summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/ChangeLog
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/gssapi/krb5/ChangeLog')
-rw-r--r--src/lib/gssapi/krb5/ChangeLog2299
1 files changed, 0 insertions, 2299 deletions
diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog
deleted file mode 100644
index ea60edfe8..000000000
--- a/src/lib/gssapi/krb5/ChangeLog
+++ /dev/null
@@ -1,2299 +0,0 @@
-2006-04-03 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (DEFS): Make empty.
-
-2006-03-10 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (generate-files-mac): Depend on gssapi_krb5.h.
-
-2006-03-07 Jeffrey Altman <jaltman@mit.edu>
-
- * acquire_cred.c: (acquire_init_cred)
- If the leash32.dll is not available, fallback to opening the
- default credential cache even when the desired_name is
- provided.
-
-2005-11-14 Jeffrey Altman <jaltman@mit.edu>
-
- * gssapi_krb5.hin: include k5-int.h instead of krb5.h
-
-2005-10-20 Alexandra Ellwood <lxs@mit.edu>, Jeffrey Altman <jaltman@mit.edu>
-
- * acquire_cred.c (acquire_init_cred):
- If a specific principal has been requested, attempt to acquire
- tickets and set the ccache name in the context to the ccache
- containing the tickets if obtained. (KFM/KFW)
-
-2005-10-20 Jeffrey Altman <jaltman@mit.edu>
-
- * gssapi_krb5.hin: add missing GSS_DLLIMP to exported symbols
-
-2005-09-21 Tom Yu <tlyu@mit.edu>
-
- * import_name.c (krb5_gss_import_name): Add missing free of tmp in
- an error case to fix a memory leak.
-
- * inq_cred.c (krb5_gss_inquire_cred): Memory leak fixes: call
- krb5_gss_release_cred() with address of cred, not cred; add
- missing call to krb5_gss_release_cred() in an error case.
-
- * duplicate_name.c (krb5_gss_duplicate_name):
- * export_name.c (krb5_gss_export_name): Fix gsstest nit by
- clearing minor_status if no errors.
-
- * inq_cred.c (krb5_gss_inquire_cred): Initialize ret_name to
- NULL. Only call kg_save_name() if ret_name is actually non-NULL.
- Return GSS_C_NO_NAME for now if no principal name in the cred.
- Reported by Christoph Weizen.
-
-2005-08-11 Tom Yu <tlyu@mit.edu>
-
- * import_name.c: Include stdio.h regardless of presence of
- getpwuid_r(), to ensure definition of BUFSIZ. Reported by
- Vladimir Terziev.
-
-2005-04-07 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in (gssapi_krb5.h): Use awk hack to work around quoting
- problem.
-
-2005-03-25 Ken Raeburn <raeburn@mit.edu>
-
- * import_name.c (krb5_gss_import_name): Use k5_getpwuid_r.
-
-2005-01-13 Jeffrey Altman <jaltman@mit.edu>
-
- * init_sec_context.c, acquire_cred.c: fix calls to
- krb5_gss_release_cred() to pass in the correct type.
- This fixes a mutex leak.
-
-2004-08-27 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c (make_ap_req_v1): Free checksum data
- allocated by make_gss_checksum() to avoid leak.
-
- * k5sealv3.c (gss_krb5int_unseal_token_v3): Free plain.data after
- checksum is verified, to avoid leak.
-
-2004-08-26 Ken Raeburn <raeburn@mit.edu>
-
- * acquire_cred.c (krb5_gss_acquire_cred): Call
- gssint_initialize_library. Return correct error code on mutex
- initialization failure.
-
-2004-07-29 Ken Raeburn <raeburn@mit.edu>
-
- * gssapi_krb5.c (kg_ccache_name): Variable deleted.
- (kg_sync_ccache_name, kg_get_ccache_name, kg_set_ccache_name): Get
- and set thread-specific values instead.
-
-2004-07-28 Ken Raeburn <raeburn@mit.edu>
-
- * gssapiP_krb5.h (struct _krb5_gss_cred_id_rec): Add a mutex.
- (krb5_gss_validate_cred_1): Declare.
- * accept_sec_context.c (rd_and_store_for_creds): Initialize mutex.
- * acquire_cred.c (krb5_gss_acquire_cred): Initialize mutex.
- * add_cred.c (krb5_gss_add_cred): Create the krb5 context
- earlier. Call krb5_gss_validate_cred_1. Make sure the mutex is
- locked.
- * copy_ccache.c (gss_krb5_copy_ccache): Lock the mutex in the
- source credential.
- * init_sec_context.c (get_credentials, new_connection): Check that
- the mutex is locked.
- (mutual_auth): Delete unused credential argument.
- (krb5_gss_init_sec_context): Lock the mutex.
- * inq_cred.c (krb5_gss_inquire_cred): Lock the mutex.
- * rel_cred.c (krb5_gss_release_cred): Destroy the mutex.
- * set_allowable_enctypes.c (gss_krb5_set_allowable_enctypes): Lock
- the mutex.
- * val_cred.c (krb5_gss_validate_cred_1): New function, most of old
- krb5_gss_validate_cred but requires that the krb5 context be
- supplied, and returns with the credential mutex still locked if
- successful, so the caller needn't re-lock it.
- (krb5_gss_validate_cred): Use it.
-
- * set_ccache.c (gss_krb5_ccache_name): Don't make a copy of the
- string returned by kg_get_ccache_name. Simplify some calls using
- a temporary error code variable.
-
- * gssapi_krb5.c (kg_get_ccache_name): Make a copy of the default
- ccache name, because calling krb5_free_context will destroy it.
- Make the copy always, not just in the local-context case. Check
- for errors in making the copy.
-
-2004-07-14 Ken Raeburn <raeburn@mit.edu>
-
- * gssapi_krb5.c (kg_sync_ccache_name): Add context argument
- instead of calling kg_get_context.
- (kg_get_ccache_name): Use a locally created krb5 context instead
- of calling kg_get_context.
- (kg_get_context): Deleted.
- * acquire_cred.c (acquire_init_cred): Pass current context.
- (krb5_gss_acquire_cred): Use a locally created krb5 context
- instead of calling kg_get_context.
- * add_cred.c (krb5_gss_add_cred): Call kg_sync_ccache_name.
- * init_sec_context.c (krb5_gss_init_sec_context): Likewise.
- * gssapiP_krb5.h (kg_sync_ccache_name): Update prototype.
- (kg_get_context): Delete declaration.
-
-2004-07-13 Ken Raeburn <raeburn@mit.edu>
-
- * acquire_cred.c: Include gss_libinit.h.
- (gssint_krb5_keytab_lock): New mutex.
- (krb5_gss_register_acceptor_identity, acquire_accept_cred): Lock
- the mutex while manipulating krb5_gss_keytab.
- * gssapiP_krb5.h (gssint_krb5_keytab_lock): Declare.
-
- * set_ccache.c (gss_krb5_ccache_name): Check thread-specific data
- for the saved "old" name to free. Save the new old name in
- thread-specific data.
-
-2004-07-08 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (LOCALINCLUDES): Add $(srcdir)/.. to the list.
-
-2004-07-07 Ken Raeburn <raeburn@mit.edu>
-
- * disp_status.c: Include gss_libinit.h.
- (init_et): Variable deleted.
- (krb5_gss_display_status): Don't use init_et; instead, call
- gssint_initialize_library.
-
-2004-07-06 Ken Raeburn <raeburn@mit.edu>
-
- * import_name.c [HAVE_GETPWUID_R]: Include stdio.h.
- (krb5_gss_import_name) [HAVE_GETPWUID_R]: Use getpwuid_r instead
- of getpwuid, for thread safety.
-
-2004-06-17 Tom Yu <tlyu@mit.edu>
-
- * ser_sctx.c (kg_ctx_size, kg_ctx_externalize):
- (kg_ctx_internalize): Adjust for new field cred_rcache.
-
-2004-06-15 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Only null
- out the auth_context's rcache if it was provided by acceptor
- creds; this prevents a leak.
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): Only null
- out the auth_context's rcache if it was provided by acceptor
- creds; this prevents a leak.
-
- * gssapiP_krb5.h (krb5_gss_ctx_id_rec): Add cred_rcache to track
- whether acceptor creds provided an rcache.
-
-2004-06-14 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Fix pointer
- assignment when retrieving k5_context from existing
- context_handle.
-
-2004-06-10 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (gssapi_krb5.h): Add Windows version of generation
- rule.
-
-2004-06-09 Sam Hartman <hartmans@mit.edu>
-
- * Makefile.in (install-headers-unix install): install
- gssapi_krb5.h from build directory not source directory
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): If the
- server provides channel bindings, these channel bindings must be
- matched. Thus clients can only provide null channel bindings if
- the server provides no channel bindings.
-
-2004-06-08 Sam Hartman <hartmans@mit.edu>
-
- * set_allowable_enctypes.c lucid_context.c: new file
-
- * gssapi_krb5.hin: Made file autogenerated; support gss_uint64 type
-
- * Makefile.in (gssapi_krb5.h): Include code to pull in stdint.h if available.
-
- * gssapi_krb5.h: Add declarations for lucid_context support
-
-2004-04-24 Ken Raeburn <raeburn@mit.edu>
-
- * gssapi_krb5.c (kg_get_ccache_name): Don't test err while it's
- still known to be 0.
- (kg_set_ccache_name): Likewise. Return after an error rather
- than continuing.
-
- * krb5_gss_glue.c (gss_import_name): Call
- gssint_initialize_library and check the return status.
-
-2004-04-13 Jeffrey Altman <jaltman@mit.edu>
-
- * k5unseal.c: gss_krb5int_unseal_token_v3() takes a pointer to
- krb5_context
- * import_sec_context.c: krb5_gss_ser_init() contains a function
- pointer table. this table must use pointers to functions of
- type KRB5_CALLCONV.
-
-2004-03-20 Ken Raeburn <raeburn@mit.edu>
-
- * rel_cred.c (krb5_gss_release_cred): Create and destroy a local
- krb5 context.
- * rel_name.c (krb5_gss_release_name): Likewise.
- * val_cred.c (krb5_gss_validate_cred): Likewise.
-
-2004-03-19 Ken Raeburn <raeburn@mit.edu>
-
- * add_cred.c (krb5_gss_add_cred): Create and destroy a local krb5
- context.
- * compare_name.c (krb5_gss_compare_name): Likewise.
- * copy_ccache.c (gss_krb5_copy_ccache): Likewise.
- * disp_name.c (krb5_gss_display_name): Likewise.
- * duplicate_name.c (krb5_gss_duplicate_name): Likewise.
- * inq_cred.c (krb5_gss_inquire_cred): Likewise.
- * export_name.c (krb5_gss_export_name): Likewise.
- * import_name.c (krb5_gss_import_name): Likewise.
-
- * context_time.c (krb5_gss_context_time): Use the krb5 context in
- the GSS security context.
-
-2004-03-15 Ken Raeburn <raeburn@mit.edu>
-
- * k5seal.c (kg_seal): Extract the krb5 context from the security
- context instead of requiring it be passed in as an argument.
- * k5unseal.c (kg_unseal): Likewise.
- * gssapiP_krb5.h (kg_seal, kg_unseal): Declarations updated.
- * delete_sec_context.c, process_context_token.c, seal.c, sign.c,
- unseal.c, verify.c: Callers changed.
- * inq_context.c (krb5_gss_inquire_context): Use krb5 context
- contained in security context instead of calling kg_get_context.
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Likewise.
-
- * import_sec_context.c (krb5_gss_ser_init): New function.
- (krb5_gss_import_sec_context): Create a krb5 context locally to
- use for the import.
- * export_sec_context.c (krb5_gss_export_sec_context): Use the
- krb5 context in the security context.
- * gssapiP_krb5.h (krb5_gss_ser_init): Declare.
- * gssapi_krb5.c (kg_get_context): Don't call krb5 serialization
- initialization code here.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Free the
- new krb5 context in an error case not caught before.
-
-2004-03-14 Ken Raeburn <raeburn@mit.edu>
-
- * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Add a krb5
- context object.
- * init_sec_context.c (krb5_gss_init_sec_context): Create a new
- krb5 context, and store it in the security context if
- successful. If there's already a security context, use the krb5
- context in it.
- * accept_sec_context.c (krb5_gss_accept_sec_context): Create a
- new krb5 context, and store it in the security context if
- successful.
- * delete_sec_context.c (krb5_gss_delete_sec_context): If the
- security context has a krb5 context, free it.
-
- * gssapi_krb5.c (kg_vdb): Change type to g_set and initialize.
- * gssapiP_krb5.h (kg_vdb): Declaration updated.
-
- * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete fields
- init_token and testing_unknown_tokid.
- * init_sec_context.c (new_connection): Drop support (already
- inside "#if 0") for them.
- (krb5_gss_init_sec_context): Drop support for
- testing_unknown_tokid.
- (mutual_auth): Don't let major_status be used uninitialized.
-
-2004-03-08 Ezra Peisach <epeisach@mit.edu>
-
- * gssapiP_krb5.h: Add prototype for gss_krb5int_unseal_token_v3.
-
-2004-03-03 Ken Raeburn <raeburn@mit.edu>
-
- * disp_status.c (krb5_gss_display_status): Don't call
- kg_get_context; delete local krb5_context variable.
- * inq_cred.c (krb5_gss_inquire_cred_by_mech): Likewise.
- * inq_names.c (krb5_gss_inquire_names_for_mech): Likewise.
-
-2004-02-26 Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Don't clear
- the DO_TIME flag until after rd_req is called so a replay cache is
- set up even in the no_credential case.
-
-2004-02-23 Ken Raeburn <raeburn@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix calculation
- for confidential CFX tokens.
-
-2004-02-09 Ken Raeburn <raeburn@mit.edu>
-
- * ser_sctx.c (kg_oid_externalize): Check for errors.
- (kg_oid_internalize): Check for errors. Free allocated storage on
- error.
- (kg_queue_externalize): Check for errors.
- (kg_queue_internalize): Check for errors. Free allocated storage
- on error.
- (kg_ctx_size): Update for new context data.
- (kg_ctx_externalize): Update for new context data. Check for
- error storing trailer.
- (kg_ctx_internalize): Update for new context data. Check for
- errors in a few more cases.
-
-2004-02-05 Jeffrey Altman <jaltman@mit.edu>
-
- * gssapiP_krb5.h: remove KG_IMPLFLAGS macro
-
- * init_sec_context.c (init_sec_context): Expand KG_IMPLFLAGS
- macro with previous macro definition
-
- * accept_sec_context.c (accept_sec_context): Replace KG_IMPLFLAGS
- macro with new definition. As per 1964 the INTEG and CONF flags
- are supposed to indicate the availability of the services in
- the client. By applying the previous definition of KG_IMPLFLAGS
- the INTEG and CONF flags are always on. This can be a problem
- because some clients such as Microsoft's Kerberos SSPI allow
- CONF and INTEG to be used independently. By forcing the flags
- on, we would end up with inconsist state with the client.
-
-2004-01-27 Ken Raeburn <raeburn@mit.edu>
-
- * init_sec_context.c (make_gss_checksum) [CFX_EXERCISE]: Don't
- crash on null pointer in debugging code.
- (new_connection): Disable CFX_EXERCISE unknown-token-id case
- detection.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context)
- [CFX_EXERCISE]: Log to /tmp/gsslog whether delegation or extra
- option bytes were present.
-
-2004-01-05 Ken Raeburn <raeburn@mit.edu>
-
- * init_sec_context.c: Include auth_con.h if CFX_EXERCISE is
- defined.
- (make_gss_checksum) [CFX_EXERCISE]: If the key enctype is aes256,
- insert some stuff after the delegation slot.
- (new_connection) [CFX_EXERCISE]: Don't send messages with bogus
- token ids.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Don't
- discard the delegation flag; only look for a delegation if the
- flag is set, and only look for delegation, not other options.
- Ignore any other data there.
-
-2003-12-19 Ken Raeburn <raeburn@mit.edu>
-
- * util_crypt.c (kg_encrypt, kg_decrypt): Input pointer now points
- to const.
- * gssapiP_krb5.h: Declarations updated.
- * util_seed.c (zeros): Now const.
-
-2003-12-19 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c: Include k5-int.h for accessor.
-
-2003-12-18 Jeffrey Altman <jaltman@mit.edu>
-
- * accept_sec_context.c, init_sec_context.c, ser_sctx.c:
- Implement use of krb5int_accessor() for krb5int_c_mandatory_cksumtype,
- krb5_ser_pack_int64, and krb5_ser_unpack_int64
-
-2003-12-13 Ken Raeburn <raeburn@mit.edu>
- Sam Hartman <hartmans@avalanche-breakdown.mit.edu>
-
- * k5sealv3.c: New file, implements Wrap and MIC tokens for CFX
- extensions.
- * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Added acceptor
- subkey, 64-bit sequence numbers, checksum type, and hooks for
- sending a bogus initial token for CFX testing. Changed some flags
- into bitfields.
- (gss_krb5int_make_seal_token_v3): Declare.
- * Makefile.in (SRCS, OBJS, STLIBOBJS): Build it.
- * accept_sec_context.c (krb5_gss_accept_sec_context): Add CFX
- support. For G_WRONG_TOKID, send back an error token with
- AP_ERR_MSG_TYPE code and return a CONTINUE_NEEDED indication.
- Initialize new fields in context.
- * delete_sec_context.c (krb5_gss_delete_sec_context): Free
- acceptor subkey field.
- * init_sec_context.c (get_credentials): Drop enctypes argument;
- callers changed.
- (get_requested_enctypes): Deleted.
- (setup_enc): Combine some common sections. Do CFX initialization
- for newer enctypes.
- (new_connection) [CFX_EXERCISE]: If doing CFX, send a bogus
- token. Delete the enctype list manipulation.
- (mutual_auth): If CFX, save acceptor's subkey.
- * k5seal.c (make_seal_token_v1): Sequence number is now 64 bits.
- (kg_seal): Call out to _v3 code for CFX.
- * k5unseal.c (kg_unseal): For CFX, adjust token id numbers and
- call out to _v3 code.
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Implement CFX
- support.
-
- * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Deleted fields
- ctypes and nctypes.
- * delete_sec_context.c, init_sec_context.c, ser_sctx.c: Removed
- references.
-
-2003-12-11 Alexandra Ellwood <lxs@mit.edu>
-
- * acquire_cred.c, gssapi_krb5.c, gssapiP_krb5.h, set_ccache.c:
- Added kg_sync_ccache_name(), kg_get_ccache_name, and
- kg_set_ccache_name() and rewrote gss_krb5_ccache_name() and
- added a call to kg_sync_ccache_name() to acquire_init_cred()
- to fix a bug where on systems with multiple ccaches that GSSAPI
- gets stuck on the ccache that was default when it launched.
-
-2003-07-19 Ezra Peisach <epeisach@mit.edu>
-
- * acquire_cred.c (krb5_gss_register_acceptor_identity): Allocate
- enough memory to include the null at the end of the keytab char *.
-
-2003-07-17 Tom Yu <tlyu@mit.edu>
-
- * gssapiP_krb5.h: Delete kg_release_defcred(); it's no longer
- used.
-
- * gssapi_krb5.c: Delete defcred; it's no longer cached.
- (kg_get_defcred): Don't cache.
- (kg_release_defcred): Delete; it's no longer used.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Break into more
- manageable pieces. Clean up a few error condition memory leaks
- previously obscured by the sheer size of this function.
- (setup_enc): New function; used to be part of
- krb5_gss_init_sec_context() responsible for setting up enctypes,
- keyblocks, related nastiness.
- (get_requested_enctypes): New function; used to be part of
- krb5_gss_init_sec_context() responsible for pruning the krb5
- library's default enctype list to the limited set of enctypes
- usable with GSSAPI.
- (new_connection): New function; used to be part of
- krb5_gss_init_sec_context() responsible for initial gss_ctx setup
- and creating the AP-REQ.
- (mutual_auth): New function; used to be part of
- krb5_gss_init_sec_context() responsible for reading the AP-REP if
- mutual auth was requested.
-
- * inq_cred.c (krb5_gss_inquire_cred): Rearrange due to removal of
- kg_release_defcred(), particularly to explicitly release the
- defcred once it's obtained.
-
- * rel_cred.c (krb5_gss_release_cred): Remove call to
- kg_release_defcred(), and always succeed in releasing the null
- credential.
-
- * set_ccache.c (gss_krb5_ccache_name): Remove call to
- kg_release_defcred().
-
-2003-07-17 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in (LIBNAME) [##WIN16##]: Don't define.
-
-2003-07-14 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Call
- TREAD_STR with correct arguments. Patch from Emily Ratliff.
-
-2003-07-10 Tom Yu <tlyu@mit.edu>
-
- * acquire_cred.c (acquire_init_cred): Close the ccache if
- krb5_cc_set_flags() fails, as krb5int_cc_default succeeds even if
- the file is not there, but krb5_cc_set_flags will fail in turning
- off OPENCLOSE mode if the file can't be opened. Thanks to Kent Wu.
-
-2003-06-13 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c (make_ap_req_v1): Free checksum_data if
- needed, to avoid leaking memory. Found by Kent Wu.
- (krb5_gss_init_sec_context): Free default_enctypes to avoid
- leaking returned value from krb5_get_tgs_ktypes.
-
- * k5unseal.c (kg_unseal_v1): Explicitly set token.value to NULL if
- token.length == 0, to avoid spurious uninitialized memory
- references when calling memcpy() with a zero length.
-
-2003-05-13 Tom Yu <tlyu@mit.edu>
-
- * gssapi_krb5.h: Remove check for GSS_RFC_COMPLIANT_OIDS.
-
-2003-05-09 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Rename
- remote_subkey -> recv_subkey.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Rename
- local_subkey -> send_subkey.
-
-2003-03-14 Sam Hartman <hartmans@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Set
- prot_ready here
-
- * init_sec_context.c (krb5_gss_init_sec_context): Set prot_ready
- after context established
-
- * gssapiP_krb5.h (KG_IMPLFLAGS): Don't claim prot_ready until the
- context is established because we don't currently support it.
-
-2003-03-06 Alexandra Ellwood <lxs@mit.edu>
-
- * disp_status.c, gssapi_krb5.h, gssapiP_krb5.h:
- Removed Mac header goober.
-
-2003-03-05 Tom Yu <tlyu@mit.edu>
-
- * acquire_cred.c (krb5_gss_register_acceptor_identity): New
- function. Allows global override of default keytab for
- gss_acquire_cred() purposes.
- (acquire_accept_cred): Implement override.
-
- * gssapi_krb5.h: Add krb5_gss_register_acceptor_identity.
-
-2003-03-04 Sam Hartman <hartmans@mit.edu>
-
- * accept_sec_context.c (rd_and_store_for_creds): Do not expect sequence number in incoming krb_cred message.
-
-2003-03-02 Sam Hartman <hartmans@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Deal with
- creds without rcache available. They will be slower.
-
- * add_cred.c (krb5_gss_add_cred): Deal with princ being null
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Populate
- ctx->here from ticket->server instead of cred->princ. If
- cred->princ exists it will be the same, but the previous change
- may make it null
-
- * inq_cred.c (krb5_gss_inquire_cred): Allow for null princ
- component of credentials
-
- * acquire_cred.c: When acquiring acceptor credentials, allow
- GSS_C_NO_NAME to mean that we accept any credential. In this case
- we do not look to see if the principal is found in the keytab and
- we leave princ null in the context. This means you get
- GSS_C_NO_NAME out from inquire_cred. If cred->princ is null
- don't set up a rcache
-
-2003-03-01 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Don't
- validate verifier_cred_handle if GSS_C_NO_CREDENTIAL is passed in.
-
-2003-02-25 Tom Yu <tlyu@mit.edu>
-
- * set_ccache.c (gss_krb5_ccache_name): Don't return a pointer to
- freed memory.
-
-2003-02-24 Tom Yu <tlyu@mit.edu>
-
- * gssapi_krb5.c (kg_get_defcred): Revert previous; it's probably
- not appropriate for inquire_cred() to cause new credentials to be
- fetched.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Explicitly
- release default cred in the NO_CREDENTIAL case, so it is always
- refreshed.
-
-2003-02-21 Tom Yu <tlyu@mit.edu>
-
- * gssapi_krb5.c (kg_get_defcred): Check for invalid or expired
- defcred if it exists, and call acquire_cred() again if necessary.
-
-2003-02-13 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in ($(GSSAPI_KRB5_HDR)): Use $(S) to avoid problems on
- windows.
-
-2003-02-12 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in (includes): Delete gssapi_krb5.h rule.
- ($(GSSAPI_KRB5_HDR)): Add command to create header directory if
- needed.
- (all-unix): Add $(GSSAPI_KRB_HDR).
-
-2003-02-09 Ezra Peisach <epeisach@bu.edu>
-
- * init_sec_context.c (make_ap_req_v1): Unsigned/signed cleanup.
-
-2003-01-10 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag.
-
-2003-01-07 Sam Hartman <hartmans@mit.edu>
-
- * init_sec_context.c (make_gss_checksum): New function to
- construct the checksum in the authenticator, used directly or
- indirectly depending on whether krb5_cred is encrypted.
- (make_ap_req_v1): use it
-
-2003-01-07 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.original: Deleted.
-
-2002-11-15 Ezra Peisach <epeisach@bu.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Use unsigned
- lengths for arguments to g_token_size and g_make_token_header.
-
- * export_name.c (krb5_gss_export_name): Change local length
- variable to unsigned.
-
- * k5unseal.c (kg_unseal_v1): Seqnum variable changed from
- krb5_int32 to krb5_ui_4.
-
- * k5seal.c (make_seal_token_v1): Change seqnum argument to
- krb5_ui_4 from krb5_int32 to match krb5_gss_ctx_id_rec struct.
-
- * gssapiP_krb5.h, util_crypt.c, util_seqnum.c: kg_make_seq_num(),
- kg_get_seq_num() changed to use krb5_ui_4 for sequence
- numbers. kg_encrypt(), kg_decrypt() length argument now unsigned.
-
-2002-10-07 Sam Hartman <hartmans@mit.edu>
-
- * Makefile.in : Add install-headers support
-
-2002-08-29 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in: Revert $(S)=>/ change, for Windows support.
-
-2002-08-27 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in ($(GSSAPI_KRB5_HDR)): Quote target of copy.
-
-2002-08-23 Ken Raeburn <raeburn@mit.edu>
-
- * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
-
-2002-07-15 Ezra Peisach <epeisach@bu.edu>
-
- * k5unseal.c (kg_unseal): Pass unsigned int * instead of int *
- length return argument to g_verify_token_header.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Pass
- OM_uint32 * instead of krb5_error_code * to krb5_gss_release_cred.
-
-2002-07-14 Alexandra Ellwood <lxs@mit.edu>
-
- * gssapi_krb5.h: Added #include of gssapi.h and gssapi_generic.h
- for the Mac because we can't assume people will include them and
- get the OID macro and the old names on the Mac.
-
- * disp_status.c: Updated Mac OS X header paths.
-
- * gssapiP_krb5.h: Updated Mac OS X header paths and added
- prototype on Mac.
-
- * gssapi_krb5.h: Updated Mac OS X headers to new framework layout
-
- [pullups from 1-2-2-branch]
-
-2002-07-14 Miro Jurisic <meeroh@mit.edu>
-
- * gssapi_krb5.h, gssapi_krb5.c: Added oids from rfc 1964 using the
- suggested names.
- [pullup from 1-2-2-branch]
-
-2002-07-12 Ken Raeburn <raeburn@mit.edu>
-
- * accept_sec_context.c (rd_and_store_for_creds): Remove
- registration of memory ccache type. Don't declare krb5_mcc_ops.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Instead of
- asking for the enctypes supported by the GSS code, use that set as
- a filter on the default enctypes and use the resulting list.
- (make_ap_req_v2): Delete unused function.
-
- * k5mech.c, pname_to_uid.c, util_ctxsetup.c: Deleted.
- * Makefile.in (SRCS, OBJS, STLIBOBJS): Don't compile
- util_ctxsetup.c.
- * rel_oid.c (krb5_gss_internal_release_oid): Now static.
- * util_crypt.c (kg_encrypt_size): Function deleted.
- * gssapiP_krb5.h (struct kg2_option, kg2_parse_token,
- kg2_intersect_ctypes, krb5_gss_internal_release_oid,
- kg_encrypt_size): Declarations deleted.
-
-2002-07-01 Ken Raeburn <raeburn@mit.edu>
-
- * gssapi_krb5.c (gss_mech_krb5_v2, gss_mech_set_krb5_v2,
- gss_mech_set_krb5_v1v2): Delete variables.
- * gssapi_krb5.h (gss_mech_krb5_v2, gss_mech_set_krb5_v2,
- gss_mech_set_krb5_v1v2): Delete declarations.
- * add_cred.c (krb5_gss_add_cred): Delete uses of them.
- * canon_name.c (krb5_gss_canonicalize_name): Ditto.
- * disp_status.c (krb5_gss_display_status): Ditto.
- * indicate_mechs.c (krb5_gss_indicate_mechs): Ditto.
- * inq_cred.c (krb5_gss_inquire_cred_by_mech): Ditto.
- * inq_names.c (krb5_gss_inquire_names_for_mech): Ditto.
- * rel_oid.c (krb5_gss_internal_release_oid): Ditto.
-
- * accept_sec_context.c (rd_and_store_for_creds): Extra parens
- around assignments to quiet gcc.
- (krb5_gss_accept_sec_context): Fix some type mismatches between
- OM_uint32 and krb5_error_code.
- * k5unseal.c (kg_unseal_v1): Move a variable declaration and
- assignment to fix gcc "possibly uninitialized" warning.
- * init_sec_context.c (get_credentials): Delete unused variable.
-
-2002-03-03 Sam Hartman <hartmans@mit.edu>
-
- * accept_sec_context.c (rd_and_store_for_creds): Patch from Steven
- Michaud <smch@midway.uchicago.edu> to accept encrypted or
- unencrypted credentials. This is important because Heimdal (and
- sometimes Microsoft) send encrypted credentials.
-
-2001-11-18 Sam Hartman <hartmans@mit.edu>
-
- * init_sec_context.c (get_credentials): Override
- default_tgs_enctypes rather than looping over credentials. Avoids
- hits on the KDC.
-
-2001-10-30 Ezra Peisach <epeisach@mit.edu>
-
- * k5unseal.c: Fix whitespace in copyright message.
-
- * k5seal.c (make_seal_token_v1): Cleanup code for mic
- tokens. Essentially revert code to Sam's 10/25 code, with one
- correction - allocation of data_ptr - use msglen and not tmsglen.
- Additionally, do not rely on malloc(0) being non-NULL.
-
-2001-10-27 Sam Hartman <hartmans@mit.edu>
-
- * k5seal.c (make_seal_token_v1): Use usage 15 only for mic tokens,
- not for seal tokens without encryption
-
-2001-10-26 Ezra Peisach <epeisach@mit.edu>
-
- * k5seal.c (make_seal_token_v1): Correct errors in code pertaining
- to case when signing message only. Fixes buffer overflows as found
- by gssapi dejagnu testsuite.
-
-2001-10-25 Sam Hartman <hartmans@mit.edu>
-
- * k5unseal.c (kg_unseal_v1): same here.
-
- * k5seal.c (make_seal_token_v1): Factor out usage type we claim
- for signatures so we can do something different for hmac-md5.
- Microsoft uses a different usage number for mic tokens and wrap tokens.
-
- * k5unseal.c (kg_unseal_v1): Add arcfour checksum and decrypt support
-
- * util_seqnum.c (kg_get_seq_num): support arcfour_hmac
-
- * k5unseal.c (kg_unseal_v1): Get the sequence number before
- decrypting the token so we can use it to decrypt arcfour
-
- * gssapiP_krb5.h util_crypt.c: New function kg_arcfour_docrypt
-
- * util_seqnum.c (kg_make_seq_num): Add rc4 support
-
- * k5seal.c (make_seal_token_v1): Simplify logic significantly.
- Don't worry so much about only allocating memory we use; allocate
- a full token all the time and only decide not to copy in data at
- the last moment. This significantly simplifies the control flow,
- giving better testing coverage and allowing better reasoning about
- the code. Add arcfour-hmac support
-
- * util_crypt.c (kg_confounder_size): Special case arcfour to return 8
-
-2001-10-24 Sam Hartman <hartmans@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Support rc4 enctype
-
- * init_sec_context.c (krb5_gss_init_sec_context): Support rc4 enctype
-
- * gssapiP_krb5.h: Remove claim we don't support Microsoft sign alg
-
-2001-10-09 Ken Raeburn <raeburn@mit.edu>
-
- * gssapiP_krb5.h, gssapi_krb5.h, k5mech.c: Make prototypes
- unconditional.
-
-2001-10-05 Ken Raeburn <raeburn@mit.edu>
-
- * accept_sec_context.c, gssapiP_krb5.h, import_sec_context.c,
- krb5_gss_glue.c: Don't explicitly declare pointers FAR any more.
-
- * pname_to_uid.c: Drop _MSDOS support.
-
-2001-10-04 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Ignore
- unrecognized options properly. [krb5-libs/738]
-
-2001-10-03 Ken Raeburn <raeburn@mit.edu>
-
- * copy_ccache.c, get_tkt_flags.c, gssapi_krb5.h, krb5_gss_glue.c,
- set_ccache.c: Don't use GSS_DLLIMP.
-
-2001-10-01 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (rd_and_store_for_creds): Handle error
- returns from krb5_rd_cred more sanely.
-
-2001-07-27 Danilo Almeida <dalmeida@mit.edu>
-
- * gssapi_krb5.h: Unmark gss_mech_krb5 variable as an import.
-
-2001-07-27 Danilo Almeida <dalmeida@mit.edu>
-
- * gssapi_krb5.h: Mark gss_mech_krb5 variable as an import.
-
-2001-07-25 Ezra Peisach <epeisach@mit.edu>
-
- * import_sec_context.c (krb5_gss_import_sec_context): Get rid of
- variable set but never used.
- * ser_sctx.c (kg_queue_internalize): Ditto
-
-2001-07-04 Ezra Peisach <epeisach@mit.edu>
-
- * ser_sctx.c: Declare kg_oid_size and kg_queue_size static.
-
-2001-06-21 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Do not
- shadow local variable ptr.
-
-2001-06-22 Danilo Almeida <dalmeida@mit.edu>
-
- * util_crypt.c (kg_encrypt, kg_decrypt): Use free() instead of
- krb5_free_data_contents().
-
- * util_cksum.c (kg_checksum_channel_bindings): Make sure that
- returned memory is allocated with xmalloc() so that caller can use
- xfree() on it.
-
- * k5unseal.c (kg_unseal_v1): Use krb5_free_data_contents()
- instead of xfree().
-
- * k5seal.c (make_seal_token_v1): Use krb5_free_data_contents()
- instead of xfree().
-
- * init_sec_context.c (make_ap_req_v1): Use xfree() instead of
- free() to be consistent with xmalloc() usage. Use
- krb5_free_data_contents() instead of xfree().
-
- * disp_name.c (krb5_gss_display_name): Use
- krb5_free_unparsed_name() instead of xfree().
-
- * add_cred.c (krb5_gss_add_cred): Use xfree() instead of free() to
- be consistent with xmalloc() usage.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Remove
- variables that were effectively unused. Use
- krb5_free_data_contents() instead of xfree() where appropriate.
-
-2001-06-20 Ezra Peisach <epeisach@mit.edu>
-
- * acquire_cred.c (acquire_init_cred): Include "k5-int.h" for
- krb5int-cc_default() prototype.
-
-2001-06-18 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c acquire_cred.c import_sec_context.c
- init_sec_context.c inq_cred.c: Cast const gss_OID to gss_OID for
- gssapi functions which are not speced with const in the RFC.
-
-2001-06-07 Ezra Peisach <epeisach@mit.edu>
-
- * ser_sctx.c (kg_oid_internalize): Do away with local variable
- that was set but never used.
-
-2001-06-04 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Cleanup
- assignments in conditionals.
- * k5seal.c (make_seal_token_v1): Likewise.
-
-2001-05-14 Ezra Peisach <epeisach@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Get rid of unused
- variable.
-
- * util_ctxsetup.c (kg2_parse_token): Fix erroneous assignment in
- conditional. (code not used in current tree).
-
- * util_seed.c, util_seqnum.c, util_crypt.c, util_cksum.c: Cleanup
- up assignments in conditionals.
-
- * ser_sctx.c (kg_queue_internalize): Get rid of unused variable.
-
- * gssapiP_krb5.h: Renable prototype for krb5_gss_release_oid() as
- code is back (since 1996).
-
- * k5unseal.c (kg_unseal_v1): Declare internal function static.
-
- * init_sec_context.c (make_ap_req_v2): Comment out non-referenced
- function.
-
- * gssapi_krb5.c: Include k5-int.h for krb5_ser_* prototypes.
-
-2001-04-24 Ezra Peisach <epeisach@mit.edu>
-
- * util_crypt.c (kg_make_confounder): Change variable random to
- lrandom to prevent shadowing of global function.
-
-2000-12-07 Ken Raeburn <raeburn@mit.edu>
-
- * k5seal.c (make_seal_token_v1): Use ANSI-style definition,
- instead of K&R plus prototype. Don't use too-big numbers even as
- placeholders.
-
- * accept_sec_context.c (rd_and_store_for_creds): After creating an
- auth context, set flags to require sequence numbers.
- (krb5_gss_accept_sec_context): Likewise.
- * init_sec_context.c (krb5_gss_init_sec_context): Likewise.
-
-2000-10-04 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): If an error
- occurs after the auth_context is established, but before the
- krb5_gss_ctx_id_rec is established, release our pointer to the
- replay cache and invoke krb5_auth_con_free(). (krb5-libs/855)
-
-2000-10-03 Ezra Peisach <epeisach@mit.edu>
-
- * add_cred.c (krb5_gss_add_cred): krb5_cc_get_type() and
- krb5_cc_get_name() return const char *. Cleanup assigments in
- conditionals warnings.
-
-Fri Sep 22 12:05:31 2000 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): When
- GCC_S_NO_CHANNEL_BINDINGS is set by the server, skip over the
- bindings sent from the client. RFC-1964 indicates that the
- client's channel bindings are always sent in checksum field and
- need to be accounted for, evn if the server does not care.
-
-2000-09-01 Jeffrey Altman <jaltman@columbia.edu>
-
- * accept_sec_context.c: krb5_gss_accept_sec_context()
- It has been determined by Martin Rex that Windows 2000 is incapable
- of supporting channel bindings. This caused us to examine the
- various RFCs affecting FTP GSSAPI to determine whether or not
- channel bindings were a MUST for implementation of the FTP GSSAPI
- protocol. It was determined that the channel binding facility as
- described in RFC2743 is optional. Therefore, we cannot assume
- that all clients or servers will support it. The code was updated
- to allow GSS_C_NO_CHANNEL_BINDINGS when specified by either the
- client or server to indicate that channel bindings will not be
- used.
-
-2000-06-27 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c (get_credentials): Add initial iteration of
- krb5_get_credentials in order to differentiate between an actual
- missing credential and merely a bad match based on enctype. This
- was causing problems with kadmin.
-
-2000-06-09 Tom Yu <tlyu@mit.edu>
- Ken Raeburn <raeburn@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Remove
- explicit check of mech OID against credential.
-
- * util_crypt.c (kg_encrypt): Copy ivec, since c_encrypt() now
- updates ivecs.
- (kg_decrypt): Copy ivec, since c_decrypt() now updates ivecs.
-
- * init_sec_context.c (get_credentials): Don't check each enctype
- against a list from the krb5 library; instead, just try to use it,
- and go on to the next if the error code indicates we can't use it.
-
- * gssapiP_krb5.h (enum qop): New type, derived from spec but
- currently not used.
- * util_crypt.c (kg_encrypt, kg_decrypt): Added key derivation
- usage value as an argument. Prototypes and callers updated; all
- callers use KG_USAGE_SEAL, except KG_USAGE_SEQ when encrypting
- sequence numbers.
- * 3des.txt: New file.
-
- * gssapiP_krb5.h (struct _krb5_gss_ctx_id_rec): Delete field
- gsskrb5_version.
- (struct _krb5_gss_cred_id_rec): Delete field rfcv2_mech.
- * accept_sec_context.c, acquire_cred.c, add_cred.c, inq_cred.c,
- k5seal.c, k5unseal.c, ser_ctx.c:
- Delete krb5-mech2 support.
-
- * init_sec_context.c (get_credentials): Enctype argument is now a
- pointer to a list of enctypes. Explicitly try each in order until
- success or an error other than cryptosystem not being supported.
- (krb5_gss_init_sec_context): Pass list of cryptosystems, starting
- with 3DES.
-
- * gssapiP_krb5.h (enum sgn_alg, enum seal_alg): New types,
- giving symbolic names for values from RFC 1964, a Microsoft win2k
- I-D, and our proposed 3des-sha1 values.
- (KG_USAGE_SEAL, KG_USAGE_SIGN, KG_USAGE_SEQ): New macros.
-
- * accept_sec_context.c (rd_req_keyproc): Already-disabled routine
- deleted.
- (krb5_gss_accept_sec_context): Use sgn_alg and seal_alg symbolic
- names. Add a case for des3-hmac-sha1.
- * k5seal.c (make_seal_token_v1): Likewise. Do key derivation for
- checksums.
- * k5unseal.c (kg_unseal_v1): Likewise.
- * util_crypt.c (kg_encrypt, kg_decrypt): Do key derivation for
- encryption.
-
- * util_crypt.c (zeros): Unused variable deleted.
-
- * wrap_size_limit.c: Remove mech2 support. Add MIT copyright.
-
-2000-06-09 Nalin Dahyabhai <nalin@redhat.com>
-
- * add_cred.c (krb5_gss_add_cred): Don't overflow buffers "ktboth"
- or "ccboth".
-
-2000-05-31 Wilfredo Sanchez <tritan@mit.edu>
-
- * accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c,
- k5unseal.c, util_cksum.c, util_crypt.c, util_seed.c: Check for
- existance of <memory.h>.
- [from Nathan Neulinger <nneul@umr.edu>]
-
-2000-5-19 Alexandra Ellwood <lxs@mit.edu>
-
- * acquire_cred.c: Changed to use krb5int_cc_default. This function
- supports the Kerberos Login Library and pops up a dialog if the cache does
- not contain valid tickets. This is used to automatically get a tgt before
- obtaining service tickets. Note that this should be an internal function
- because callers don't expect krb5_cc_default to pop up a dialog!
- (We found this out the hard way :-)
-
-2000-04-08 Tom Yu <tlyu@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix up
- wrap_size_limit() to deal with integrity wrap tokens properly.
- The rfc1964 mech always pads and confounds regardless of whether
- confidentiality is requested.
-
-2000-01-27 Ken Raeburn <raeburn@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Default to
- des-cbc-crc.
-
-1999-10-26 Ken Raeburn <raeburn@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Get rid of
- unused variables 'err' and 'enctype'.
-
- * k5seal.c (make_integ_token_v2): Set 'code' when malloc fails.
-
-1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
-
- * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
- LOCAL_INCLUDES such that one can override CFLAGS from the command
- line without losing CPP search patchs and defines. Some associated
- Makefile cleanup.
-
-Wed May 19 13:21:55 1999 Danilo Almeida <dalmeida@mit.edu>
-
- * Makefile.in: Improve rule to create gssapi include dir under
- windows.
-
-Wed May 19 11:40:52 1999 Danilo Almeida <dalmeida@mit.edu>
-
- * Makefile.in: Add windows build rules for putting header files in
- include dir.
-
-Mon May 10 15:22:27 1999 Danilo Almeida <dalmeida@mit.edu>
-
- * Makefile.in: Do win32 build in subdir.
-
-Fri Apr 30 12:27:14 1999 Theodore Y. Ts'o <tytso@mit.edu>
-
- * set_ccache.c (gss_krb5_ccache_name): Add call to free the
- default credential changing the ccache name.
-
-Thu Apr 29 18:02:00 1999 Miro Jurisic <meeroh@mit.edu>
-
- * gssapi_krb5.h: Remove gssapi_generic.h includes because
- this header file is public interface and gssapi_generic.h
- isn't and shouldn't be included by clients.
-
-Fri Apr 23 00:31:17 1999 Theodore Y. Ts'o <tytso@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix wrap_size
- limit so that it correctly calculates its results, and
- underestimates the correct size instead of overestimating
- it, and not returning zero all the time. (Which it used
- to do after the March 25 fix.)
-
-Sat Apr 17 01:23:57 1999 Theodore Y. Ts'o <tytso@mit.edu>
-
- * gssapi_krb5.h, copy_ccache.c, get_tkt_flags.c, set_ccache.c:
- Make the krb5 extension functions exportable in a Windows
- DLL.
-
-Fri Mar 26 22:17:20 1999 Theodore Y. Ts'o <tytso@mit.edu>
-
- * acquire_cred.c (krb5_gss_acquire_cred): Don't use strcmp to
- compare against principal components (they aren't null
- terminated!)
-
-Thu Mar 25 22:43:54 1999 Theodore Y. Ts'o <tytso@mit.edu>
-
- * gssapi_krb5.c: Rearrange OID's so that the V1V2 mechanism set
- returns all three mechanism ID's recognized by this
- implementation, with the RFC1964 OID first (and thus
- preferred).
-
- * import_sec_context.c (krb5_gss_convert_static_mech_oid): Make
- the old convert_static_oid() function globally accessible
- with a namespace compliant name, since init_sec_context()
- needs to be able to use this function.
-
- * indicate_mechs.c (krb5_gss_indicate_mechs): Return the v1v2
- mechanism set OID, since we should return all the
- mechanisms that we support.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Make
- ctx->mech_used use a static OID, since it is returned by
- gss_inquire_context which must return a static OID.
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where we
- would overestimate the size of the allowable input message
- by one byte, because we weren't passing the right estimate
- of the wrapped data to g_token_size().
-
-1999-03-14 Miro Jurisic <meeroh@mit.edu>
-
- * gssapi_krb5.h: added extern "C" for C++ friendliness
-
-1999-03-14 Miro Jurisic <meeroh@mit.edu>
-
- * set_ccache.c (gss_krb5_ccache_name): Now compiles
-
-1999-03-11 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * set_ccache.c (gss_krb5_ccache_name): Added new Krb5 specific
- interface to set the default credentials cache name.
-
-1999-02-19 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in (DLL_FILE_DEF): Tell the Makefile template that we
- are building object files for the GSSAPI DLL.
-
- * krb5_gss_glue.c: Change use of KRB5_DLLIMP to be GSS_DLLIMP.
-
-Mon Dec 21 19:50:04 1998 Theodore Y. Ts'o <tytso@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Eliminate
- double free of ap_req.data, and initialize ctypes to be
- NULL to avoid freeing a pointer to stack garbage when
- doing a V1 mechanism accept_sec_contxt.
-
- * init_sec_context.c: Re-arrange program logic to simplify and
- factor out code; fix gss_init_sec_context() so that if the
- default OID is passed to the init_sec_context, it will use
- the V1 mechanism if a single DES enctype is used. Error
- handling was revamped to make it simpler and cleaner, and
- to assure that we don't have memory leaks on error returns.
-
-1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Set the myfulldir and mydir variables (which are
- relative to buildtop and thisconfigdir, respectively.)
-
-Fri Nov 6 09:19:23 1998 Ezra Peisach <epeisach@mit.edu>
-
- * k5unseal.c (kg2_unwrap_integ): Handle case of malloc(0)
- returning NULL.
-
-1998-10-27 Marc Horowitz <marc@mit.edu>
-
- * Makefile.in, accept_sec_context.c, acquire_cred.c, canon_name.c,
- delete_sec_context.c, disp_status.c, gssapiP_krb5.h,
- gssapi_err_krb5.et, gssapi_krb5.c, gssapi_krb5.h,
- init_sec_context.c, inq_cred.c, inq_names.c, k5seal.c, k5unseal.c,
- rel_oid.c, ser_sctx.c, util_cksum.c, util_crypt.c, util_seed.c,
- util_seqnum.c, wrap_size_limit.c: convert to new crypto api.
- Implement new krb5 v2 gssapi mechanism.
-
- * add_cred.c, util_ctxsetup.c: New files needed to implement the
- krb5 v2 mech.
-
-Mon Sep 21 00:32:28 1998 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Free authdat
- even on success to avoid a memory leak.
-
- * util_cksum.c (kg_checksum_channel_bindings): Fix memory leak by
- not allocating cksum->contents unless we have to return a
- zero-filled one.
-
- * k5unseal.c (kg_unseal_v1): Fix memorly leak by not allocating
- md5cksum.contents.
-
- * k5seal.c (make_seal_token_v1): Fix memory leak by not allocating
- md5cksum.contents.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Only free
- ap_req.data if it was allocated by kg2_parse_token(), otherwise we
- lose very badly trying to free the middle of a potentially
- malloc()'ed block, possibly coredumping.
-
-Thu Sep 3 19:35:44 1998 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Fix typo;
- bash the enctype in ctx->subkey->enctype rather than just
- "enctype", which nothing checks.
-
-Fri Jul 24 21:13:53 1998 Tom Yu <tlyu@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix to round down
- by 8 even if the req_output_size-ohlen is a multiple of 8, since
- the wrap token is always padded regardless of whether it's a
- mutiple of 8 bytes.
-
-1998-06-08 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * k5unseal.c (kg_unseal): Clean up lint warnings.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Don't return
- an error token if we can't provide the server name to the
- KRB5 error structure (because cred isn't initialized).
-
- * gssapi_krb5.c, gssapi_krb5.h: Export the oid of static
- arrays as krb5_gss_oid_array since it's needed by
- gss_import_sec_context.
-
- * import_sec_context.c: Fix up the OID of the mechanism in the
- imported security context so that we use the static
- OID if at all possible. This is needed since
- gss_inquire_context() must return a static OID.
-
-Sun May 24 21:57:03 1998 Theodore Y. Ts'o <tytso@mit.edu>
-
- * import_name.c (krb5_gss_import_name): Fix typo which caused
- import_name to incorrectly import names produced by
- gss_export_name().
-
-1998-05-24 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * copy_ccache.c (gss_krb5_copy_ccache): Fix bugs in copy_ccache.c,
- which never compiled cleanly (since it wasn't added to the
- Makefile correctly originally).
-
- * k5seal.c (make_seal_token): Clean up -Wall flames
-
-1998-05-18 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * inq_cred.c (krb5_gss_inquire_cred):
- * inq_context.c (krb5_gss_inquire_context):
- * import_name.c (krb5_gss_import_name):
- * export_name.c (krb5_gss_export_name):
- * disp_name.c (krb5_gss_display_name):
- * context_time.c (krb5_gss_context_time):
- * acquire_cred.c (krb5_gss_acquire_cred): Clean up -Wall flames.
-
- * indicate_mechs.c (krb5_gss_indicate_mechs): Return a dynamic OID
- set.
-
-Fri Feb 27 18:41:08 1998 Theodore Y. Ts'o <tytso@mit.edu>
-
- * export_name.c (krb5_gss_export_name): Fix bug in
- gss_export_name. The 2nd length field in the ASN.1 was 2
- bytes bigger than it should have been.
-
-Wed Feb 18 16:12:14 1998 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
- BUILDTOP for new conventions.
-
-Fri Feb 13 13:23:18 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Don't
- restrict mechanisms when accepting contexts. (Allow
- either pre-RFC or RFC-based mechanisms)
-
-Thu Feb 12 16:38:14 1998 Tom Yu <tlyu@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Add lots of
- explicit assignments to major_status to ensure that we actually
- return an error when we mean to. This was previously preventing
- gssrpc authentication with the old ovsec_kadm interface from
- working because the gssrpc server side functions were failing to
- loop over a set of supplied credentials.
-
- * init_sec_context.c: KLUDGE!! Add global variable
- krb5_gss_dbg_client_expcreds to allow the client library to send
- expired credentials for testing and debugging purposes.
-
-Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
-
-Wed Jan 28 16:57:05 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * configure.in, Makefile.in: Remove use of CopySrcHeader from
- configure.in and move functionality to Makefile.in
-
-Thu Feb 5 22:39:44 1998 Theodore Y. Ts'o <tytso@mit.edu>
-
- * wrap_size_limit.c (krb5_gss_wrap_size_limit): Fix bug where if
- the output header size is greater than the maximum
- requested output size, return 0 rather than a very large
- unsigned number. :-)
-
-Fri Jan 30 23:07:40 1998 Tom Yu <tlyu@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Actually
- initialize now before calling make_ap_req.
-
-Thu Jan 29 20:08:02 1998 Dan Winship <danw@mit.edu>
-
- * accept_sec_context.c (rd_and_store_for_creds): Don't mess with
- krb5_cc_default--use a new mem-based ccache.
-
- * Makefile.in:
- * gssapi_krb5.h:
- * copy_ccache.c (gss_krb5_copy_ccache): Routine to copy a
- gss_cred_id_t (such as a forwarded creds) into an existing
- krb5_ccache.
-
-Fri Jun 27 08:37:11 1997 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Will now
- obtain default credentials if no credentials are given.
-
-Wed Dec 3 02:16:18 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * init_sec_context.c (make_ap_req): Enforce a stricter requirement
- on the ticket expiration time of the credentials, since
- accept_sec_context doesn't use the timeskew fudge for
- checking ticket expirations.
- (krb5_gss_init_sec_context): Return GSS_S_NO_CRED when
- appropriate.
-
-Wed Jan 21 19:14:09 1998 Tom Yu <tlyu@mit.edu>
-
- * gssapiP_krb5.h: Add rcache member to the creds
- structure. [krb5-libs/370]
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Actually set
- an rcache in auth context from the one saved in the creds
- structure. [krb5-libs/370]
-
- * acquire_cred.c (acquire_accept_cred): Set up an rcache for use
- later. [krb5-libs/370]
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): Don't delete
- the rcache when freeing the auth_context. [krb5-libs/370]
-
- * rel_cred.c (krb5_gss_release_cred): Properly close the
- rcache. [krb5-libs/370]
-
-Mon Dec 29 10:30:43 1997 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * Makefile.in (OBJS): Changed val_cred.$(OBJECT) to
- val_cred.$(OBJEXT) for windows building.
-
-Sun Dec 7 10:42:32 1997 Ezra Peisach <epeisach@mit.edu>
-
- * val_cred.c (krb5_gss_validate_cred): Free principal extracted
- from credential cache when finished.
-
-Sat Nov 15 20:14:05 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context),
- init_sec_context.c (krb5_gss_init_sec_context),
- inq_cred.c (krb5_gss_inquire_cred): Call krb5_gss_validate_cred
- to make sure the credential handle is still valid.
-
- * val_cred.c (krb5_gss_validate_cred): New file which validates
- the credential to make sure it is valid, including
- checking to make sure the credentials cache still points
- at the same krb5 principal as it did before.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Return
- GSS_S_FAILURE if a non-NULL context handle is passed to
- it.
-
-Thu Sep 18 17:55:09 1997 Tom Yu <tlyu@mit.edu>
-
- * acquire_cred.c: Replace USE_STRING_H with something more sane.
-
- * import_name.c: Replace USE_STRING_H with something more sane.
-
-Tue Jul 29 22:56:04 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * inq_names.c (krb5_gss_inquire_names_for_mech): Add the
- the new OID value for the host-based service name and
- the exported name OID to the list of OID's supported by
- this mechanism.
-
- * import_name.c (krb5_gss_import_name): Add support for the new
- OID value for the host-based service name.
-
-Mon Jul 21 20:32:14 1997 Ezra Peisach <epeisach@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Initialize
- ctx before referenced in failure cases.
-
-Tue Jul 15 22:05:21 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Always copy the
- mechtype so that delete_sec_context() can safely release
- the OID without smashing memory passed in by the application.
-
-Mon Jun 30 14:05:51 1997 Kevin L Mitchell <klmitch@mit.edu>
-
- * accept_sec_context.c: added code to return a valid delegated
- credential handle if credentials were delegated. The
- GSS_C_DELEG_FLAG from the client is ignored, and the
- option is only set if the client actually delegated
- credentials.
-
-Fri Jun 6 15:26:27 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Reorganized
- error handling code to be more compact (and correct!). If
- an error occurs while we are doing mutual authentication,
- send an KRB_ERROR message back to the client, so that it
- knows what is going on. (This is specified by RFC 1964;
- we just weren't implementing this previously.)
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): Check to
- make sure pointers in the context are non-zero before
- freeing them.
-
- * init_sec_context.c (krb5_gss_init_sec_context): If the server
- sends a KRB_ERROR message, decode it and return an
- appropriate minor status error code.
-
-Mon Mar 31 21:22:19 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * krb5_gss_glue.c: Add GSSAPI V2 calls to the glue layer.
-
-Fri Mar 28 03:52:14 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * import_name.c (krb5_gss_import_name): Add support for importing
- the exported name call
-
- * export_name.c (krb5_gss_export_name): Fix export_name emit the token
- exactly as specified by RFC 2078.
-
-Thu Mar 27 15:52:04 1997 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Add canon_name.c, duplicate_name.c, export_name.c
- to the GSSAPI library.
-
- * canon_name.c (krb5_gss_canonicalize_name): New GSSAPI V2 function
-
- * duplicate_name.c (krb5_gss_duplicate_name): New GSSAPI V2 function
-
- * export_name.c (krb5_gss_export_name): New GSSAPI V2 function
-
- * gssapiP_krb5.h (KG_IMPLFLAGS): Add support for
- GSS_C_PROT_STATE_READY and GSS_C_TRANS_FLAG
-
-Tue Mar 25 01:00:55 1997 Theodore Y. Ts'o <tytso@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): A zero-length
- token should be treated like a GSS_C_NO_BUFFER during the
- initial context establishment. [krb5-libs/352]
-
-Sat Feb 22 18:59:42 1997 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Use some of the new library list build rules in
- win-post.in
-
-Wed Feb 5 20:27:50 1997 Richard Basch <basch@lehman.com>
-
- * util_crypt.c: Include k5-int.h as we need to dereference
- the _cryptosystem_entry element of the krb5_encrypt_block.
-
- * acquire_cred.c (acquire_accept_cred): Removed unused local variable
-
-Tue Feb 4 15:56:01 1997 Richard Basch <basch@lehman.com>
-
- * Makefile.in: Only override the object build of the error table
- under Unix
-
-Tue Jan 14 20:20:10 1997 Tom Yu <tlyu@mit.edu>
-
- * Makefile.in:
- * configure.in: Update to new library build procedure.
-
-Wed Dec 4 13:06:13 1996 Barry Jaspan <bjaspan@mit.edu>
-
- * acquire_cred.c (acquire_accept_cred): use krb5_kt_get_entry
- instead of scanning through keytab to find matching principal
- [krb5-libs/210]
-
-Thu Nov 21 11:55:16 EST 1996 Richard Basch <basch@lehman.com>
-
- * Makefile.in: win32 build
-
- * gssapiP_krb5.h krb5_gss_glue.c:
- DLL export all public GSSAPI interfaces; adjusted some other
- declarations accordingly (KRB5_CALLCONV, FAR keywords added)
-
-Wed Nov 20 19:55:29 1996 Marc Horowitz <marc@cygnus.com>
-
- * init_sec_context.c (make_ap_rep, krb5_gss_init_sec_context),
- accept_sec_context.c (krb5_gss_accept_sec_context): fix up use of
- gss flags. under some circumstances, the context would not have
- checked for replay or sequencing, even if those features were
- requested.
-
- * init_sec_context.c (make_ap_req), (krb5_gss_init_sec_context):
- If delegation is requested, but forwarding the credentials fails,
- instead of aborting the context setup, just don't forward
- credentials.
-
- * gssapiP_krb5.h (krb5_gss_ctx_id_t), ser_sctx.c
- (kg_ctx_externalize, kg_ctx_internalize), init_sec_context.c
- (krb5_gss_init_sec_context), get_tkt_flags.c
- (gss_krb5_get_tkt_flags), accept_sec_context.c
- (krb5_gss_accept_sec_context): rename ctx->flags to
- ctx->krb_flags, to disambiguate it from ctx->gss_flags
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): If the subkey
- isn't present in the authenticator, then use the session key
- instead.
-
-Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * ser_sctx.c (kg_oid_externalize, kg_oid_internalize,
- kg_oid_size): Add a GSSAPI OID magic number to the
- externalized OID, so that if the OID is skipped, (it is
- optional), the serialization code can resyncronize if
- necessary.
- (kg_queue_internalize, kg_queue_externalize,
- kg_queue_size): New functions to externalize the gssapi
- queue.
- (kg_ctx_size, kg_ctx_exteranlize, kg_ctx_import): Changed
- to include the mech_used field and to include the auth
- context.
-
- * gssapi_krb5.c (kg_get_context): Add calls to correctly
- initialize the serializers needed by import and export sec
- context.
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): Remember to
- release the mech_used OID if necessary!
-
-Wed Oct 16 17:53:17 1996 Marc Horowitz <marc@mit.edu>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): return an
- error if the ticket endtime is in the past. also, cleaned up
- some error cleanup code.
-
-Thu Oct 10 13:50:49 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * acquire_cred.c (krb5_gss_acquire_cred): Don't let the "timeleft"
- returned by krb5_gss_acquire_cred be negative!
-
-Wed Oct 9 18:02:43 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * gssapi_krb5.c: Definition of gss_nt_krb5_name was incorrect;
- someone was being a bonehead.
-
-Wed Aug 28 17:45:55 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * util_cksum.c (kg_checksum_channel_bindings): Fix stupid bug;
- don't free buf before it's allocated!
-
-Thu Aug 15 20:52:37 1996 Sam Hartman <hartmans@tertius.mit.edu>
-
- * init_sec_context.c (make_ap_req): Require des-cbc-crc for now;
- DES3 support is broken.
-
-Fri Aug 2 13:40:16 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * acquire_cred.c (krb5_gss_acquire_cred): Add const to local
- variable which is pointing to const data.
-
-Fri Jul 26 16:58:31 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
-
- * Makefile.in (OBJS): Remove trailing backslash on a comment; it
- was keeping HDRS from getting set.
-
-Fri Jul 26 00:40:43 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * configure.in: Add AC_PROG_INSTALL, since it's needed for a "make
- install"
-
-Thu Jul 25 20:21:33 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
-
- * Makefile.in: remove trailing backslash from comment under SRCS
- because it was causing line that set OBJS variable to
- become part of a comment
-
-Thu Jul 25 02:08:17 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Fixed error
- checking so that if you pass a bad mechanism type, it
- *will* get flagged as an error.
-
-Wed Jul 24 22:54:37 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * acquire_cred.c (krb5_gss_acquire_cred): Initialize variable
- before use if GSS_C_NULL_OID_SET.
-
-Wed Jul 24 19:40:55 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * rel_oid.c (krb5_gss_release_oid):
- * krb5_gss_glue.c(gss_release_oid): Re-enable function
-
- * ser_sctx.c (kg_oid_externalize): Add proper return code
-
- * accept_sec_context.c (krb5_gss_accept_sec_context):
- * init_sec_context.c (krb5_gss_init_sec_context): Test (gss_flags &
- XXXX) against 0 so that we pass a int value to
- g_order_init. Needed since int is 16 bits for Win16 build.
-
-Tue Jul 23 22:35:53 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * Makefile.in (all-windows): Fix broken Windows commands to copy
- gssapi_krb5.h to include/gssapi.
-
- * gssapiP_krb5.h: Must include k5-int.h on Windows and Macintosh
- builds.
-
-Thu Jul 18 19:48:48 1996 Marc Horowitz <marc@mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context),
- accept_sec_context.c (krb5_gss_accept_sec_context): ifdef'd out
- reference to 3des.
-
-Fri Jul 5 15:27:29 1996 Marc Horowitz <marc@mit.edu>
-
- * gssapi_krb5.h: Add declarations for _old mech set, and _both
- mech set
-
-Thu Jun 20 23:15:57 1996 Marc Horowitz <marc@mit.edu>
-
- * ser_sctx.c (kg_oid_size, kg_ctx_size): pull the oid-related code
- out of kg_ctx_size into kg_oid_size.
-
- * k5unseal.c (kg_unseal), k5seal.c (make_seal_token): == cannot be
- used to compare oid's. The g_OID_equal macro must be used.
-
- * init_sec_context.c (make_ap_req, krb5_gss_init_sec_context): -
- gss_init_sec_context should use the mech set in the credential.
- If the default mech is requested, but the old mech oid was
- explicitly passed to gss_acquire_cred, then the context should be
- the old mech, otherwise, the new mech. If a mech was requested
- explicitly, then the code should insure that the credential is
- compatible.
-
- * acquire_cred.c (krb5_gss_acquire_cred), gssapiP_krb5.h (struct
- _krb5_gss_cred_it_rec), gssapi_krb5.c (gss_mech_set_krb5*),
- inq_cred.c (krb5_gss_inquire_cred): gss_acquire_cred needs to be
- able to deal with both mech oid's. It should return in
- actual_mechs the intersection of the set passed in and the
- {old,new} mechs, or if the default was requested, it should return
- both mech oid's. This state should be stored in the credential
- handle, and regurgitated by gss_inquire_cred.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): make sure
- that the oid in the token is compatible with the mechanisms
- specified by the credential.
-
-Thu Jun 13 22:11:30 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
-
- * configure.in: remove ref to ET_RULES
-
-Wed Jun 12 00:48:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Update special rule for gssapi_err_krb5.obj so that
- it uses the right Win-32 library command.
-
- * pname_to_uid.c: Add #ifdef _WIN32 in places where we had #ifdef
- _MSDOS
-
-Fri Jun 7 14:52:56 1996 Kevin L Mitchell <klmitch@mit.edu>
-
- * accept_sec_context.c, init_sec_context.c, inq_context.c,
- gssapiP_krb5.h: changed `mutual' element of struct
- _krb5_gss_ctx_id_rec into more general `gss_flags' and
- updated functions that process it
-
-Tue May 14 19:09:49 1996 Richard Basch <basch@lehman.com>
-
- * k5seal.c k5unseal.c util_cksum.c:
- setup krb5_checksum "contents" and "length" field prior to
- calling krb5_calculate_checksum().
-
-Tue May 14 04:42:11 1996 Theodore Y. Ts'o <tytso@mit.edu>
-
- * init_sec_context.c (make_ap_req): Change call to
- krb5_auth_con_setcksumtype to use
- krb5_auth_con_set_req_cksumtype by default instead.
-
-Sun May 12 00:54:35 1996 Marc Horowitz <marc@mit.edu>
-
- * util_crypt.c (kg_encrypt): It used to be that krb5_encrypt could
- be used to encrypt in place. That's broken now. This would need
- to be fixed in several places in the crypto layer, and it's not
- clear what the right thing is, so it's worked around here in the
- interests of portability and reliablility, at the expense of a
- malloc/memcpy/free.
-
- * Makefile.in, configure.in: gssapi_krb5.h should be installed
- inside the tree. This is really only half the work, as it should
- be installed outside of the tree, too.
-
-Sat Apr 20 00:02:51 1996 Marc Horowitz <marc@mit.edu>
-
- * accept_sec_context.c, export_sec_context.c, gssapiP_krb5.h,
- import_sec_context.c, init_sec_context.c, k5seal.c, k5unseal.c,
- ser_sctx.c, wrap_size_limit.c: Implemented triple-des changes
- based on Richard's patches.
-
-Wed Apr 17 21:08:59 1996 Marc Horowitz <marc@mit.edu>
-
- * accept_sec_context.c (krb5_gss_set_backward_mode): removed
-
- * krb5_gss_glue.c, wrap_size_limit.c: added
-
- * import_sec_context.c: intern the newly created context id so
- that the validation functions will accept it.
-
- * Makefile.in (CFLAGS): Don't need md5 header files anymore.
- (OBJS, SRCS): Change the list of files to build.
-
- * export_sec_context.c, import_sec_context.c, gssapiP_krb5.h,
- ser_sctx.c: don't use the serialization abstraction, since it
- doesn't add anything, and is internal to kerberos. Instead, make
- the {de,}serialization functions internal gssapi functions, and
- call those directly.
-
- * accept_sec_context.c, acquire_cred.c, context_time.c,
- delete_sec_context.c, disp_name.c, disp_status.c,
- export_sec_context.c, gssapi_krb5.c (kg_get_context),
- import_name.c, import_sec_context.c, indicate_mechs.c,
- init_sec_context.c, inq_context.c, inq_cred.c, inq_names.c,
- process_context_token.c, rel_cred.c, rel_name.c, seal.c, sign.c,
- unseal.c, verify.c:
- Don't pass in the context from the caller. Instead, call
- kg_get_context() to find out the kerberos library context. Also,
- random minor compile-time fixes.
-
- * accept_sec_context.c, gssapi_krb5.c (kg_get_defcred),
- gssapiP_krb5.h, init_sec_context.c, k5seal.c, k5unseal.c,
- util_cksum.c (kg_checksum_channel_bindings), util_seqnum.c
- (kg_make_seq_num, kg_get_seq_num), util_seed.c (kg_make_seed),
- util_crypt.c (kg_encrypt, kg_decrypt):
- pass the context to the kg_* functions which need it instead of
- determining it directly.
-
-Fri Apr 12 21:47:46 1996 Richard Basch <basch@lehman.com>
-
- * k5seal.c k5unseal.c:
- Renamed MD5 routines to be preceded with krb5_
-
-Thu Apr 11 18:53:09 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * acquire_cred.c (acquire_init_cred): Return GSS_S_CRED_UNAVAIL on
- if krb5_cc_set_flags() returns an error, since that's the
- call that will return an error if the credentials files
- doesn't exist.
-
-Wed Apr 3 16:10:24 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * init_sec_context.c (krb5_gss_init_sec_context): If make_ap_req()
- returns KRB5APP_TKT_EXPIRED, then return
- GSS_S_CREDENTIALS_EXPIRED as the major return code.
-
-Tue Apr 2 15:20:24 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * Makefile.in (SRCS): Inlined list of source files for SRCS and
- OBJS (for Macintosh build).
-
- * k5mech.c: Added Macintosh #ifdef so that the #include path is
- right for the Macintosh.
-
-Wed Mar 20 20:25:53 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * rel_oid.c (krb5_gss_release_oid): Don't compile this procedure,
- since it's not used. The mechanism glue layer uses the
- krb5_gss_internal_relase_oid() function.
-
- * pname_to_uid.c: Comment out #ident line. This causes the
- Macintosh C compiler indigestion. Remove #include of
- gssapi/gssapi.h, since that gets included by
- gssapiP_generic.h.
-
-Fri Mar 8 21:36:29 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * util_cksum.c (kg_checksum_channel_bindings): Change sizeof(long)
- to sizeof(krb5_int32).
-
-Sat Mar 2 02:22:30 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * k5mech.c (krb5_gss_get_context): Initialize the serializers
- here, instead of in export and import security context.
- This will speed things up a little.
-
- * export_sec_context.c (krb5_gss_export_sec_context):
- * import_sec_context.c (krb5_gss_import_sec_context): Don't create
- a serialization context just for importing/exporting
- credentials. Use the passed-in gssapi context. This
- speeds things up significantly. Assume the serializers
- are initialized in krb5_gss_get_context.
-
-Tue Feb 27 17:53:22 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Remove dead
- code which used geteuid().
-
- * Makefile.in (gssapi_err_krb5.$(OBJEXT)): Add Windows production
- to add file to library.
-
- * pname_to_uid.c: Don't try to compile pname_to_uid.c for MS-DOS
- or Macintosh.
-
-Mon Feb 26 18:08:57 1996 Sam Hartman <hartmans@tertius.mit.edu>
-
- * k5mech.c : do not declare kg_context static as it is declared in
- another file, and declared extern in a header.
-
-Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * k5mech.c (krb5_gss_initialize): No longer need to call
- name-type/mechanism registration function. This is now
- done for us by the generic intialization function.
- Add support for new V2 call gss_wrap_size_limit.
-
-Sat Feb 24 11:45:05 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * import_sec_context.c (krb5_gss_import_sec_context): Do not
- shadow parameter ctx.
-
- * inq_context.c (krb5_gss_inquire_context): Do not shadow
- parameter ctx.
-
- * rel_oid.c (krb5_gss_internal_release_oid): Change to match prototype.
-
- * process_context_token.c (krb5_gss_process_context_token): Change
- to match prototype.
-
-Sat Feb 24 00:06:37 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * gssapiP_krb5.h: Changed most krb5 gssapi functions to take a
- void * as their first argument, instead of a krb5_context.
- Makes for a cleaner interface to the mechanism glue layer.
-
- * k5mech.c (krb5_gss_initialize): Call name-type/mechanism
- registration function so that mechanism glue layer knows
- whether or not a name needs to be lazy evaluated or not.
-
-Tue Feb 6 23:55:45 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * pname_to_uid.c (krb5_pname_to_uid): Instead of using specialized
- code to derive the username from a kerberos principal, use
- krb5_aname_to_lname(). Added extra argument for the
- context structure.
-
-Fri Jan 26 03:09:32 1996 Sam Hartman <hartmans@tertius.mit.edu>
-
- * init_sec_context.c (make_ap_req): Make sure we get a DES session key.
-
-Wed Jan 24 20:46:37 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU>
-
- * pname_to_uid.c (krb5_pname_to_uid): Changed def'n of
- krb5principalname to static so K&R compilers won't lose on
- automatic aggregate initialization.
-
-Wed Jan 24 13:21:37 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * import_name.c (krb5_gss_import_name): Don't assume that the
- input_name_buffer is null terminated, when it contains a
- string. Fix gcc warnings.
-
-Tue Jan 23 13:01:42 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * configure.in: Check for stdlib.h
-
- * pname_to_uid.c: Include string.h and stdlib.h.
-
- * init_sec_context.c (make_ap_req): Handle gcc warning.
-
-Tue Jan 23 04:05:23 1996 <tytso@rsts-11.mit.edu>
-
- * Makefile.in: Add support for building GSSAPI as a shared
- library.
-
-Tue Jan 23 03:25:02 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * rel_oid.c (krb5_gss_internal_release_oid): Add the new interface
- for the mechglue layer.
-
- * inq_cred.c (krb5_gss_inquire_cred): Call gss_release_oid_set()
- instead of generic_gss_release_oid_set().
-
- * gssapiP_krb5.h: Added prototype for krb5_gss_internal_release_oid
-
- * Makefile.in (CCSRCS): Removed the file krb5_gss_glue.c and added
- the file k5mech.c and pname_to_uid.c
-
-Tue Jan 9 22:11:25 1996 Theodore Y. Ts'o <tytso@dcl>
-
- * gssapiP_krb5.h (KRB5_GSS_FOR_CREDS_OPTION): New constant added
- for delegation (forwarding) of credentials.
-
- * init_sec_context.c (make_ap_req): Add support for sending
- delegated credentials. Misc lint cleanups.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Add support
- for accepting delegated credentials. Misc lint cleanups.
-
-Fri Dec 1 17:27:33 1995 <tytso@rsts-11.mit.edu>
-
- * configure.in: Add rule for building shared object files.
-
-Fri Dec 1 17:11:43 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * gssapiP_krb5.h (KG_TOK_WRAP_MSG): Changed token ID for
- KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both should be
- 0x0201.
-
- * krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context
- argument to the call of krb5_gss_inquire_names_for_mech().
-
- * inq_names.c (krb5_gss_inquire_names_for_mech): Added new context
- argument to the arg list.
-
-Thu Nov 16 17:04:00 1995 <tytso@rsts-11.mit.edu>
-
- * gssapiP_krb5.h (KG_TOK_MIC_MSG, KG_TOK_WRAP_MSG, KG_DEL_CTX):
- Fixed token type numbers so they conform with the protocol
- spec. Paul Park didn't realize that he wasn't allowed to
- change these willy-nilly...
-
-Wed Oct 25 15:38:00 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * init_sec_context.c (make_ap_req): Change the input type of
- do_mutual to be OM_int32 instead of an int, to prevent
- lossage under windows, since the passed in type size is a
- OM_int32.
-
-Fri Oct 6 22:02:24 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * Makefile.in: Remove ##DOS!include of config/windows.in.
- config/windows.in is now included by wconfig.
-
-Mon Sep 25 16:52:49 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the
- Makefile.
-
-Sun Sep 24 10:39:13 1995 John Rivlin (jrivlin@fusion.com)
- * gssapiP_krb5.h: Fixed kb_seal_size prototype
-
-Wed Sep 13 10:39:13 1995 Keith Vetter (keithv@fusion.com)
-
- * acquire_.c: changed int to size_t.
- * gssapip_.h: added prototype for kg_seal_size.
- * k5seal.c: 16/32 bit mismatch and removed unused variables.
- * seal.c: 16/32 bit mismatch.
- * sign.c: 16/32 bit mismatch.
- * ser_sctx.c: added prototypes for all functions since they get
- assigned into a structure that has been prototyped.
-
-Sat Sep 16 03:18:02 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * gssapiP_krb5.h: Remove context and cred from the gssapi security
- context, as they aren't needed. kg_seal and kg_unseal now
- take a krb5_context argument.
-
- * ser_sctx.c (kg_ctx_size, kg_ctx_externalize,
- kg_ctx_internalize): No longer serialize the context and
- cred fields of the gssapi security context.
-
- * krb5_gss_glue.c: Don't rely on the context field of the gssapi
- security context. Use kg_context instead.
-
- * verify.c (krb5_gss_verify, krb5_gss_verify_mic):
- * unseal.c (krb5_gss_unwrap, krb5_gss_unseal):
- * sign.c (krb5_gss_sign, krb5_gss_get_mic):
- * seal.c (krb5_gss_seal, krb5_gss_wrap):
- * process_context_token.c (krb5_gss_process_context_token):
- * k5unseal.c (kg_unseal):
- * k5seal.c (kg_seal_size): Add a krb5_context argument to this
- function, so we don't have to depend on the context field
- in the gssapi security context.
-
- * init_sec_context.c (krb5_gss_init_sec_context): Don't initialize
- the context and cred fields in the gssapi security
- context. Copy ctx->subkey to ctx->seq.key, so they are
- separately allocated.
-
- * gssapi_krb5.c (kg_get_context): When initialize kg_context, call
- krb5_init_ets() so that the error tables are initialized.
-
- * export_sec_context.c (krb5_gss_export_sec_context): Don't depend
- on the context field from the gssapi security context.
- Free ctx->seq.key.
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal()
- now takes a krb5_context argument. Free ctx->seq.key.
-
- * acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi
- credential before setting it, to prevent purify from
- complaining.
-
- * accept_sec_context.c (krb5_gss_accept_sec_context): Remove
- context and cred from the gssapi security context. Make
- sure the ticket is freed after we're done with it.
-
-Fri Sep 15 22:12:49 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * import_sec_context.c (krb5_gss_import_sec_context): Don't bash
- the input interprocess_token. Otherwise, it can't be
- freed. Don't depend on the context field in the gss
- security context.
-
-Tue Sep 12 19:07:52 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * export_sec_context.c (krb5_gss_export_sec_context): Free the
- auth context when freeing the GSSAPI context structure.
-
- * delete_sec_context.c (krb5_gss_delete_sec_context): Free the
- auth context when freeing the GSSAPI context structure.
-
-Tue Sep 12 13:05:51 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * k5seal.c, k5unseal.c, accept_sec_context.c: Undo MACINTOSH
- change for paths. The old ones were correct.
-
-Wed Sep 6 12:00:00 1995 James Mattly <mattly@fusion.com>
-
- * gssapi_krb5.h: changed a path bearing include for MACINTOSH
-
- * accept_sec_context.c: changed a path bearing include for MACINTOSH
-
- * k5seal.c: changed a path bearing include for MACINTOSH
-
- * k5unseal.c: changed a path bearing include for MACINTOSH
-
-Sat Sep 9 00:16:34 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * krb5_gss_glue.c (gss_delete_sec_context): Add extra indirection
- so that we actually fetch the context correctly.
- (gss_accept_sec_context): Remove unused code.
-
-Wed Sep 6 16:12:28 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * init_sec_context.c (make_ap_req): Initialize mk_req_flags to
- zero so that when we OR in flags, the result is
- well-defined.
-
-Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
-
- * accept_sec_context.c, init_sec_context.c, util.c :
- s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
-
-Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
-
- * accept_sec_context.c, init_sec_context.c, util_seed.c :
- Remove krb5_enctype references, and replace with
- krb5_keytype where appropriate.
-
-Thu Aug 31 11:50:34 EDT 1995 Paul Park (pjpark@mit.edu)
- * gssapiP_krb5.h - Add new V2 dispatch prototypes. Update arguments
- to be compatible with V2 API. Add tokens for V2 integrity
- and confidentiality services.
- * k5seal.c - Add support for V2 tokens and add kg_seal_size() to
- support gss_wrap_size_limit().
- * k5unseal.c - Add support for V2 tokens.
- * accept_sec_context,disp_status,gssapi_krb5,init_sec_context,
- inq_context,rel_name.c - Update arguments to V2.
- * acquire_cred,import_name,inq_cred,krb5_gss_glue,seal,sign,unseal,
- verify.c - Update arguments to V2 and add new V2 functions.
- * rel_oid.c, inq_names.c - New V2 modules.
- * Makefile.in, .Sanitize - Add rel_oid.c and inq_names.c
-
-Tue Aug 29 22:38:54 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * init_sec_context.c (krb5_gss_init_sec_context): Remove
- duplicated cleanup code.
-
-Tue Aug 29 17:48:40 EDT 1995 Paul Park (pjpark@mit.edu)
- * {accept,init}_sec_context.c - Zero out the newly allocated context
- because garbage in the uninitialized context messes up the
- serializers.
-
-
-Tue Aug 29 13:31:46 EDT 1995 Paul Park (pjpark@mit.edu)
- * Makefile.in, .Sanitize, {im,ex}port_sec_context.c, ser_sctx.c - Add
- new modules to support {im,ex}port of GSSAPI context.
- * krb5_gss_glue.c - Add krb5_gss_{im,ex}port_sec_context() wrapper
- routines.
- * gssapiP_krb5.h - Add prototypes for krb5_gss_{im,ex}port_sec_context
- and kg_ser_context_init.
- * gssapi_err_krb5.et - Add magic numbers for GSSAPI data structures.
-
-Mon Aug 7 19:08:52 1995 Theodore Y. Ts'o <tytso@dcl>
-
- * inq_cred.c (krb5_gss_inquire_cred): Use
- generic_gss_release_oid_set() instead of gss_release_oid_set()
- so that the krb5-specific mechanism can be linked in
- without pulling in krb5_gss_glue.c
-
-Thu Jul 27 15:26:27 EDT 1995 Paul Park (pjpark@mit.edu)
- * Makefile.in - Add -I$(srcdir)/../../crypto/md5 to get rsa-md5.h.
- * accept_sec_context.c - Include "rsa-md5.h" instead of <krb5/...>.
- * gssapiP_krb5.h - Replace k5-specific includes with k5-int.h
- * k5[un]seal.c - Include "rsa-md5.h" instead of <krb5/...>.
-
-
-Fri Jul 7 16:23:17 EDT 1995 Paul Park (pjpark@mit.edu)
- * Makefile.in - Remove LDFLAGS, it's set by configure.
-
-Sat Jun 10 23:04:52 1995 Tom Yu (tlyu@dragons-lair)
-
- * accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c:
- krb5_auth_context redefinitions
-
-Fri Jun 9 19:25:55 1995 <tytso@rsx-11.mit.edu>
-
- * configure.in: Remove standardized set of autoconf macros, which
- are now handled by CONFIG_RULES.
-
-Wed Jun 7 10:05:16 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
-
- * gssapiP_krb5.h: Include time.h (or sys/time.h) for struct tm
- structure which is now in the los-proto.h file.
-
-Mon May 22 10:10:41 EDT 1995 Paul Park (pjpark@mit.edu)
- * Makefile.in - Add null install target.
- * inq_cred.c - Don't mark credentials as expired if the expiration
- time is indefinite.
-
-Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu)
-
- * init_sec_context.c (krb5_gss_init_sec_context()) :
- The krb5_mk_rep() routine must always encode the data in
- the keyblock of the ticket, not the subkey.
-
-Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
-
- * *.[ch]: removed unneeded INTERFACE from non-api functions.
- * *.h added FAR to pointers visible at to the world.
- * gssapi_e.c: __STDC__ conditional also checks the _WINDOWS define.
-
-Thu Mar 30 16:00:30 1995 Keith Vetter (keithv@fusion.com)
-
- * accept_sec_context.c: fixed wrong level of indirection on a
- parameter to getauthenticator.
-
-Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
-
- * accept_sec_context.c: Use new calling convention for krb5_rd_req()
- and krb5_mk_rep().
-
-Thu Mar 16 19:54:33 1995 Keith Vetter (keithv@fusion.com)
-
- * init_sec_context.c: fixed signed/unsigned mismatch and
- added a prototype which will later be removed.
- * import_name.c: fixed for the PC--made conditional the
- code dependent upon passwords.
- * Makefile.in: changed the name of the library the PC
- builds, and added xxx-mac targets to mimic xxx-unix.
-
-Fri Mar 10 09:44:29 1995 Chris Provenzano (proven@mit.edu)
-
- * init_sec_context.c (krb5_gss_init_sec_context())
- Use new calling convention for krb5_mk_req_ext() and
- krb5_rd_rep().
-
- * gssapiP_krb5.h Added a krb5_auth_context pointer to the
- krb5_gss_ctx_id_rec structure to store the auth_context
- between multiple calls to krb5_gss_init_sec_context().
-
-Tue Mar 7 20:48:03 1995 Keith Vetter (keithv@fusion.com)
-
- * accept_s.c, acqire_s.c, compare_.c, context_.c, delete_s.c,
- disp_nam.c, disp_sta.c, get_tkt_.c, init_sec.c, inq_cont.c,
- inq_cred.c, k5seal.c, k5unseal.c, process_.c, rel_cred.c,
- rel_name.c, util_cks.c, util_cry.c: added casts on signed ->
- unsigned assignments.
- * util_seq.c: added casts on bit extraction code.
- * gssapip_.h: pulls in los-proto.h for prototypes.
-
-Tue Feb 28 00:27:44 1995 John Gilmore (gnu at toad.com)
-
- * gssapi_krb5.h, gssapiP_krb5.h: Avoid <krb5/...> includes.
- * disp_status.c: Avoid <com_err.h>, use "com_err.h".
-
-Mon Feb 20 19:53:9 1995 Keith Vetter (keithv@fusion.com)
-
- * accept_s.c: needed temp to avoid sign/unsigned mismatch on the PC.
- * init_sec.c: needed temp to avoid sign/unsigned mismatch on the PC.
- * gssapiP_krb5.h k5seal.c, k5unseal.c: removed netinet/in.h include.
- * util_seq.c: changed int to 32bit int
- * gssapiP_krb5.h, gssapi_krb5.h, *.c: added windows INTERFACE keyword
-
-Mon Feb 20 12:00:00 1995 keith Vetter (keithv@fusion.com)
-
- Rename files for DOS 8.3 uniqueness--files created by Make
- * gssapi_krb5_err.et => gssapi_err_krb5.et
- => gssapi_err_krb5.h
- => gssapi_err_krb5.c
- * gssapiP_krb5.h changed to match
- * Makefile.in changed to match
-
-Tue Feb 14 15:01:36 1995 Chris Provenzano (proven@mit.edu)
-
- * init_sec_context.c (make_ap_req()) Use new API for
- krb5_mk_req_extended() and cleanup internal processing.
-
-Fri Feb 3 00:34:55 1995 John Gilmore <gnu@cygnus.com>
-
- Rename files for DOS 8.3 uniqueness:
- * display_name.c => disp_name.c
- * display_status.c => disp_status.c
- * inquire_context.c => inq_context.c
- * inquire_cred.c => inq_cred.c
- * release_cred.c => rel_cred.c
- * release_name.c => rel_name.c
- * Makefile.in changed to match.
-
-Fri Jan 27 14:41:12 1995 Chris Provenzano (proven@mit.edu)
-
- * accept_sec_context.c (rd_req_keyproc() added krb5_keytype arg.
-
-Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
-
- * Removed all narrow types and references to wide.h and narrow.h
-
-Sun Jan 22 18:26:32 1995 John Gilmore (gnu at toad.com)
-
- * acquire_cred.c (acquire_accept_cred): Add context arg when
- calling krb5_sname_to_principal.
-
-Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
-
- * Added krb5_context to all krb5_routines
-
-Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl)
-
- * display_name.c (krb5_gss_display_name): gss_display_name()
- should return a name type OID, not a mechanism OID.
-
-Tue Oct 4 16:40:45 1994 Theodore Y. Ts'o (tytso@dcl)
-
- * accept_security_context.c (rd_req_keyproc): Add widen.h and
- narrow.h to widen argument types of keyproc.
-
-Tue Sep 27 23:30:14 1994 Theodore Y. Ts'o (tytso@dcl)
-
- * accept_security_context.c (krb5_gss_accept_sec_context):
- krb5_rc_dfl_close now frees the rcache structure, so
- this routine shouldn't.
-
-Wed Aug 17 15:47:26 1994 Theodore Y. Ts'o (tytso at tsx-11)
-
- * gssapi_krb5.c: Fixed OID for the krb5 mechanism. (Transcription
- error.)
-
-
-
-
-
generated by cgit (git 2.34.1) at 2026-01-03 14:49:33 +0000