal.c: changed a path bearing include for MACINTOSH
* k5unseal.c: changed a path bearing include for MACINTOSH
Sat Sep 9 00:16:34 1995 Theodore Y. Ts'o <tytso@dcl>
* krb5_gss_glue.c (gss_delete_sec_context): Add extra indirection
so that we actually fetch the context correctly.
(gss_accept_sec_context): Remove unused code.
Wed Sep 6 16:12:28 1995 Theodore Y. Ts'o <tytso@dcl>
* init_sec_context.c (make_ap_req): Initialize mk_req_flags to
zero so that when we OR in flags, the result is
well-defined.
Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
* accept_sec_context.c, init_sec_context.c, util.c :
s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
* accept_sec_context.c, init_sec_context.c, util_seed.c :
Remove krb5_enctype references, and replace with
krb5_keytype where appropriate.
Thu Aug 31 11:50:34 EDT 1995 Paul Park (pjpark@mit.edu)
* gssapiP_krb5.h - Add new V2 dispatch prototypes. Update arguments
to be compatible with V2 API. Add tokens for V2 integrity
and confidentiality services.
* k5seal.c - Add support for V2 tokens and add kg_seal_size() to
support gss_wrap_size_limit().
* k5unseal.c - Add support for V2 tokens.
* accept_sec_context,disp_status,gssapi_krb5,init_sec_context,
inq_context,rel_name.c - Update arguments to V2.
* acquire_cred,import_name,inq_cred,krb5_gss_glue,seal,sign,unseal,
verify.c - Update arguments to V2 and add new V2 functions.
* rel_oid.c, inq_names.c - New V2 modules.
* Makefile.in, .Sanitize - Add rel_oid.c and inq_names.c
Tue Aug 29 22:38:54 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* init_sec_context.c (krb5_gss_init_sec_context): Remove
duplicated cleanup code.
Tue Aug 29 17:48:40 EDT 1995 Paul Park (pjpark@mit.edu)
* {accept,init}_sec_context.c - Zero out the newly allocated context
because garbage in the uninitialized context messes up the
serializers.
Tue Aug 29 13:31:46 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in, .Sanitize, {im,ex}port_sec_context.c, ser_sctx.c - Add
new modules to support {im,ex}port of GSSAPI context.
* krb5_gss_glue.c - Add krb5_gss_{im,ex}port_sec_context() wrapper
routines.
* gssapiP_krb5.h - Add prototypes for krb5_gss_{im,ex}port_sec_context
and kg_ser_context_init.
* gssapi_err_krb5.et - Add magic numbers for GSSAPI data structures.
Mon Aug 7 19:08:52 1995 Theodore Y. Ts'o <tytso@dcl>
* inq_cred.c (krb5_gss_inquire_cred): Use
generic_gss_release_oid_set() instead of gss_release_oid_set()
so that the krb5-specific mechanism can be linked in
without pulling in krb5_gss_glue.c
Thu Jul 27 15:26:27 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Add -I$(srcdir)/../../crypto/md5 to get rsa-md5.h.
* accept_sec_context.c - Include "rsa-md5.h" instead of <krb5/...>.
* gssapiP_krb5.h - Replace k5-specific includes with k5-int.h
* k5[un]seal.c - Include "rsa-md5.h" instead of <krb5/...>.
Fri Jul 7 16:23:17 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Remove LDFLAGS, it's set by configure.
Sat Jun 10 23:04:52 1995 Tom Yu (tlyu@dragons-lair)
* accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c:
krb5_auth_context redefinitions
Fri Jun 9 19:25:55 1995 <tytso@rsx-11.mit.edu>
* configure.in: Remove standardized set of autoconf macros, which
are now handled by CONFIG_RULES.
Wed Jun 7 10:05:16 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* gssapiP_krb5.h: Include time.h (or sys/time.h) for struct tm
structure which is now in the los-proto.h file.
Mon May 22 10:10:41 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Add null install target.
* inq_cred.c - Don't mark credentials as expired if the expiration
time is indefinite.
Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu)
* init_sec_context.c (krb5_gss_init_sec_context()) :
The krb5_mk_rep() routine must always encode the data in
the keyblock of the ticket, not the subkey.
Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
* *.[ch]: removed unneeded INTERFACE from non-api functions.
* *.h added FAR to pointers visible at to the world.
* gssapi_e.c: __STDC__ conditional also checks the _WINDOWS define.
Thu Mar 30 16:00:30 1995 Keith Vetter (keithv@fusion.com)
* accept_sec_context.c: fixed wrong level of indirection on a
parameter to getauthenticator.
Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
* accept_sec_context.c: Use new calling convention for krb5_rd_req()
and krb5_mk_rep().
Thu Mar 16 19:54:33 1995 Keith Vetter (keithv@fusion.com)
* init_sec_context.c: fixed signed/unsigned mismatch and
added a prototype which will later be removed.
* import_name.c: fixed for the PC--made conditional the
code dependent upon passwords.
* Makefile.in: changed the name of the library the PC
builds, and added xxx-mac targets to mimic xxx-unix.
Fri Mar 10 09:44:29 1995 Chris Provenzano (proven@mit.edu)
* init_sec_context.c (krb5_gss_init_sec_context())
Use new calling convention for krb5_mk_req_ext() and
krb5_rd_rep().
* gssapiP_krb5.h Added a krb5_auth_context pointer to the
krb5_gss_ctx_id_rec structure to store the auth_context
between multiple calls to krb5_gss_init_sec_context().
Tue Mar 7 20:48:03 1995 Keith Vetter (keithv@fusion.com)
* accept_s.c, acqire_s.c, compare_.c, context_.c, delete_s.c,
disp_nam.c, disp_sta.c, get_tkt_.c, init_sec.c, inq_cont.c,
inq_cred.c, k5seal.c, k5unseal.c, process_.c, rel_cred.c,
rel_name.c, util_cks.c, util_cry.c: added casts on signed ->
unsigned assignments.
* util_seq.c: added casts on bit extraction code.
* gssapip_.h: pulls in los-proto.h for prototypes.
Tue Feb 28 00:27:44 1995 John Gilmore (gnu at toad.com)
* gssapi_krb5.h, gssapiP_krb5.h: Avoid <krb5/...> includes.
* disp_status.c: Avoid <com_err.h>, use "com_err.h".
Mon Feb 20 19:53:9 1995 Keith Vetter (keithv@fusion.com)
* accept_s.c: needed temp to avoid sign/unsigned mismatch on the PC.
* init_sec.c: needed temp to avoid sign/unsigned mismatch on the PC.
* gssapiP_krb5.h k5seal.c, k5unseal.c: removed netinet/in.h include.
* util_seq.c: changed int to 32bit int
* gssapiP_krb5.h, gssapi_krb5.h, *.c: added windows INTERFACE keyword
Mon Feb 20 12:00:00 1995 keith Vetter (keithv@fusion.com)
Rename files for DOS 8.3 uniqueness--files created by Make
* gssapi_krb5_err.et => gssapi_err_krb5.et
=> gssapi_err_krb5.h
=> gssapi_err_krb5.c
* gssapiP_krb5.h changed to match
* Makefile.in changed to match
Tue Feb 14 15:01:36 1995 Chris Provenzano (proven@mit.edu)
* init_sec_context.c (make_ap_req()) Use new API for
krb5_mk_req_extended() and cleanup internal processing.
Fri Feb 3 00:34:55 1995 John Gilmore <gnu@cygnus.com>
Rename files for DOS 8.3 uniqueness:
* display_name.c => disp_name.c
* display_status.c => disp_status.c
* inquire_context.c => inq_context.c
* inquire_cred.c => inq_cred.c
* release_cred.c => rel_cred.c
* release_name.c => rel_name.c
* Makefile.in changed to match.
Fri Jan 27 14:41:12 1995 Chris Provenzano (proven@mit.edu)
* accept_sec_context.c (rd_req_keyproc() added krb5_keytype arg.
Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
* Removed all narrow types and references to wide.h and narrow.h
Sun Jan 22 18:26:32 1995 John Gilmore (gnu at toad.com)
* acquire_cred.c (acquire_accept_cred): Add context arg when
calling krb5_sname_to_principal.
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl)
* display_name.c (krb5_gss_display_name): gss_display_name()
should return a name type OID, not a mechanism OID.
Tue Oct 4 16:40:45 1994 Theodore Y. Ts'o (tytso@dcl)
* accept_security_context.c (rd_req_keyproc): Add widen.h and
narrow.h to widen argument types of keyproc.
Tue Sep 27 23:30:14 1994 Theodore Y. Ts'o (tytso@dcl)
* accept_security_context.c (krb5_gss_accept_sec_context):
krb5_rc_dfl_close now frees the rcache structure, so
this routine shouldn't.
Wed Aug 17 15:47:26 1994 Theodore Y. Ts'o (tytso at tsx-11)
* gssapi_krb5.c: Fixed OID for the krb5 mechanism. (Transcription
error.)
|