1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
|
2004-09-17 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Fix the error returned when krb5_lcc_start_seq_get()
discovers the cache is empty. Check for the new error in
krb5_lcc_initialize()
2004-09-10 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Implement krb5_lcc_initialize()
Remove all tickets from the cache which have a client
principal that matches the input principal.
2004-09-10 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Correct test for KerbQueryTicketCacheExMessage
2004-09-09 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: The following functionality is being committed
but commented out because it is not presently
available in public Microsoft SDKs
- support for KerbSubmitTicket which allows a KERB_CRED
message to be forwarded to the LSA. (KERB_SUBMIT_TICKET)
- support for the KerbQueryTicketCacheEx2Message which
adds the Session Key Enctype to the contents of the
response from KerbQueryTicketCacheExMessage.
(HAVE_CACHE_INFO_EX2)
2004-09-01 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c:
- Fix MITPrincToMSPrinc to prevent writing to the output
buffer if the input won't fit.
- Add internal UnicodeStringToMITPrinc function
- Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc
- Rename internal PurgeMSTGT to PurgeAllTickets
- Add internal PurgeTicket2000
- Add internal PurgeTicketXP
- Since tickets can only be requested via KDC Opt Flags it is
not possible to specifically request the Initial ticket. If
more than one ticket exists which matching service names,
enctypes, and ticket flags the initial ticket flag may not be
set. If the caller requested the initial ticket, set the flag
manually.
- Add preliminary support for krb5_lcc_set_flags
- Modify krb5_lcc_initialize to return success
- Modify krb5_lcc_get_principal to support an LSA cache
which does not contain a TGT when krb5_lcc_resolve is
called.
- Implement krb5_lcc_remove_cred
2004-08-27 Ken Raeburn <raeburn@mit.edu>
* t_cc.c (init_test_cred): Terminate argument list to
krb5_build_principal with NULL, not 0. Patch from Nalin
Dahyabhai.
2004-08-15 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (struct _krb5_fcc_data): Add new mutex
disk_file_lock and flag file_is_locked.
(krb5_fcc_close_file): Unlock the mutex and clear the flag.
(krb5_fcc_open_file): Acquire the mutex before locking the file,
and set the flag after.
(krb5_fcc_resolve): Initialize the new mutex and flag.
(krb5_fcc_generate_new): Initialize both mutexes and the flag.
(dereference): Destroy the new mutex.
* cc_file.c: Add buffering on reading.
(FCC_BUFSIZ): New macro.
(struct _krb5_fcc_data): Add new fields buf, valid_bytes,
cur_offset.
(krb5_fcc_resolve, krb5_fcc_generate_new): Initialize
valid_bytes.
(invalidate_cache): New function.
(krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call
invalidate_cache.
(fcc_lseek): New function.
(krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get,
krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of
lseek.
(fcc_read): Use and maybe refill the buffer.
(dereference): Zap the contents of the buffer before freeing it.
* cc_file.c (dereference): Lock mutex around call to
krb5_fcc_close_file.
2004-08-12 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (krb5_fcc_close_file): Change first argument to be an
fcc-data pointer, not a krb5_ccache. All calls changed.
(struct fcc_set): Add a refcount member. (Definition
accidentally introduced without comment in an earlier patch.)
(krb5int_cc_file_mutex, fccs): New variables, for managing a
global list of open credential cache files.
(dereference): New function, with most of old close/destroy
operations. Decrements reference count and only frees the object
and removes it from the global list if the refcount hits zero.
(krb5_fcc_close, krb5_fcc_destroy): Call dereference.
(krb5_fcc_resolve): If a file cache is already open with the same
file name, increment its reference count and don't create a new
one. When a new one is created, add it to the global list.
* cc-int.h (krb5int_cc_file_mutex): Declare.
* ccbase.c (krb5int_cc_initialize): Initialize it.
(krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex.
2004-08-05 Ken Raeburn <raeburn@mit.edu>
* cc_file.c: Remove USE_STDIO support.
2004-07-25 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: is_windows_xp() should test for major version
> 5 not >= 5.
2004-07-18 Ezra Peisach <epeisach@mit.edu>
* cc_memory.c (krb5_mcc_store): When allocating krb5_mcc_link
memory - allocate sizeof() - not sizeof(sizeof()).
2004-07-16 Ken Raeburn <raeburn@mit.edu>
* cc_file.c: Don't check for macsock.h.
2004-07-15 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c (krb5_cc_default, krb5int_cc_default)
Removed default_ccprincipal field from krb5_context
2004-07-14 Ken Raeburn <raeburn@mit.edu>
* t_cc.c (cc_test): Rename one of the "resolve" cases so the
messages can be distinguished.
2004-07-07 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Fix thread safety
2004-07-07 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: When obtaining a TGT from MSLSA, do not ignore
the cache if the requested enctype is the NULL enctype.
2004-06-30 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (krb5_fcc_data): Added a mutex.
(krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*,
krb5_fcc_open_file, krb5_fcc_skip_header,
krb5_fcc_skip_principal): Verify that the mutex is locked.
(MAYBE_OPEN): Verify that the mutex is locked; unlock it if
returning an error.
(krb5_fcc_initialize, krb5_fcc_start_seq_get,
krb5_fcc_get_principal, krb5_fcc_store, krb5_fcc_set_flags): Lock
and unlock the mutex.
(krb5_fcc_close): Likewise. Destroy the mutex when done.
(krb5_fcc_destroy): Merge stdio and non-stdio versions a little
more. Destroy the mutex when done.
(krb5_fcc_resolve): Initialize and lock the mutex.
(krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio
and non-stdio branches a little more.
2004-06-29 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c:
- is_windows_2000() indicates the OS is Windows 2000 or higher
- is_windows_xp() indicates the OS is Windows XP or higher which
indicates that PKERB_QUERY_TKT_CACHE_EX_RESPONSE and
PKERB_TICKET_CACHE_INFO_EX are available.
- does_retrieve_ticket_cache_ticket() checks to see if a Microsoft
private fix is available which adds a new Cache Flag,
KERB_RETRIEVE_TICKET_CACHE_TICKET, which when set causes the
requested ticket to be stored in the LSA cache even when the
TicketFlags and EncType are not set to 0.
- KerbExternalTicketMatch() is a test to determine if two
Microsoft External Tickets are identical
+ use the KerbQueryTicketCacheExMessage LSA call on XP or higher
+ specify the KERB_RETRIEVE_TICKET_CACHE_TICKET flag when it is
available
= The combination of both + items will cause the ClientRealm
to be displayed properly for all cross realm tickets obtained
via the MSLSA
2004-06-29 Ken Raeburn <raeburn@mit.edu>
* cc_memory.c (krb5_mcc_free): Don't destroy the mutex here.
2004-06-28 Ken Raeburn <raeburn@mit.edu>
* cc_memory.c: Include k5-thread.h.
(krb5int_mcc_mutex): New lock.
(krb5_mcc_store): Rewrite.
(NEED_WINDOWS): Don't define.
(krb5_mcc_*): All functions now static.
(struct _krb5_mcc_data): Delete 'next' pointer. Add a mutex.
(krb5_mcc_*): Lock and unlock the mutex as appropriate.
(struct krb5_mcc_list_node): New type, separates the linked-list
container from the data for individual nodes.
(mcc_head): Now points to krb5_mcc_list_node.
* cc-int.h (krb5int_mcc_mutex): Declare.
* ccbase.c (krb5int_cc_initialize): Initialize it.
2004-06-24 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (krb5_fcc_read_data): Combine stdio and posix versions
of code with gratuitous minor differences.
(krb5_fcc_read_int32, krb5_fcc_next_cred): Likewise.
(krb5_fcc_read_addr): Likewise. Check that filled-in length field
matches the value we tried to store (i.e., that type conversion
didn't throw away information).
(krb5_fcc_read_authdatum): Likewise.
2004-06-22 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (my_fopen): Function deleted.
(krb5_fcc_open_file): Use fopen, not my_fopen.
2004-06-21 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Comment out call to FormatMessage() which fails
horribly on non-English systems. We do not need the output
or printf statements as part of a library. Therefore, we
will ignore this for the time being. When we decide we
want to log event to the Event Log then we can properly
implement this function.
2004-06-18 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Enforce acceptable enctypes by checking against
the default_tgs_enctypes list instead of the permitted_enctypes
list; only enforce the desired enctype when retrieving tickets
to deliver to an application. do not enforce when attempting
to determine the current principal name. this is important
because specifying an enctype results in a TGS_REQ being sent
to the KDC; close memory leak of krb5_cred objects in
krb5_lcc_retrieve().
2004-06-16 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (MAC_SUBDIRS): Don't set.
2004-05-27 Ezra Peisach <epeisach@mit.edu>
* ccbase.c: Include cc-int.h.
* cc-int.h (krb5int_cc_finalize): Add prototypes for
krb5int_cc_{finalize,initialize}.
2004-05-25 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: GetMSTGT(). Initialize pTicketRequest to NULL
to prevent it being freed prior to allocation. Add krb5_context
parameter to allow krb5_get_permitted_enctype() to be called
instead of using a hardcoded list of enctypes which may change
in the future.
krb5_lcc_get_name(): fix return value if Kerberos is not supported.
2004-05-24 Ezra Peisach <epeisach@mit.edu>
* t_cc.c (cc_test): Clean up memory leaks in tests.
2004-05-15 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: The FAILED() macro only considered an error
to be a failure if the value is negative. ConstructTicketRequest()
returns positive errors. Do not use FAILED() to test the result.
Fix a potential leak of LSA allocated memory. Fix a leak of
LocalAlloc memory.
2004-04-24 Ken Raeburn <raeburn@mit.edu>
* ccbase.c: Include ctype.h.
(cc_typelist_lock): Use the new partial initializer.
(krb5int_cc_initialize): New function; finish the initialization.
(krb5int_cc_finalize): New function; destroy the mutex and free
any storage for registered types.
2004-04-13 Jeffrey Altman <jaltman@mit.edu>
* ccbase.c:
Since we have to reserve all the single letter
prefixes make them apply to all platforms
2004-04-13 Jeffrey Altman <jaltman@mit.edu>
* ccbase.c:
On Windows, if there is a ccache name provided without
a prefix but which appears to start with a drive letter,
treat it as a FILE: ccache instead of failing with a
ccache type unknown error.
2004-04-13 Jeffrey Altman <jaltman@mit.edu>
* ccbase.c:
krb5_cc_resolve() defines a function pointer ccresolver
which must be of type KRB5_CALLCONV
2004-04-06 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c:
In at least one case on Win2003 it appears that it is possible
for the logon session to be authenticated via NTLM and yet for
there to be Kerberos credentials obtained by the LSA on behalf
of the logged in user. Therefore, we are removing the test
for IsKerberosLogon() within krb5_lcc_resolve()
which was meant to avoid the need to perform GetMSTGT() when
there was no possibility of credentials being found.
2004-03-31 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Add IsWindows2000() function and use it to return
errors whenever the MSLSA: ccache type is used on platforms
older than Windows 2000. This is needed to prevent calls to
the functions loaded from ADVAPI32.DLL and SECUR32.DLL which
do not exist on the Windows 9x platforms.
2004-03-26 Sam Hartman <hartmans@mit.edu>
* fcc.h: Remove all but the definition of krb5_cc_file_ops because
the rest is static in cc_file.c
* Makefile.in (T_file): Remove (no longer builds, no longer used)
2004-03-25 Sam Hartman <hartmans@mit.edu>
* cc_file.c (krb5_fcc_generate_new): Use mkstemp not mktemp when possible
2004-03-18 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c:
Add missing return statements in krb5_lcc_start_seq_get()
Return error if principal name cannot be determined during
krb5_lcc_resolve()
* cc-int.h:
New file - Add prototypes for cc internal functions
* cc_retr.c - include cc-int.h
2004-03-05 Ken Raeburn <raeburn@mit.edu>
* ccbase.c: Include k5-thread.h.
(struct krb5_cc_typelist): Ops pointer now points to const.
(cc_typelist_lock): New mutex var.
(krb5_cc_register, krb5_cc_resolve): Lock it while working with
the type list.
2004-02-04 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c:
Remove reference to <ntstatus.h> as it is not present in the August 2001
Platform SDK used by Pismere. Instead copy the error value.
2004-02-02 Jeffrey Altman <jaltman@mit.edu>
* cc_msla.c:
GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the
value to assign to TicketRequest->TicketFlags. This field is blindly
inserted into the kdc-options[0] field of the TGS_REQ. If there are
bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result
in an unknown TGS_OPTION being processed by the KDC.
This has been fixed by mapping the Ticket Flags to KDC options.
We only map Forwardable, Forwarded, Proxiable, and Renewable. The others
should not be used.
2004-02-02 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: the MSLSA code was crashing on Pismere machines when
logging on with cross realm credentials. On these machines there are
8 tickets within the LSA cache from two different realms. One of the
krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but
a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe
processes. The attempt to access the ticket returns a SubStatus code
of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that
the logon attempt was invalid due to bad authentication information.
kerbtray has no problem listing this ticket. The other seven tickets
in the cache including the Initial Ticket are accessible. Modified
krb5_lcc_next_cred() to skip to the next ticket if an attempt to read
a single ticket fails.
2004-01-31 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Optimize the get next logic by storing a handle to
the MS TGT in the lcc_cursor data structure
2004-01-31 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Do not return tickets to the caller if they contain
NULL session keys. This is to prevent useless TGTs from being
placed into the MIT credential cache.
2004-01-30 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: As per extensive conversations with Doug Engert we have
concluded that MS is not specifying a complete set of domain information
when it comes to service tickets other than the initial TGT. What happens
is the client principal domain cannot be derived from the fields they
export. Code has now been added to obtain the domain from the initial
TGT and use that when constructing the client principals for all tickets.
This behavior can be turned off by setting a registry either on a per-user
or a system-wide basis:
{HKCU,HKLM}\Software\MIT\Kerberos5
PreserveInitialTicketIdentity = 0x0 (DWORD)
2004-01-06 Jeffrey Altman <jaltman@mit.edu>
* cc_file.c, cc_memory.c:
Add stub implementations for unimplemented krb5_cc_remove_cred()
Returns KRB5_CC_NOSUPP
* cc_mslsa.c:
Add implementation for krb5_cc_remove_cred(). Returns KRB5_CC_READONLY.
2003-12-19 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: fix indirection of a krb5_creds structure which
is passed into MSCredToMITCred().
2003-12-18 Jeffrey Altman <jaltman@mit.edu>
* cc_retr.c: Extract the test to determine if a credential matches
a requested credential according to the specified fields into
a private function: krb5int_cc_creds_match_request()
* cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to
perform a MS Kerberos LSA ticket request if there is no matching
credential in the cache. The MS Kerberos LSA places the following
restriction on what tickets it will place into the LSA cache:
tickets obtained by an application request for a specific
set of kerberos flags or enctype will not be cached.
Therefore, we first make a request with no flags or enctype in
the hope that we will be lucky and get the right ones anyway.
If not, we make the application's request and return that ticket
if it matches the other criteria.
Implemented a similar technique for krb5_lcc_store(). Since we
can not write to the cache, when a store request is made we
instead perform a ticket request through the lsa for a matching
credential. If we receive one, we return success. Otherwise,
we return the KRB5_CC_READONLY error.
With these changes I am now able to operate entirely with the MSLSA
ccache as the default cache provided the MS LSA credentials are
for the principal I wish to use. Obviously, one cannot change
principals while the MSLSA ccache is the default.
2003-12-15 Jeffrey Altman <jaltman@mit.edu>
* cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT
has expired. This will force the LSA to get a new TGT instead of
returning the expired version.
2003-12-15 Jeffrey Altman <jaltman@mit.edu>
* cc_mslsa.c: Perform a GetMSTGT() call as part of krb5_lcc_start_seq_get
to ensure that the tgt is refreshed
2003-12-13 Jeffrey Altman <jaltman@mit.edu>
* Makefile.in: Remove extranenous spaces in ##WIN32## constructs
defining MSLSA_SRC MSLSA_OBJ
2003-12-12 Tom Yu <tlyu@mit.edu>
* Makefile.in: Move ##WIN32## constructs from inside
backslash-continued lists, as it was breaking them. Move explicit
dependency information from under automatic dependencies.
2003-12-11 Jeffrey Altman <jaltman@mit.edu>
* Makefile.in, ccbase.c, cc_mslsa.c (new)
Remove all of the code which was duplicated between ms2mit.c
and the KfW Leash libraries (and who knows how many applications
shipped by third parties) and use it as the basis for a new
krb5_ccache type, "MSLSA:". The "MSLSA:" ccache type is a
read-only ccache which can be used either as a monitor of the
contents of the Microsoft LSA cache or as a source for copying
the contents to another ccache type. The purpose of migrating
this code to the krb5_32.dll is to avoid the need for applications
to be consistently updated each time Microsoft makes a change
to the behavior of the LSA cache. Changes have occurred with
the release of 2000, XP, and 2003 so far. Also, the code for
working with the MS LSA cache is not well documented and many
mistakes were made in the original versions of the ms2mit.c
code base. Unfortunately, the ms2mit.c code has been copied
into many other applications.
With access to this new ccache type, the ms2mit.c source file
is reduced from 890 lines to 80 lines including the copyright
banner.
2003-11-26 Jeffrey Altman <jaltman@mit.edu>
* cc_default.c: Add support for Leash Kinit Dialog on Windows to
krb5int_c_default()
2003-08-26 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (krb5_fcc_store_int32, krb5_fcc_store_ui_4)
(krb5_fcc_store_ui_2, krb5_fcc_store_octet): Remove gratuitous
conditionalizing of casts on USE_STDIO, left over from merge.
2003-07-22 Sam Hartman <hartmans@mit.edu>
* ccbase.c: Always register the file credentials cache type. If
we do not, then when USE_CCAPI is defined, it will not be
available.
2003-07-17 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (LIBNAME) [##WIN16##]: Don't define.
($(OBJFILE)) [##WIN16##]: Omit CP action.
2003-03-06 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c: Remove Mac header goober and include
k5-int.h after KerberosLoginPrivate.h.
2003-01-10 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Add AC_SUBST_FILE marker for libobj_frag.
2003-01-07 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (krb5_cc_file_ops, krb5_fcc_ops): Now const.
* fcc.h (krb5_cc_file_ops): Update decl.
* cc_memory.c (krb5_mcc_ops): Now const.
* ccbase.c (krb5_mcc_ops): Update decl.
* ccdefops.c (krb5_cc_dfl_ops): Now points to const.
* t_cc.c (krb5_fcc_ops, krb5_mcc_ops): Update decls.
2002-09-03 Ken Raeburn <raeburn@mit.edu>
* cc_file.c, cc_memory.c, cc_retr.c, ccbase.c, cccopy.c,
ccdefault.c, ser_cc.c, t_cc.c: Use prototype style function
definitions.
2002-08-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Revert $(S)=>/ change, for Windows support.
2002-08-23 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
2002-08-15 Ken Raeburn <raeburn@mit.edu>
* cc_file.c (ALLOC): Use calloc, not malloc.
(krb5_fcc_read_principal): Check bounds on number of components
before calling ALLOC.
2002-08-15 Tom Yu <tlyu@mit.edu>
* t_cc.c: Remove references to STDIO ccache.
2002-08-14 Ken Raeburn <raeburn@mit.edu>
* cc_file.c: Merge in cc_stdio.c, under preprocessor test for
USE_STDIO.
(USE_STDIO): Define it if HAVE_SYS_TYPES_H.
(krb5_change_cache, krb5_get_notification_message): Always
define.
(ALLOC): New macro, with overflow checking.
(krb5_fcc_read_principal, krb5_fcc_read_addrs,
krb5_fcc_read_authdata): Use it, and fix other overflow checks.
(my_fopen): Support non-Mac environments.
(krb5_fcc_open_file) [USE_STDIO]: Always use my_fopen.
(NO_FILE): New macro. All functions changed to test or assign it
rather than -1 or (FILE*)NULL.
(krb5_fcc_read_keyblock, krb5_fcc_read_data): Rewrite bounds
check.
(BINARY_MODE): Always define.
(setvbuf) [!HAVE_SETVBUF]: Define as macro using setbuf.
(krb5_fcc_open_file): Change file descriptor variable to "f" and
combine newly matching stdio and file sections. Use setvbuf
instead of checking whether to use setbuf.
* cc_stdio.c: Deleted.
* Makefile.in (STLIBOBJS, OBJS, SRCS): Updated.
* ccdefops.c (krb5_cc_dfl_ops) [!USE_CCAPI]: Always use
krb5_fcc_ops.
2002-08-09 Ken Raeburn <raeburn@mit.edu>
* cc_file.c: All functions except krb5_change_cache and
krb5_get_notification_message now static. Minor other shuffling
to become more similar to cc_stdio.c.
(krb5_fcc_data): Rename "fd" to "file"; change all uses.
* cc_stdio.c: All functions now static. Rename all krb5_scc_
functions, data types and macros to use krb5_fcc_ prefix instead.
Minor other shuffling to become more similar to cc_file.c.
(krb5_fcc_data): Rename from krb5_scc_data; reorder some fields.
(krb5_fcc_close_file): Never call fflush on a read-only file.
(BINARY_MODE): New macro.
(krb5_fcc_open_file): Combine ANSI_STDIO and non-ANSI cases
statements by using BINARY_MODE and compile-time string
concatenation. Choose lock flag value separately from call to
krb5_lock_file.
(krb5_fcc_generate_new): Use BINARY_MODE.
2002-07-09 Ken Raeburn <raeburn@mit.edu>
* cc_file.c: Put # for cpp directives in first column.
2002-60-20 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Build cc accessor functions on Windows.
[pullup from 1-2-2-branch]
2002-06-20 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c: updated to new KLL function name
* ccdefault.c: swapped include of KerberosLoginPrivate with
k5-int.h to avoid problems with including CoreServices.h after
profile.h and krb.h
* ccdefault.c: Updated Mac OS X headers to new framework layout
* ccdefops.c: created #define for USE_CCAPI now that both Mac OS 9
and Mac OS 10 use ccapi.
[pullups from 1-2-2-branch]
2002-04-10 Danilo Almeida <dalmeida@mit.edu>
* cc_file.c: Use _WIN32 instead of _WINSOCKAPI_ because
_WINSOCKAPI_ depends on the Winsock header used (i.e., Winsock 2
does not define this). What we are really trying to check for is
Win32. Include port-sockets.h for Win32. (NOTE: Why is
NEED_SOCKETS being defined after the inclusion of k5-int.h? That
is pretty useless... What we probably should do is more
consitently used NEED_SOCKETS instead of manually putting in
network code. However, some people would probably have issues
with the build being slower...)
2001-10-10 Ezra Peisach <epeisach@mit.edu>
* cc_file.c (krb5_fcc_read): Remove const from fourth argument to
function to match prototype earlier in file.
2001-10-09 Ken Raeburn <raeburn@mit.edu>
* cc_file.c, cc_memory.c, cc_stdio.c, ser_cc.c: Make prototypes
unconditional.
2001-10-05 Ken Raeburn <raeburn@mit.edu>
* cc_file.c, cc_stdio.c: Delete _MSDOS (win16) support.
* cc_memory.c, ccbase.c, ccdefault.c, ccfns.c: Don't explicitly
declare pointers FAR any more.
2001-10-03 Ken Raeburn <raeburn@mit.edu>
* cc_file.c, ccbase.c, cccopy.c, ccdefault.c, fcc.h, ser_cc.c:
Don't use KRB5_DLLIMP.
2000-10-30 Tom Yu <tlyu@mit.edu>
* cc_stdio.c: Add a "mode" field to krb5_scc_data to keep track of
what mode the file was opened in.
(krb5_scc_close_file): Ignore EBADF from fflush() if the file was
opened for readonly access. For some reason NetBSD's fflush()
exhibits this behavior.
(krb5_scc_open_file): Save the mode with which the file was opened
in data->mode.
2000-10-17 Ezra Peisach <epeisach@mit.edu>
* cc_stdio.c, cc_file.c: Unsigned/signed int cleanup.
2000-10-03 Ezra Peisach <epeisach@mit.edu>
* ser_cc.c (krb5_ccache_externalize): Use krb5_cc_get_name instead
of krb5_rc_get_name on credential cache.
* cc_file.c (krb5_fcc_get_name):
* cc_stdio.c (krb5_scc_get_name):
* cc_memory.c (krb5_mcc_get_name):
* ccfns.c (krb5_cc_get_name): Declare as returning const char *.
2000-09-25 Ezra Peisach <epeisach@mit.edu>
* cc_file.c ccbase.c, cc_stdio.c, cc_retr.c, cc_memory.c: More
signed/unsigned fixes.
Sat Sep 23 23:42:32 2000 Ezra Peisach <epeisach@mit.edu>
* t_cc.c: Code cleanup. Test more failure modes of the cache library.
* cccopy.c (krb5_cc_copy_creds): Memory leak. Call krb5_cc_end_seq_get.
* cc_file.c (krb5_fcc_generate_new): Set flags to
KRB5_TC_OPENCLOSE, otherwise parts of the library assumes that the
file is open, when it is not.
* cc_stdio.c (krb5_scc_generate_new): Same as cc_file.c change.
2000-09-22 Ezra Peisach <epeisach@mit.edu>
* Makefile.in (check-unix): Build and exectute t_cc.
* t_cc.c: Test harness for memory, stdio and file caches.
2000-07-20 Danilo Almeida <dalmeida@mit.edu>
* cc_file.c, cc_stdio.c: Remove unused krb5_[fs]cc_default_name()
prototype.
* cc_stdio.c: Fix calling convention for op functions.
* ccfns.c (krb5_cc_get_type): Fix calling convention.
* Makefile.in: Change ${CC} and ${OBJS} to $(CC) and $(OBJS) so
nmake does not freak out.
2000-07-19 Ken Raeburn <raeburn@mit.edu>
* cc_memory.c (mcc_head): Combine static declaration and
initialization.
2000-07-14 Ken Raeburn <raeburn@mit.edu>
* t_stdio.c, t_file.c, t_memory.c: Test cases copied from old
subdirectories. Currently unused.
* Makefile.in (t_stdio): New target, basically same as 'test' in
old stdio/Makefile.in.
* file, memory, stdio: Subdirectories deleted.
* cc_file.c, cc_stdio.c, cc_memory.c: New files, built from source
files of appropriate subdirectories.
* fcc.h, scc.h: New files, copied from subdirectories; temporary.
* ccfns.c: New file, implementing what used to be krb5_cc_* macros
in krb5.h.
* Makefile.in (STLIBOBJS, OBJS, SRCS): Updated.
(LOCAL_SUBDIRS): Now empty.
(LOCALINCLUDES): Remove file and stdio subdirs.
(MAC_SUBDIRS): Remove file, stdio, memory.
(##DOS## stuff, clean-windows): Delete file and memory parts.
* cc_memory.c (mcc_head): Now static.
2000-06-28 Ezra Peisach <epeisach@mit.edu>
* ccdefault.c: Add newline at end of file (compiler warning)
2000-5-31 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c: Changed kerberosPrincipal_V5 to kerberosVersion_V5
to reflect the new constant name.
2000-4-26 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c: Added version number to internal Kerberos Login
Library routine.
2000-4-13 Alexandra Ellwood <lxs@mit.edu>
* ccdefault.c: Added Kerberos Login library support (with ifdefs
to control whether or not it is on. Also added support to store a
krb5_principal in the os_context along with the default ccache
name (if known, this principal is the same as the last time we
looked at the ccache. * ccdefname.c: Added support to store a
krb5_principal in the os_context along with the default ccache
name (if known, this principal is the same as the last time we
looked at the ccache.
1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
* Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
LOCAL_INCLUDES such that one can override CFLAGS from the command
line without losing CPP search patchs and defines. Some associated
Makefile cleanup.
1999-08-23 Ken Raeburn <raeburn@mit.edu>
* cc_retr.c: New file.
(krb5_cc_retrieve_cred_seq): New function, derived from
fcc_retrieve but takes an optional list of enctypes to look for in
priority order.
(krb5_cc_retrieve_cred_default): New function. Same signature as
original fcc_retrieve but if new flag KRB5_TC_SUPPORTED_KTYPES is
set, calls krb5_get_tgs_ktypes to get a list of enctypes to look
for.
* Makefile.in (STLIBOBJS, OBJS, SRCS): Add it.
Tue May 18 19:52:56 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Remove - from recursive Win32 make invocation.
Mon May 17 14:11:45 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Clean ccapi subdirectory in clean-windows target.
Mon May 10 15:24:08 1999 Danilo Almeida <dalmeida@mit.edu>
* Makefile.in: Do win32 build in subdir.
1999-03-31 Theodore Ts'o <tytso@rsts-11.mit.edu>
* ccdefops.c: Change the default ccache type under windows to be
original FILE ccache type; this will get set to ccapi if
the krbcc32.dll can be found.
Mon Feb 8 21:53:37 1999 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in: Enable the ccapi directory for windows builds.
* ccdefops.c: Make the ccapi the default ccache type for Windows
machines.
1999-01-26 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Add ccapi to the include path so we can find stdcc.h
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
relative to buildtop and thisconfigdir, respectively.)
Sat Dec 5 01:20:31 1998 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in, ccdefops.c: Temporarily back out the ccapi ccache
under Windows so we can make sure the rest of the krb5
tree builds correctly under Windows. (Note: I didn't
revert lib/krb5/os/ccdefname.c, so setting KRB5_CC_NAME to
FILE:C:\tmp\tkt is required to make things work.)
1998-08-24 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Add windows build instructions to build CCache API
Cache implementation.
Fri Aug 20 18:30:00 1998 Miro Jurisic <meeroh@mit.edu>
* Added Frank's CCache API cache implementation and made
it default on the Mac
Thu Jul 30 13:12:30 1998 Sam Hartman <hartmans@utwig.mesas.com>
* ccbase.c: Enable memory ccache (merge adapted from Kerbnet)
1998-05-27 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Add ccache/memory as a directory to be recursively
built by this makefile under Windows.
Fri Feb 27 18:03:33 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Changed thisconfigdir to point at the lib/krb5
directory, since we've moved the configure.in tests in
this directory to the toplevel lib/krb5 configure.in
Wed Feb 18 16:19:12 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove trailing slash from thisconfigdir. Fix up
BUILDTOP for new conventions.
Thu Feb 12 16:17:46 1998 Tom Yu <tlyu@mit.edu>
* configure.in: Add commented out AC_OUTPUT to force autoreconf to
rebuild the configure script.
Wed Feb 11 22:56:49 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
* configure.in: Create the makefiles for all of the subdirectories
and move all of the configure.in tests from the
subdirectories into this configure.in.
Sat Dec 6 02:26:16 1997 Tom Yu <tlyu@mit.edu>
* Makefile.in: Add cccopy.c.
* cccopy.c: New file; krb5_cc_copy_creds from Cygnus.
Mon Sep 15 15:14:16 1997 Ezra Peisach <epeisach@mit.edu>
* ccbase.c (krb5_cc_resolve): Incoming cache name is const.
Thu Nov 21 11:55:16 EST 1996 Richard Basch <basch@lehman.com>
* Makefile.in: win32 build
* ccbase.c, ccdefault.c:
DLL export basic ccache functions
Thu Jan 2 16:57:35 1997 Tom Yu <tlyu@mit.edu>
* Makefile.in:
* configure.in: Update to new lib build procedure.
Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in (all-windows): Don't pass $(LIBCMD) on the command
line. It's set in the windows.in prologue for all
Makefiles anyway.
Wed Feb 7 00:23:18 1996 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in: Folded in danw's changes to allow
building Makefiles for the Macintosh. We now can build
MPW makefiles which are interpreted by CodeWarrior.
Fri Nov 3 21:12:31 1995 Theodore Y. Ts'o <tytso@dcl>
* configure.in: Added memory subdirectory
Fri Oct 6 22:03:30 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in: Remove ##DOS!include of config/windows.in.
config/windows.in is now included by wconfig.
Mon Sep 25 16:56:30 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the
Makefile.
Tue Aug 29 13:35:23 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in, .Sanitize, ser_cc.c - Add new ccache handle serialization
routines.
Fri Jun 9 19:31:13 1995 <tytso@rsx-11.mit.edu>
* configure.in: Remove standardized set of autoconf macros, which
are now handled by CONFIG_RULES. Use DO_SUBDIRS to
recurse down subdirectories.
Fri May 26 20:19:26 1995 Theodore Y. Ts'o (tytso@dcl)
* configure.in, Makefile.in: Add support for building shared libraries.
Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
* ccbase.c: removed unneeded INTERFACE from non-api functions.
Wed Mar 22 11:47:49 1995 <tytso@rsx-11.mit.edu>
* Makefile.in (CFLAGS): Make -I options work when the build and
source tree are different.
Fri Mar 17 19:19:07 1995 John Gilmore (gnu at toad.com)
* Makefile.in (LDFLAGS): Remove, duplicates config/pre.in.
(CFLAGS): Add -I options for file and stdio, to avoid paths in
#include statements.
(all-mac, clean-mac): Add.
* ccdefops.c: Avoid includes with pathnames, since they don't work
on the Mac. Configure the default cache based on whether the
system has <sys/types.h> (which defines types for low-level file
operations, among other things).
* configure.in (CONFIG_DIRS): Build stdio before file, for Mac
convenience (where file doesn't build).
Wed Mar 15 20:23:17 1995 Keith Vetter (keithv@fusion.com)
* Makefile.in: cleaned up for the PC
Tue Mar 7 19:53:05 1995 Mark Eichin <eichin@cygnus.com>
* configure.in: take out ISODE_DEFS.
Tue Mar 7 15:55:12 1995 Keith Vetter (keithv@fusion.com)
* ccbase.c, ccdefault.c: added window INTERFACE keyword.
* Makefile.in: made to work on the PC.
Tue Feb 28 00:35:33 1995 John Gilmore (gnu at toad.com)
* ccbase.c, ccdefault.c: Avoid <krb5/...> includes.
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Thu Oct 13 17:23:08 1994 Theodore Y. Ts'o (tytso@maytag)
* configure.in: Add ISODE_DEFS
|