summaryrefslogtreecommitdiffstats
path: root/src/lib/gssapi/krb5/ChangeLog
blob: ef151295ab9396a72c6ed9e2ab1db2404b7e7611 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
Tue Feb  6 23:55:45 1996  Theodore Y. Ts'o  <tytso@dcl>

	* pname_to_uid.c (krb5_pname_to_uid): Instead of using specialized
		code to derive the username from a kerberos principal, use
		krb5_aname_to_lname().  Added extra argument for the
		context structure.

Fri Jan 26 03:09:32 1996  Sam Hartman  <hartmans@tertius.mit.edu>

	* init_sec_context.c (make_ap_req): Make sure we get a DES session key.

Wed Jan 24 20:46:37 1996  Tom Yu  <tlyu@dragons-lair.MIT.EDU>

	* pname_to_uid.c (krb5_pname_to_uid): Changed def'n of
		krb5principalname to static so K&R compilers won't lose on
		automatic aggregate initialization.

Wed Jan 24 13:21:37 1996  Theodore Y. Ts'o  <tytso@dcl>

	* import_name.c (krb5_gss_import_name): Don't assume that the
		input_name_buffer is null terminated, when it contains a
		string.  Fix gcc warnings.

Tue Jan 23 13:01:42 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* configure.in: Check for stdlib.h

	* pname_to_uid.c: Include string.h and stdlib.h.

	* init_sec_context.c (make_ap_req): Handle gcc warning.

Tue Jan 23 04:05:23 1996    <tytso@rsts-11.mit.edu>

	* Makefile.in: Add support for building GSSAPI as a shared
	        library.

Tue Jan 23 03:25:02 1996  Theodore Y. Ts'o  <tytso@dcl>

	* rel_oid.c (krb5_gss_internal_release_oid): Add the new interface
		for the mechglue layer.

	* inq_cred.c (krb5_gss_inquire_cred): Call gss_release_oid_set()
		instead of generic_gss_release_oid_set().

	* gssapiP_krb5.h: Added prototype for krb5_gss_internal_release_oid 

	* Makefile.in (CCSRCS): Removed the file krb5_gss_glue.c and added
		the file k5mech.c and pname_to_uid.c

Tue Jan  9 22:11:25 1996  Theodore Y. Ts'o  <tytso@dcl>

	* gssapiP_krb5.h (KRB5_GSS_FOR_CREDS_OPTION): New constant added
		for delegation (forwarding) of credentials.

	* init_sec_context.c (make_ap_req): Add support for sending
		delegated credentials.  Misc lint cleanups.

	* accept_sec_context.c (krb5_gss_accept_sec_context): Add support
		for accepting delegated credentials.  Misc lint cleanups.

Fri Dec  1 17:27:33 1995    <tytso@rsts-11.mit.edu>

	* configure.in: Add rule for building shared object files.

Fri Dec  1 17:11:43 1995  Theodore Y. Ts'o  <tytso@dcl>

	* gssapiP_krb5.h (KG_TOK_WRAP_MSG): Changed token ID for
		KG_TOK_WRAP_MSG to match KG_TOK_SEAL_MSG both should be
		0x0201.

	* krb5_gss_glue.c (gss_inquire_names_for_mech): Added new context
		argument to the call of krb5_gss_inquire_names_for_mech().

	* inq_names.c (krb5_gss_inquire_names_for_mech): Added new context
		argument to the arg list.

Thu Nov 16 17:04:00 1995    <tytso@rsts-11.mit.edu>

	* gssapiP_krb5.h (KG_TOK_MIC_MSG, KG_TOK_WRAP_MSG, KG_DEL_CTX):
	        Fixed token type numbers so they conform with the protocol
		spec.  Paul Park didn't realize that he wasn't allowed to
		change these willy-nilly...

Wed Oct 25 15:38:00 1995  Theodore Y. Ts'o  <tytso@dcl>

	* init_sec_context.c (make_ap_req): Change the input type of
		do_mutual to be OM_int32 instead of an int, to prevent
		lossage under windows, since the passed in type size is a
		OM_int32.

Fri Oct  6 22:02:24 1995  Theodore Y. Ts'o  <tytso@dcl>

	* Makefile.in: Remove ##DOS!include of config/windows.in.
		config/windows.in is now included by wconfig.

Mon Sep 25 16:52:49 1995  Theodore Y. Ts'o  <tytso@dcl>

	* Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the
		Makefile. 

Sun Sep 24 10:39:13 1995  John Rivlin (jrivlin@fusion.com)
	* gssapiP_krb5.h: Fixed kb_seal_size prototype

Wed Sep 13 10:39:13 1995 Keith Vetter (keithv@fusion.com)

	* acquire_.c: changed int to size_t.
	* gssapip_.h: added prototype for kg_seal_size.
	* k5seal.c: 16/32 bit mismatch and removed unused variables.
	* seal.c: 16/32 bit mismatch.
	* sign.c: 16/32 bit mismatch.
	* ser_sctx.c: added prototypes for all functions since they get 
		assigned into a structure that has been prototyped.

Sat Sep 16 03:18:02 1995  Theodore Y. Ts'o  <tytso@dcl>

	* gssapiP_krb5.h: Remove context and cred from the gssapi security
		context, as they aren't needed.  kg_seal and kg_unseal now
		take a krb5_context argument.

	* ser_sctx.c (kg_ctx_size, kg_ctx_externalize,
		kg_ctx_internalize): No longer serialize the context and
		cred fields of the gssapi security context.

	* krb5_gss_glue.c: Don't rely on the context field of the gssapi
		security context.  Use kg_context instead.

	* verify.c (krb5_gss_verify, krb5_gss_verify_mic): 
	* unseal.c (krb5_gss_unwrap, krb5_gss_unseal): 
	* sign.c (krb5_gss_sign, krb5_gss_get_mic): 
	* seal.c (krb5_gss_seal, krb5_gss_wrap): 
	* process_context_token.c (krb5_gss_process_context_token): 
	* k5unseal.c (kg_unseal):
	* k5seal.c (kg_seal_size): Add a krb5_context argument to this
		function, so we don't have to depend on the context field
		in the gssapi security context.

	* init_sec_context.c (krb5_gss_init_sec_context): Don't initialize
		the context and cred fields in the gssapi security
		context.  Copy ctx->subkey to ctx->seq.key, so they are
		separately allocated.

	* gssapi_krb5.c (kg_get_context): When initialize kg_context, call
		krb5_init_ets() so that the error tables are initialized.

	* export_sec_context.c (krb5_gss_export_sec_context): Don't depend
		on the context field from the gssapi security context.
		Free ctx->seq.key.

	* delete_sec_context.c (krb5_gss_delete_sec_context): kg_seal()
		now takes a krb5_context argument.  Free ctx->seq.key.

	* acquire_cred.c (krb5_gss_acquire_cred): Clear the gssapi
		credential before setting it, to prevent purify from
		complaining.

	* accept_sec_context.c (krb5_gss_accept_sec_context): Remove
		context and cred from the gssapi security context.  Make
		sure the ticket is freed after we're done with it.

Fri Sep 15 22:12:49 1995  Theodore Y. Ts'o  <tytso@dcl>

	* import_sec_context.c (krb5_gss_import_sec_context): Don't bash
		the input interprocess_token.  Otherwise, it can't be
		freed.  Don't depend on the context field in the gss
		security context.

Tue Sep 12 19:07:52 1995  Theodore Y. Ts'o  <tytso@dcl>

	* export_sec_context.c (krb5_gss_export_sec_context): Free the
		auth context when freeing the GSSAPI context structure.

	* delete_sec_context.c (krb5_gss_delete_sec_context): Free the
		auth context when freeing the GSSAPI context structure.

Tue Sep 12 13:05:51 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* k5seal.c, k5unseal.c, accept_sec_context.c: Undo MACINTOSH
		change for paths. The old ones were correct.

Wed Sep  6 12:00:00 1995  James Mattly  <mattly@fusion.com>

	* gssapi_krb5.h:  changed a path bearing include for MACINTOSH

	* accept_sec_context.c:  changed a path bearing include for MACINTOSH

	* k5seal.c:  changed a path bearing include for MACINTOSH

	* k5unseal.c:  changed a path bearing include for MACINTOSH
	
Sat Sep  9 00:16:34 1995  Theodore Y. Ts'o  <tytso@dcl>

	* krb5_gss_glue.c (gss_delete_sec_context): Add extra indirection
		so that we actually fetch the context correctly.
		(gss_accept_sec_context): Remove unused code.

Wed Sep  6 16:12:28 1995  Theodore Y. Ts'o  <tytso@dcl>

	* init_sec_context.c (make_ap_req): Initialize mk_req_flags to
		zero so that when we OR in flags, the result is
		well-defined. 

Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)

        * accept_sec_context.c, init_sec_context.c, util.c : 
		s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g

Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)

        * accept_sec_context.c, init_sec_context.c, util_seed.c : 
		Remove krb5_enctype references, and replace with 
		krb5_keytype where appropriate.

Thu Aug 31 11:50:34 EDT 1995	Paul Park	(pjpark@mit.edu)
	* gssapiP_krb5.h - Add new V2 dispatch prototypes.  Update arguments
		to be compatible with V2 API.  Add tokens for V2 integrity
		and confidentiality services.
	* k5seal.c - Add support for V2 tokens and add kg_seal_size() to
		support gss_wrap_size_limit().
	* k5unseal.c - Add support for V2 tokens.
	* accept_sec_context,disp_status,gssapi_krb5,init_sec_context,
		inq_context,rel_name.c - Update arguments to V2.
	* acquire_cred,import_name,inq_cred,krb5_gss_glue,seal,sign,unseal,
		verify.c - Update arguments to V2 and add new V2 functions.
	* rel_oid.c, inq_names.c - New V2 modules.
	* Makefile.in, .Sanitize - Add rel_oid.c and inq_names.c

Tue Aug 29 22:38:54 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* init_sec_context.c (krb5_gss_init_sec_context):  Remove
		duplicated cleanup code. 

Tue Aug 29 17:48:40 EDT 1995	Paul Park	(pjpark@mit.edu)
	* {accept,init}_sec_context.c - Zero out the newly allocated context
		because garbage in the uninitialized context messes up the
		serializers.


Tue Aug 29 13:31:46 EDT 1995	Paul Park	(pjpark@mit.edu)
	* Makefile.in, .Sanitize, {im,ex}port_sec_context.c, ser_sctx.c - Add
		new modules to support {im,ex}port of GSSAPI context.
	* krb5_gss_glue.c - Add krb5_gss_{im,ex}port_sec_context() wrapper
		routines.
	* gssapiP_krb5.h - Add prototypes for krb5_gss_{im,ex}port_sec_context
		and kg_ser_context_init.
	* gssapi_err_krb5.et - Add magic numbers for GSSAPI data structures.

Mon Aug  7 19:08:52 1995  Theodore Y. Ts'o  <tytso@dcl>

	* inq_cred.c (krb5_gss_inquire_cred): Use
		generic_gss_release_oid_set() instead of gss_release_oid_set()
		so that the krb5-specific mechanism can be linked in
		without pulling in krb5_gss_glue.c

Thu Jul 27 15:26:27 EDT 1995	Paul Park	(pjpark@mit.edu)
	* Makefile.in - Add -I$(srcdir)/../../crypto/md5 to get rsa-md5.h.
	* accept_sec_context.c - Include "rsa-md5.h" instead of <krb5/...>.
	* gssapiP_krb5.h - Replace k5-specific includes with k5-int.h
	* k5[un]seal.c - Include "rsa-md5.h" instead of <krb5/...>.


Fri Jul 7 16:23:17 EDT 1995	Paul Park	(pjpark@mit.edu)
	* Makefile.in - Remove LDFLAGS, it's set by configure.

Sat Jun 10 23:04:52 1995  Tom Yu  (tlyu@dragons-lair)

	* accept_sec_context.c, gssapiP_krb5.h, init_sec_context.c:
		krb5_auth_context redefinitions

Fri Jun  9 19:25:55 1995    <tytso@rsx-11.mit.edu>

	* configure.in: Remove standardized set of autoconf macros, which
		are now handled by CONFIG_RULES.

Wed Jun  7 10:05:16 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* gssapiP_krb5.h: Include time.h (or sys/time.h) for struct tm
		structure which is now in the los-proto.h file.

Mon May 22 10:10:41 EDT 1995	Paul Park	(pjpark@mit.edu)
	* Makefile.in	- Add null install target.
	* inq_cred.c	- Don't mark credentials as expired if the expiration
			  time is indefinite.

Mon May 01 15:56:32 1995  Chris Provenzano (proven@mit.edu)

	* init_sec_context.c (krb5_gss_init_sec_context()) :
		The krb5_mk_rep() routine must always encode the data in
		the keyblock of the ticket, not the subkey.

Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)

	* *.[ch]: removed unneeded INTERFACE from non-api functions.
        * *.h added FAR to pointers visible at to the world.
        * gssapi_e.c: __STDC__ conditional also checks the _WINDOWS define.

Thu Mar 30 16:00:30 1995 Keith Vetter (keithv@fusion.com)

	* accept_sec_context.c: fixed wrong level of indirection on a 
           parameter to getauthenticator.

Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)

        * accept_sec_context.c: Use new calling convention for krb5_rd_req()
		and krb5_mk_rep().

Thu Mar 16 19:54:33 1995 Keith Vetter (keithv@fusion.com)

	* init_sec_context.c: fixed signed/unsigned mismatch and
           added a prototype which will later be removed.
        * import_name.c: fixed for the PC--made conditional the
           code dependent upon passwords.
	* Makefile.in: changed the name of the library the PC
	   builds, and added xxx-mac targets to mimic xxx-unix.

Fri Mar 10 09:44:29 1995 Chris Provenzano (proven@mit.edu)

	* init_sec_context.c (krb5_gss_init_sec_context())
		Use new calling convention for krb5_mk_req_ext() and
		krb5_rd_rep().

	* gssapiP_krb5.h Added a krb5_auth_context pointer to the
		krb5_gss_ctx_id_rec structure to store the auth_context
		between multiple calls to krb5_gss_init_sec_context().

Tue Mar 7 20:48:03 1995 Keith Vetter (keithv@fusion.com)

	* accept_s.c, acqire_s.c, compare_.c, context_.c, delete_s.c,
          disp_nam.c, disp_sta.c, get_tkt_.c, init_sec.c, inq_cont.c, 
          inq_cred.c, k5seal.c, k5unseal.c, process_.c, rel_cred.c, 
          rel_name.c, util_cks.c, util_cry.c: added casts on signed ->
            unsigned assignments.
        * util_seq.c: added casts on bit extraction code.
        * gssapip_.h: pulls in los-proto.h for prototypes.

Tue Feb 28 00:27:44 1995  John Gilmore  (gnu at toad.com)

	* gssapi_krb5.h, gssapiP_krb5.h: Avoid <krb5/...> includes.
	* disp_status.c:  Avoid <com_err.h>, use "com_err.h".

Mon Feb 20 19:53:9 1995 Keith Vetter (keithv@fusion.com)

	* accept_s.c: needed temp to avoid sign/unsigned mismatch on the PC.
	* init_sec.c: needed temp to avoid sign/unsigned mismatch on the PC.
        * gssapiP_krb5.h k5seal.c, k5unseal.c: removed netinet/in.h include.
        * util_seq.c: changed int to 32bit int
        * gssapiP_krb5.h, gssapi_krb5.h, *.c: added windows INTERFACE keyword

Mon Feb 20 12:00:00 1995  keith Vetter (keithv@fusion.com)

	Rename files for DOS 8.3 uniqueness--files created by Make
	* gssapi_krb5_err.et => gssapi_err_krb5.et
			     => gssapi_err_krb5.h
			     => gssapi_err_krb5.c
	* gssapiP_krb5.h changed to match
	* Makefile.in changed to match

Tue Feb 14 15:01:36 1995 Chris Provenzano (proven@mit.edu)

    * init_sec_context.c (make_ap_req()) Use new API for 
        krb5_mk_req_extended() and cleanup internal processing.

Fri Feb  3 00:34:55 1995  John Gilmore  <gnu@cygnus.com>

	Rename files for DOS 8.3 uniqueness:
	* display_name.c    => disp_name.c
	* display_status.c  => disp_status.c
	* inquire_context.c => inq_context.c
	* inquire_cred.c    => inq_cred.c
	* release_cred.c    => rel_cred.c
	* release_name.c    => rel_name.c
	* Makefile.in changed to match.

Fri Jan 27 14:41:12 1995  Chris Provenzano (proven@mit.edu)

        * accept_sec_context.c (rd_req_keyproc() added krb5_keytype arg.

Wed Jan 25 16:54:40 1995  Chris Provenzano (proven@mit.edu)

        * Removed all narrow types and references to wide.h and narrow.h

Sun Jan 22 18:26:32 1995  John Gilmore  (gnu at toad.com)

	* acquire_cred.c (acquire_accept_cred):  Add context arg when
	calling krb5_sname_to_principal.

Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)

    * Added krb5_context to all krb5_routines

Mon Jan  9 19:27:55 1995  Theodore Y. Ts'o  (tytso@dcl)

	* display_name.c (krb5_gss_display_name): gss_display_name()
		should return a name type OID, not a mechanism OID.

Tue Oct  4 16:40:45 1994  Theodore Y. Ts'o  (tytso@dcl)

	* accept_security_context.c (rd_req_keyproc): Add widen.h and
		narrow.h to widen argument types of keyproc.

Tue Sep 27 23:30:14 1994  Theodore Y. Ts'o  (tytso@dcl)

	* accept_security_context.c (krb5_gss_accept_sec_context):
		  krb5_rc_dfl_close now frees the rcache structure, so
		  this routine shouldn't.

Wed Aug 17 15:47:26 1994  Theodore Y. Ts'o  (tytso at tsx-11)

	* gssapi_krb5.c: Fixed OID for the krb5 mechanism.  (Transcription
	error.)