Tue Feb 6 23:55:45 1996 Theodore Y. Ts'o * pname_to_uid.c (krb5_pname_to_uid): Instead of using specialized code to derive the username from a kerberos principal, use krb5_aname_to_lname(). Added extra argument for the context structure. Fri Jan 26 03:09:32 1996 Sam Hartman * init_sec_context.c (make_ap_req): Make sure we get a DES session key. Wed Jan 24 20:46:37 1996 Tom Yu * pname_to_uid.c (krb5_pname_to_uid): Changed def'n of krb5principalname to static so K&R compilers won't lose on automatic aggregate initialization. Wed Jan 24 13:21:37 1996 Theodore Y. Ts'o * import_name.c (krb5_gss_import_name): Don't assume that the input_name_buffer is null terminated, when it contains a string. Fix gcc warnings. Tue Jan 23 13:01:42 1996 Ezra Peisach * configure.in: Check for stdlib.h * pname_to_uid.c: Include string.h and stdlib.h. * init_sec_context.c (make_ap_req): Handle gcc warning. Tue Jan 23 04:05:23 1996 * Makefile.in: Add support for building GSSAPI as a shared library. Tue Jan 23 03:25:02 1996 Theodore Y. Ts'o * rel_oid.c (krb5_gss_internal_release_oid): Add the new interface for the mechglue layer. * inq_cred.c (krb5_gss_inquire_cred): Call gss_release_oid_set() instead of generic_gss_release_oid_set(). * gssapiP_krb5.h: Added prototype for krb5_gss_internal_release_oid * Makefile.in (CCSRCS): Removed the file krb5_gss_glue.c and added the file k5mech.c and pname_to_uid.c Tue Jan 9 22:11:25 1996 Theodore Y. Ts'o * gssapiP_krb5.h (KRB5_GSS_FOR_CREDS_OPTION): New constant added for delegation (forwarding) of credentials. * init_sec_context.c (make_ap_req): Add support for sending delegated credentials. Misc lint cleanups. * accept_sec_context.c (krb5_gss_accept_sec_context): Add support for accepting delegated credentials. Misc lint cleanups. Fri Dec 1 17:27:33 1995 * configure.in: Add rule for building shared object files. Fri Dec 1 17:11:43 1995 Theodore Y. Ts'o * gssapiP_krb5.h (KG_TOK_WRAP_MSG): Changed token ID for KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both should be 0x0201. * krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context argument to the call of krb5_gss_inquire_names_for_mech(). * inq_names.c (krb5_gss_inquire_names_for_mech): Added new context argument to the arg list. Thu Nov 16 17:04:00 1995 * gssapiP_krb5.h (KG_TOK_MIC_MSG, KG_TOK_WRAP_MSG, KG_DEL_CTX): Fixed token type numbers so they conform with the protocol spec. Paul Park didn't realize that he wasn't allowed to change these willy-nilly... Wed Oct 25 15:38:00 1995 Theodore Y. Ts'o * init_sec_context.c (make_ap_req): Change the input type of do_mutual to be OM_int32 instead of an int, to prevent lossage under windows, since the passed in type size is a OM_int32. Fri Oct 6 22:02:24 1995 Theodore Y. Ts'o * Makefile.in: Remove ##DOS!include of config/windows.in. config/windows.in is now included by wconfig. Mon Sep 25 16:52:49 1995 Theodore Y. Ts'o * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the Makefile. Sun Sep 24 10:39:13 1995 John Rivlin (jrivlin@fusion.com) * gssapiP_krb5.h: Fixed kb_seal_size prototype Wed Sep 13 10:39:13 1995 Keith Vetter (keithv@fusion.com) * acquire_.c: changed int to size_t. * gssapip_.h: added prototype for kg_seal_size. * k5seal.c: 16/32 bit mismatch and removed unused variables. * seal.c: 16/32 bit mismatch. * sign.c: 16/32 bit mismatch. * ser_sctx.c: added prototypes for all functions since they get assigned into a structure that has been prototyped. Sat Sep 16 03:18:02 1995 Theodore Y. Ts'o * gssapiP_krb5.h: Remove context and cred from the gssapi security context, as they aren't needed. kg_seal and kg_unseal now take a krb5_context argument. * ser_sctx.c (kg_ctx_size, kg_ctx_externalize, kg_ctx_internalize): No longer serialize the context and cred fields of the gssapi security context. * krb5_gss_glue.c: Don't rely on the context field of the gssapi security context. Use kg_context instead. * verify.c (krb5_gss_verify, krb5_gss_verify_mic): * unseal.c (krb5_gss_unwrap, krb5_gss_unseal): * sign.c (krb5_gss_sign, krb5_gss_get_mic): * seal.c (krb5_gss_seal, krb5_gss_wrap): * process_context_token.c (krb5_gss_process_context_token): * k5unseal.c (kg_unseal): * k5seal.c (kg_seal_size): Add a krb5_context argument to this function, so we don't have to depend on the context field in the gssapi security context. * init_sec_context.c (krb5_gss_init_sec_context): Don't initialize the context and cred fields in the gssapi security context. Copy ctx->subkey to ctx->seq.key, so they are separately allocated. * gssapi_krb5.c (kg_get_context): When initialize kg_context, call krb5_init_ets() so that the error tables are initialized. * export_sec_context.c (krb5_gss_export_sec_context): Don't depend on the context field from the gssapi security context. Free ctx->seq.key. * delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal() now takes a krb5_context argument. Free ctx->seq.key. * acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi credential before setting it, to prevent purify from complaining. * accept_sec_context.c (krb5_gss_accept_sec_context): Remove context and cred from the gssapi security context. Make sure the ticket is freed after we're done with it. Fri Sep 15 22:12:49 1995 Theodore Y. Ts'o * import_sec_context.c (krb5_gss_import_sec_context): Don't bash the input interprocess_token. Otherwise, it can't be freed. Don't depend on the context field in the gss security context. Tue Sep 12 19:07:52 1995 Theodore Y. Ts'o * export_sec_context.c (krb5_gss_export_sec_context): Free the auth context when freeing the GSSAPI context structure. * delete_sec_context.c (krb5_gss_delete_sec_context): Free the auth context when freeing the GSSAPI context structure. Tue Sep 12 13:05:51 1995 Ezra Peisach * k5seal.c, k5unseal.c, accept_sec_context.c: Undo MACINTOSH change for paths. The old ones were correct. Wed Sep 6 12:00:00 1995 James Mattly * gssapi_krb5.h: changed a path bearing include for MACINTOSH * accept_sec_context.c: changed a path bearing include for MACINTOSH * k5seal.c: changed a path bearing include for MACINTOSH * k5unseal.c: changed a path bearing include for MACINTOSH Sat Sep 9 00:16:34 1995 Theodore Y. Ts'o * krb5_gss_glue.c (gss_delete_sec_context): Add extra indirection so that we actually fetch the context correctly. (gss_accept_sec_context): Remove unused code. Wed Sep 6 16:12:28 1995 Theodore Y. Ts'o * init_sec_context.c (make_ap_req): Initialize mk_req_flags to zero so that when we OR in flags, the result is well-defined. Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) * accept_sec_context.c, init_sec_context.c, util.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) * accept_sec_context.c, init_sec_context.c, util_seed.c : Remove krb5_enctype references, and replace with krb5_keytype where appropriate. Thu Aug 31 11:50:34 EDT 1995 Paul Park (pjpark@mit.edu) * gssapiP_krb5.h - Add new V2 dispatch prototypes. Update arguments to be compatible with V2 API. Add tokens for V2 integrity and confidentiality services. * k5seal.c - Add support for V2 tokens and add kg_seal_size() to support gss_wrap_size_limit(). * k5unseal.c - Add support for V2 tokens. * accept_sec_context,disp_status,gssapi_krb5,init_sec_context, inq_context,rel_name.c - Update arguments to V2. * acquire_cred,import_name,inq_cred,krb5_gss_glue,seal,sign,unseal, verify.c - Update arguments to V2 and add new V2 functions. * rel_oid.c, inq_names.c - New V2 modules. * Makefile.in, .Sanitize - Add rel_oid.c and inq_names.c Tue Aug 29 22:38:54 1995 Ezra Peisach * init_sec_context.c (krb5_gss_init_sec_context): Remove duplicated cleanup code. Tue Aug 29 17:48:40 EDT 1995 Paul Park (pjpark@mit.edu) * {accept,init}_sec_context.c - Zero out the newly allocated context because garbage in the uninitialized context messes up the serializers. Tue Aug 29 13:31:46 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in, .Sanitize, {im,ex}port_sec_context.c, ser_sctx.c - Add new modules to support {im,ex}port of GSSAPI context. * krb5_gss_glue.c - Add krb5_gss_{im,ex}port_sec_context() wrapper routines. * gssapiP_krb5.h - Add prototypes for krb5_gss_{im,ex}port_sec_context and kg_ser_context_init. * gssapi_err_krb5.et - Add magic numbers for GSSAPI data structures. Mon Aug 7 19:08:52 1995 Theodore Y. Ts'o * inq_cred.c (krb5_gss_inquire_cred): Use generic_gss_release_oid_set() instead of gss_release_oid_set() so that the krb5-specific mechanism can be linked in without pulling in krb5_gss_glue.c Thu Jul 27 15:26:27 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Add -I$(srcdir)/../../crypto/md5 to get rsa-md5.h. * accept_sec_context.c - Include "rsa-md5.h" instead of . * gssapiP_krb5.h - Replace k5-specific includes with k5-int.h * k5[un]seal.c - Include "rsa-md5.h" instead of . Fri Jul 7 16:23:17 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove LDFLAGS, it's set by configure. Sat Jun 10 23:04:52 1995 Tom Yu (tlyu@dragons-lair) * accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c: krb5_auth_context redefinitions Fri Jun 9 19:25:55 1995 * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. Wed Jun 7 10:05:16 1995 Ezra Peisach * gssapiP_krb5.h: Include time.h (or sys/time.h) for struct tm structure which is now in the los-proto.h file. Mon May 22 10:10:41 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Add null install target. * inq_cred.c - Don't mark credentials as expired if the expiration time is indefinite. Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu) * init_sec_context.c (krb5_gss_init_sec_context()) : The krb5_mk_rep() routine must always encode the data in the keyblock of the ticket, not the subkey. Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) * *.[ch]: removed unneeded INTERFACE from non-api functions. * *.h added FAR to pointers visible at to the world. * gssapi_e.c: __STDC__ conditional also checks the _WINDOWS define. Thu Mar 30 16:00:30 1995 Keith Vetter (keithv@fusion.com) * accept_sec_context.c: fixed wrong level of indirection on a parameter to getauthenticator. Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu) * accept_sec_context.c: Use new calling convention for krb5_rd_req() and krb5_mk_rep(). Thu Mar 16 19:54:33 1995 Keith Vetter (keithv@fusion.com) * init_sec_context.c: fixed signed/unsigned mismatch and added a prototype which will later be removed. * import_name.c: fixed for the PC--made conditional the code dependent upon passwords. * Makefile.in: changed the name of the library the PC builds, and added xxx-mac targets to mimic xxx-unix. Fri Mar 10 09:44:29 1995 Chris Provenzano (proven@mit.edu) * init_sec_context.c (krb5_gss_init_sec_context()) Use new calling convention for krb5_mk_req_ext() and krb5_rd_rep(). * gssapiP_krb5.h Added a krb5_auth_context pointer to the krb5_gss_ctx_id_rec structure to store the auth_context between multiple calls to krb5_gss_init_sec_context(). Tue Mar 7 20:48:03 1995 Keith Vetter (keithv@fusion.com) * accept_s.c, acqire_s.c, compare_.c, context_.c, delete_s.c, disp_nam.c, disp_sta.c, get_tkt_.c, init_sec.c, inq_cont.c, inq_cred.c, k5seal.c, k5unseal.c, process_.c, rel_cred.c, rel_name.c, util_cks.c, util_cry.c: added casts on signed -> unsigned assignments. * util_seq.c: added casts on bit extraction code. * gssapip_.h: pulls in los-proto.h for prototypes. Tue Feb 28 00:27:44 1995 John Gilmore (gnu at toad.com) * gssapi_krb5.h, gssapiP_krb5.h: Avoid includes. * disp_status.c: Avoid , use "com_err.h". Mon Feb 20 19:53:9 1995 Keith Vetter (keithv@fusion.com) * accept_s.c: needed temp to avoid sign/unsigned mismatch on the PC. * init_sec.c: needed temp to avoid sign/unsigned mismatch on the PC. * gssapiP_krb5.h k5seal.c, k5unseal.c: removed netinet/in.h include. * util_seq.c: changed int to 32bit int * gssapiP_krb5.h, gssapi_krb5.h, *.c: added windows INTERFACE keyword Mon Feb 20 12:00:00 1995 keith Vetter (keithv@fusion.com) Rename files for DOS 8.3 uniqueness--files created by Make * gssapi_krb5_err.et => gssapi_err_krb5.et => gssapi_err_krb5.h => gssapi_err_krb5.c * gssapiP_krb5.h changed to match * Makefile.in changed to match Tue Feb 14 15:01:36 1995 Chris Provenzano (proven@mit.edu) * init_sec_context.c (make_ap_req()) Use new API for krb5_mk_req_extended() and cleanup internal processing. Fri Feb 3 00:34:55 1995 John Gilmore Rename files for DOS 8.3 uniqueness: * display_name.c => disp_name.c * display_status.c => disp_status.c * inquire_context.c => inq_context.c * inquire_cred.c => inq_cred.c * release_cred.c => rel_cred.c * release_name.c => rel_name.c * Makefile.in changed to match. Fri Jan 27 14:41:12 1995 Chris Provenzano (proven@mit.edu) * accept_sec_context.c (rd_req_keyproc() added krb5_keytype arg. Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) * Removed all narrow types and references to wide.h and narrow.h Sun Jan 22 18:26:32 1995 John Gilmore (gnu at toad.com) * acquire_cred.c (acquire_accept_cred): Add context arg when calling krb5_sname_to_principal. Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) * Added krb5_context to all krb5_routines Mon Jan 9 19:27:55 1995 Theodore Y. Ts'o (tytso@dcl) * display_name.c (krb5_gss_display_name): gss_display_name() should return a name type OID, not a mechanism OID. Tue Oct 4 16:40:45 1994 Theodore Y. Ts'o (tytso@dcl) * accept_security_context.c (rd_req_keyproc): Add widen.h and narrow.h to widen argument types of keyproc. Tue Sep 27 23:30:14 1994 Theodore Y. Ts'o (tytso@dcl) * accept_security_context.c (krb5_gss_accept_sec_context): krb5_rc_dfl_close now frees the rcache structure, so this routine shouldn't. Wed Aug 17 15:47:26 1994 Theodore Y. Ts'o (tytso at tsx-11) * gssapi_krb5.c: Fixed OID for the krb5 mechanism. (Transcription error.)