2005-01-13 Ken Raeburn <raeburn@mit.edu> * cc_file.c (struct _krb5_fcc_data): Fields disk_file_lock, file_is_locked deleted. (krb5_fcc_open_file, krb5_fcc_close_file, dereference, krb5_fcc_resolve, krb5_fcc_generate_new, krb5_fcc_set_flags): Don't set or check them. 2005-01-11 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: - do not free krb5_creds if krb5_copy_creds fails - cause MSTicketToMITTicket to return failure if krb5_copy_data fails 2004-12-25 Ezra Peisach <epeisach@mit.edu> * cc_file.c (krb5_fcc_close): Free the cache id. (dereference): When removing fcc_set entry from list, free the pointer as well. 2004-12-16 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Temporarily deactivate support for KerbSubmitTicketMessage and KerbQueryTicketCacheEx2Message until the new Platform SDK becomes publicly available. 2004-12-15 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: - Activate support for KerbSubmitTicketMessage - Activate support for KerbQueryTicketCacheEx2Message - Add locale support for regions which use MultiByte characters 2004-11-19 Ken Raeburn <raeburn@mit.edu> * cc_mslsa.c (MSCredToMITCred): Don't create an empty array for addresses, just use a null pointer now. 2004-10-07 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Fix the forced setting of the Initial Ticket Flag on Win2000 and add it to XP and 2003 SP1 2004-09-17 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Fix the error returned when krb5_lcc_start_seq_get() discovers the cache is empty. Check for the new error in krb5_lcc_initialize() 2004-09-10 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Implement krb5_lcc_initialize() Remove all tickets from the cache which have a client principal that matches the input principal. 2004-09-10 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Correct test for KerbQueryTicketCacheExMessage 2004-09-09 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: The following functionality is being committed but commented out because it is not presently available in public Microsoft SDKs - support for KerbSubmitTicket which allows a KERB_CRED message to be forwarded to the LSA. (KERB_SUBMIT_TICKET) - support for the KerbQueryTicketCacheEx2Message which adds the Session Key Enctype to the contents of the response from KerbQueryTicketCacheExMessage. (HAVE_CACHE_INFO_EX2) 2004-09-01 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: - Fix MITPrincToMSPrinc to prevent writing to the output buffer if the input won't fit. - Add internal UnicodeStringToMITPrinc function - Rename internal MSPrincToMITPrinc to ExternalNameToMITPrinc - Rename internal PurgeMSTGT to PurgeAllTickets - Add internal PurgeTicket2000 - Add internal PurgeTicketXP - Since tickets can only be requested via KDC Opt Flags it is not possible to specifically request the Initial ticket. If more than one ticket exists which matching service names, enctypes, and ticket flags the initial ticket flag may not be set. If the caller requested the initial ticket, set the flag manually. - Add preliminary support for krb5_lcc_set_flags - Modify krb5_lcc_initialize to return success - Modify krb5_lcc_get_principal to support an LSA cache which does not contain a TGT when krb5_lcc_resolve is called. - Implement krb5_lcc_remove_cred 2004-08-27 Ken Raeburn <raeburn@mit.edu> * t_cc.c (init_test_cred): Terminate argument list to krb5_build_principal with NULL, not 0. Patch from Nalin Dahyabhai. 2004-08-15 Ken Raeburn <raeburn@mit.edu> * cc_file.c (struct _krb5_fcc_data): Add new mutex disk_file_lock and flag file_is_locked. (krb5_fcc_close_file): Unlock the mutex and clear the flag. (krb5_fcc_open_file): Acquire the mutex before locking the file, and set the flag after. (krb5_fcc_resolve): Initialize the new mutex and flag. (krb5_fcc_generate_new): Initialize both mutexes and the flag. (dereference): Destroy the new mutex. * cc_file.c: Add buffering on reading. (FCC_BUFSIZ): New macro. (struct _krb5_fcc_data): Add new fields buf, valid_bytes, cur_offset. (krb5_fcc_resolve, krb5_fcc_generate_new): Initialize valid_bytes. (invalidate_cache): New function. (krb5_fcc_write, krb5_fcc_open_file, krb5_fcc_destroy): Call invalidate_cache. (fcc_lseek): New function. (krb5_fcc_skip_header, krb5_fcc_destroy, krb5_fcc_start_seq_get, krb5_fcc_next_cred, krb5_fcc_store): Use fcc_lseek instead of lseek. (fcc_read): Use and maybe refill the buffer. (dereference): Zap the contents of the buffer before freeing it. * cc_file.c (dereference): Lock mutex around call to krb5_fcc_close_file. 2004-08-12 Ken Raeburn <raeburn@mit.edu> * cc_file.c (krb5_fcc_close_file): Change first argument to be an fcc-data pointer, not a krb5_ccache. All calls changed. (struct fcc_set): Add a refcount member. (Definition accidentally introduced without comment in an earlier patch.) (krb5int_cc_file_mutex, fccs): New variables, for managing a global list of open credential cache files. (dereference): New function, with most of old close/destroy operations. Decrements reference count and only frees the object and removes it from the global list if the refcount hits zero. (krb5_fcc_close, krb5_fcc_destroy): Call dereference. (krb5_fcc_resolve): If a file cache is already open with the same file name, increment its reference count and don't create a new one. When a new one is created, add it to the global list. * cc-int.h (krb5int_cc_file_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. (krb5int_cc_finalize): Destroy it, and krb5int_mcc_mutex. 2004-08-05 Ken Raeburn <raeburn@mit.edu> * cc_file.c: Remove USE_STDIO support. 2004-07-25 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: is_windows_xp() should test for major version > 5 not >= 5. 2004-07-18 Ezra Peisach <epeisach@mit.edu> * cc_memory.c (krb5_mcc_store): When allocating krb5_mcc_link memory - allocate sizeof() - not sizeof(sizeof()). 2004-07-16 Ken Raeburn <raeburn@mit.edu> * cc_file.c: Don't check for macsock.h. 2004-07-15 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c (krb5_cc_default, krb5int_cc_default) Removed default_ccprincipal field from krb5_context 2004-07-14 Ken Raeburn <raeburn@mit.edu> * t_cc.c (cc_test): Rename one of the "resolve" cases so the messages can be distinguished. 2004-07-07 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Fix thread safety 2004-07-07 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: When obtaining a TGT from MSLSA, do not ignore the cache if the requested enctype is the NULL enctype. 2004-06-30 Ken Raeburn <raeburn@mit.edu> * cc_file.c (krb5_fcc_data): Added a mutex. (krb5_fcc_read*, krb5_fcc_write, krb5_fcc_store_*, krb5_fcc_open_file, krb5_fcc_skip_header, krb5_fcc_skip_principal): Verify that the mutex is locked. (MAYBE_OPEN): Verify that the mutex is locked; unlock it if returning an error. (krb5_fcc_initialize, krb5_fcc_start_seq_get, krb5_fcc_get_principal, krb5_fcc_store, krb5_fcc_set_flags): Lock and unlock the mutex. (krb5_fcc_close): Likewise. Destroy the mutex when done. (krb5_fcc_destroy): Merge stdio and non-stdio versions a little more. Destroy the mutex when done. (krb5_fcc_resolve): Initialize and lock the mutex. (krb5_fcc_next_cred): Lock and unlock the mutex. Merge the stdio and non-stdio branches a little more. 2004-06-29 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: - is_windows_2000() indicates the OS is Windows 2000 or higher - is_windows_xp() indicates the OS is Windows XP or higher which indicates that PKERB_QUERY_TKT_CACHE_EX_RESPONSE and PKERB_TICKET_CACHE_INFO_EX are available. - does_retrieve_ticket_cache_ticket() checks to see if a Microsoft private fix is available which adds a new Cache Flag, KERB_RETRIEVE_TICKET_CACHE_TICKET, which when set causes the requested ticket to be stored in the LSA cache even when the TicketFlags and EncType are not set to 0. - KerbExternalTicketMatch() is a test to determine if two Microsoft External Tickets are identical + use the KerbQueryTicketCacheExMessage LSA call on XP or higher + specify the KERB_RETRIEVE_TICKET_CACHE_TICKET flag when it is available = The combination of both + items will cause the ClientRealm to be displayed properly for all cross realm tickets obtained via the MSLSA 2004-06-29 Ken Raeburn <raeburn@mit.edu> * cc_memory.c (krb5_mcc_free): Don't destroy the mutex here. 2004-06-28 Ken Raeburn <raeburn@mit.edu> * cc_memory.c: Include k5-thread.h. (krb5int_mcc_mutex): New lock. (krb5_mcc_store): Rewrite. (NEED_WINDOWS): Don't define. (krb5_mcc_*): All functions now static. (struct _krb5_mcc_data): Delete 'next' pointer. Add a mutex. (krb5_mcc_*): Lock and unlock the mutex as appropriate. (struct krb5_mcc_list_node): New type, separates the linked-list container from the data for individual nodes. (mcc_head): Now points to krb5_mcc_list_node. * cc-int.h (krb5int_mcc_mutex): Declare. * ccbase.c (krb5int_cc_initialize): Initialize it. 2004-06-24 Ken Raeburn <raeburn@mit.edu> * cc_file.c (krb5_fcc_read_data): Combine stdio and posix versions of code with gratuitous minor differences. (krb5_fcc_read_int32, krb5_fcc_next_cred): Likewise. (krb5_fcc_read_addr): Likewise. Check that filled-in length field matches the value we tried to store (i.e., that type conversion didn't throw away information). (krb5_fcc_read_authdatum): Likewise. 2004-06-22 Ken Raeburn <raeburn@mit.edu> * cc_file.c (my_fopen): Function deleted. (krb5_fcc_open_file): Use fopen, not my_fopen. 2004-06-21 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Comment out call to FormatMessage() which fails horribly on non-English systems. We do not need the output or printf statements as part of a library. Therefore, we will ignore this for the time being. When we decide we want to log event to the Event Log then we can properly implement this function. 2004-06-18 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Enforce acceptable enctypes by checking against the default_tgs_enctypes list instead of the permitted_enctypes list; only enforce the desired enctype when retrieving tickets to deliver to an application. do not enforce when attempting to determine the current principal name. this is important because specifying an enctype results in a TGS_REQ being sent to the KDC; close memory leak of krb5_cred objects in krb5_lcc_retrieve(). 2004-06-16 Ken Raeburn <raeburn@mit.edu> * Makefile.in (MAC_SUBDIRS): Don't set. 2004-05-27 Ezra Peisach <epeisach@mit.edu> * ccbase.c: Include cc-int.h. * cc-int.h (krb5int_cc_finalize): Add prototypes for krb5int_cc_{finalize,initialize}. 2004-05-25 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: GetMSTGT(). Initialize pTicketRequest to NULL to prevent it being freed prior to allocation. Add krb5_context parameter to allow krb5_get_permitted_enctype() to be called instead of using a hardcoded list of enctypes which may change in the future. krb5_lcc_get_name(): fix return value if Kerberos is not supported. 2004-05-24 Ezra Peisach <epeisach@mit.edu> * t_cc.c (cc_test): Clean up memory leaks in tests. 2004-05-15 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: The FAILED() macro only considered an error to be a failure if the value is negative. ConstructTicketRequest() returns positive errors. Do not use FAILED() to test the result. Fix a potential leak of LSA allocated memory. Fix a leak of LocalAlloc memory. 2004-04-24 Ken Raeburn <raeburn@mit.edu> * ccbase.c: Include ctype.h. (cc_typelist_lock): Use the new partial initializer. (krb5int_cc_initialize): New function; finish the initialization. (krb5int_cc_finalize): New function; destroy the mutex and free any storage for registered types. 2004-04-13 Jeffrey Altman <jaltman@mit.edu> * ccbase.c: Since we have to reserve all the single letter prefixes make them apply to all platforms 2004-04-13 Jeffrey Altman <jaltman@mit.edu> * ccbase.c: On Windows, if there is a ccache name provided without a prefix but which appears to start with a drive letter, treat it as a FILE: ccache instead of failing with a ccache type unknown error. 2004-04-13 Jeffrey Altman <jaltman@mit.edu> * ccbase.c: krb5_cc_resolve() defines a function pointer ccresolver which must be of type KRB5_CALLCONV 2004-04-06 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: In at least one case on Win2003 it appears that it is possible for the logon session to be authenticated via NTLM and yet for there to be Kerberos credentials obtained by the LSA on behalf of the logged in user. Therefore, we are removing the test for IsKerberosLogon() within krb5_lcc_resolve() which was meant to avoid the need to perform GetMSTGT() when there was no possibility of credentials being found. 2004-03-31 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Add IsWindows2000() function and use it to return errors whenever the MSLSA: ccache type is used on platforms older than Windows 2000. This is needed to prevent calls to the functions loaded from ADVAPI32.DLL and SECUR32.DLL which do not exist on the Windows 9x platforms. 2004-03-26 Sam Hartman <hartmans@mit.edu> * fcc.h: Remove all but the definition of krb5_cc_file_ops because the rest is static in cc_file.c * Makefile.in (T_file): Remove (no longer builds, no longer used) 2004-03-25 Sam Hartman <hartmans@mit.edu> * cc_file.c (krb5_fcc_generate_new): Use mkstemp not mktemp when possible 2004-03-18 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Add missing return statements in krb5_lcc_start_seq_get() Return error if principal name cannot be determined during krb5_lcc_resolve() * cc-int.h: New file - Add prototypes for cc internal functions * cc_retr.c - include cc-int.h 2004-03-05 Ken Raeburn <raeburn@mit.edu> * ccbase.c: Include k5-thread.h. (struct krb5_cc_typelist): Ops pointer now points to const. (cc_typelist_lock): New mutex var. (krb5_cc_register, krb5_cc_resolve): Lock it while working with the type list. 2004-02-04 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Remove reference to <ntstatus.h> as it is not present in the August 2001 Platform SDK used by Pismere. Instead copy the error value. 2004-02-02 Jeffrey Altman <jaltman@mit.edu> * cc_msla.c: GetMSCacheTicketFromCacheInfo() uses the tktinfo->TicketFlags as the value to assign to TicketRequest->TicketFlags. This field is blindly inserted into the kdc-options[0] field of the TGS_REQ. If there are bits such as TRANSIT_POLICY_CHECKED in the TicketFlags, this will result in an unknown TGS_OPTION being processed by the KDC. This has been fixed by mapping the Ticket Flags to KDC options. We only map Forwardable, Forwarded, Proxiable, and Renewable. The others should not be used. 2004-02-02 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: the MSLSA code was crashing on Pismere machines when logging on with cross realm credentials. On these machines there are 8 tickets within the LSA cache from two different realms. One of the krbtgt/CLIENT-REALM@CLIENT-REALM tickets (not the Initial ticket but a Forwarded ticket) is inaccessible to the ms2mit.exe and leash32.exe processes. The attempt to access the ticket returns a SubStatus code of STATUS_LOGON_FAILURE (0xC000006DL) which is supposed to mean that the logon attempt was invalid due to bad authentication information. kerbtray has no problem listing this ticket. The other seven tickets in the cache including the Initial Ticket are accessible. Modified krb5_lcc_next_cred() to skip to the next ticket if an attempt to read a single ticket fails. 2004-01-31 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Optimize the get next logic by storing a handle to the MS TGT in the lcc_cursor data structure 2004-01-31 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Do not return tickets to the caller if they contain NULL session keys. This is to prevent useless TGTs from being placed into the MIT credential cache. 2004-01-30 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: As per extensive conversations with Doug Engert we have concluded that MS is not specifying a complete set of domain information when it comes to service tickets other than the initial TGT. What happens is the client principal domain cannot be derived from the fields they export. Code has now been added to obtain the domain from the initial TGT and use that when constructing the client principals for all tickets. This behavior can be turned off by setting a registry either on a per-user or a system-wide basis: {HKCU,HKLM}\Software\MIT\Kerberos5 PreserveInitialTicketIdentity = 0x0 (DWORD) 2004-01-06 Jeffrey Altman <jaltman@mit.edu> * cc_file.c, cc_memory.c: Add stub implementations for unimplemented krb5_cc_remove_cred() Returns KRB5_CC_NOSUPP * cc_mslsa.c: Add implementation for krb5_cc_remove_cred(). Returns KRB5_CC_READONLY. 2003-12-19 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: fix indirection of a krb5_creds structure which is passed into MSCredToMITCred(). 2003-12-18 Jeffrey Altman <jaltman@mit.edu> * cc_retr.c: Extract the test to determine if a credential matches a requested credential according to the specified fields into a private function: krb5int_cc_creds_match_request() * cc_mslsa.c: Extend the functionality of krb5_lcc_retrieve() to perform a MS Kerberos LSA ticket request if there is no matching credential in the cache. The MS Kerberos LSA places the following restriction on what tickets it will place into the LSA cache: tickets obtained by an application request for a specific set of kerberos flags or enctype will not be cached. Therefore, we first make a request with no flags or enctype in the hope that we will be lucky and get the right ones anyway. If not, we make the application's request and return that ticket if it matches the other criteria. Implemented a similar technique for krb5_lcc_store(). Since we can not write to the cache, when a store request is made we instead perform a ticket request through the lsa for a matching credential. If we receive one, we return success. Otherwise, we return the KRB5_CC_READONLY error. With these changes I am now able to operate entirely with the MSLSA ccache as the default cache provided the MS LSA credentials are for the principal I wish to use. Obviously, one cannot change principals while the MSLSA ccache is the default. 2003-12-15 Jeffrey Altman <jaltman@mit.edu> * cc_msla.c: Enable purging of the MS Kerberos LSA cache when the TGT has expired. This will force the LSA to get a new TGT instead of returning the expired version. 2003-12-15 Jeffrey Altman <jaltman@mit.edu> * cc_mslsa.c: Perform a GetMSTGT() call as part of krb5_lcc_start_seq_get to ensure that the tgt is refreshed 2003-12-13 Jeffrey Altman <jaltman@mit.edu> * Makefile.in: Remove extranenous spaces in ##WIN32## constructs defining MSLSA_SRC MSLSA_OBJ 2003-12-12 Tom Yu <tlyu@mit.edu> * Makefile.in: Move ##WIN32## constructs from inside backslash-continued lists, as it was breaking them. Move explicit dependency information from under automatic dependencies. 2003-12-11 Jeffrey Altman <jaltman@mit.edu> * Makefile.in, ccbase.c, cc_mslsa.c (new) Remove all of the code which was duplicated between ms2mit.c and the KfW Leash libraries (and who knows how many applications shipped by third parties) and use it as the basis for a new krb5_ccache type, "MSLSA:". The "MSLSA:" ccache type is a read-only ccache which can be used either as a monitor of the contents of the Microsoft LSA cache or as a source for copying the contents to another ccache type. The purpose of migrating this code to the krb5_32.dll is to avoid the need for applications to be consistently updated each time Microsoft makes a change to the behavior of the LSA cache. Changes have occurred with the release of 2000, XP, and 2003 so far. Also, the code for working with the MS LSA cache is not well documented and many mistakes were made in the original versions of the ms2mit.c code base. Unfortunately, the ms2mit.c code has been copied into many other applications. With access to this new ccache type, the ms2mit.c source file is reduced from 890 lines to 80 lines including the copyright banner. 2003-11-26 Jeffrey Altman <jaltman@mit.edu> * cc_default.c: Add support for Leash Kinit Dialog on Windows to krb5int_c_default() 2003-08-26 Ken Raeburn <raeburn@mit.edu> * cc_file.c (krb5_fcc_store_int32, krb5_fcc_store_ui_4) (krb5_fcc_store_ui_2, krb5_fcc_store_octet): Remove gratuitous conditionalizing of casts on USE_STDIO, left over from merge. 2003-07-22 Sam Hartman <hartmans@mit.edu> * ccbase.c: Always register the file credentials cache type. If we do not, then when USE_CCAPI is defined, it will not be available. 2003-07-17 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBNAME) [##WIN16##]: Don't define. ($(OBJFILE)) [##WIN16##]: Omit CP action. 2003-03-06 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c: Remove Mac header goober and include k5-int.h after KerberosLoginPrivate.h. 2003-01-10 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag. 2003-01-07 Ken Raeburn <raeburn@mit.edu> * cc_file.c (krb5_cc_file_ops, krb5_fcc_ops): Now const. * fcc.h (krb5_cc_file_ops): Update decl. * cc_memory.c (krb5_mcc_ops): Now const. * ccbase.c (krb5_mcc_ops): Update decl. * ccdefops.c (krb5_cc_dfl_ops): Now points to const. * t_cc.c (krb5_fcc_ops, krb5_mcc_ops): Update decls. 2002-09-03 Ken Raeburn <raeburn@mit.edu> * cc_file.c, cc_memory.c, cc_retr.c, ccbase.c, cccopy.c, ccdefault.c, ser_cc.c, t_cc.c: Use prototype style function definitions. 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-08-15 Ken Raeburn <raeburn@mit.edu> * cc_file.c (ALLOC): Use calloc, not malloc. (krb5_fcc_read_principal): Check bounds on number of components before calling ALLOC. 2002-08-15 Tom Yu <tlyu@mit.edu> * t_cc.c: Remove references to STDIO ccache. 2002-08-14 Ken Raeburn <raeburn@mit.edu> * cc_file.c: Merge in cc_stdio.c, under preprocessor test for USE_STDIO. (USE_STDIO): Define it if HAVE_SYS_TYPES_H. (krb5_change_cache, krb5_get_notification_message): Always define. (ALLOC): New macro, with overflow checking. (krb5_fcc_read_principal, krb5_fcc_read_addrs, krb5_fcc_read_authdata): Use it, and fix other overflow checks. (my_fopen): Support non-Mac environments. (krb5_fcc_open_file) [USE_STDIO]: Always use my_fopen. (NO_FILE): New macro. All functions changed to test or assign it rather than -1 or (FILE*)NULL. (krb5_fcc_read_keyblock, krb5_fcc_read_data): Rewrite bounds check. (BINARY_MODE): Always define. (setvbuf) [!HAVE_SETVBUF]: Define as macro using setbuf. (krb5_fcc_open_file): Change file descriptor variable to "f" and combine newly matching stdio and file sections. Use setvbuf instead of checking whether to use setbuf. * cc_stdio.c: Deleted. * Makefile.in (STLIBOBJS, OBJS, SRCS): Updated. * ccdefops.c (krb5_cc_dfl_ops) [!USE_CCAPI]: Always use krb5_fcc_ops. 2002-08-09 Ken Raeburn <raeburn@mit.edu> * cc_file.c: All functions except krb5_change_cache and krb5_get_notification_message now static. Minor other shuffling to become more similar to cc_stdio.c. (krb5_fcc_data): Rename "fd" to "file"; change all uses. * cc_stdio.c: All functions now static. Rename all krb5_scc_ functions, data types and macros to use krb5_fcc_ prefix instead. Minor other shuffling to become more similar to cc_file.c. (krb5_fcc_data): Rename from krb5_scc_data; reorder some fields. (krb5_fcc_close_file): Never call fflush on a read-only file. (BINARY_MODE): New macro. (krb5_fcc_open_file): Combine ANSI_STDIO and non-ANSI cases statements by using BINARY_MODE and compile-time string concatenation. Choose lock flag value separately from call to krb5_lock_file. (krb5_fcc_generate_new): Use BINARY_MODE. 2002-07-09 Ken Raeburn <raeburn@mit.edu> * cc_file.c: Put # for cpp directives in first column. 2002-60-20 Danilo Almeida <dalmeida@mit.edu> * Makefile.in: Build cc accessor functions on Windows. [pullup from 1-2-2-branch] 2002-06-20 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c: updated to new KLL function name * ccdefault.c: swapped include of KerberosLoginPrivate with k5-int.h to avoid problems with including CoreServices.h after profile.h and krb.h * ccdefault.c: Updated Mac OS X headers to new framework layout * ccdefops.c: created #define for USE_CCAPI now that both Mac OS 9 and Mac OS 10 use ccapi. [pullups from 1-2-2-branch] 2002-04-10 Danilo Almeida <dalmeida@mit.edu> * cc_file.c: Use _WIN32 instead of _WINSOCKAPI_ because _WINSOCKAPI_ depends on the Winsock header used (i.e., Winsock 2 does not define this). What we are really trying to check for is Win32. Include port-sockets.h for Win32. (NOTE: Why is NEED_SOCKETS being defined after the inclusion of k5-int.h? That is pretty useless... What we probably should do is more consitently used NEED_SOCKETS instead of manually putting in network code. However, some people would probably have issues with the build being slower...) 2001-10-10 Ezra Peisach <epeisach@mit.edu> * cc_file.c (krb5_fcc_read): Remove const from fourth argument to function to match prototype earlier in file. 2001-10-09 Ken Raeburn <raeburn@mit.edu> * cc_file.c, cc_memory.c, cc_stdio.c, ser_cc.c: Make prototypes unconditional. 2001-10-05 Ken Raeburn <raeburn@mit.edu> * cc_file.c, cc_stdio.c: Delete _MSDOS (win16) support. * cc_memory.c, ccbase.c, ccdefault.c, ccfns.c: Don't explicitly declare pointers FAR any more. 2001-10-03 Ken Raeburn <raeburn@mit.edu> * cc_file.c, ccbase.c, cccopy.c, ccdefault.c, fcc.h, ser_cc.c: Don't use KRB5_DLLIMP. 2000-10-30 Tom Yu <tlyu@mit.edu> * cc_stdio.c: Add a "mode" field to krb5_scc_data to keep track of what mode the file was opened in. (krb5_scc_close_file): Ignore EBADF from fflush() if the file was opened for readonly access. For some reason NetBSD's fflush() exhibits this behavior. (krb5_scc_open_file): Save the mode with which the file was opened in data->mode. 2000-10-17 Ezra Peisach <epeisach@mit.edu> * cc_stdio.c, cc_file.c: Unsigned/signed int cleanup. 2000-10-03 Ezra Peisach <epeisach@mit.edu> * ser_cc.c (krb5_ccache_externalize): Use krb5_cc_get_name instead of krb5_rc_get_name on credential cache. * cc_file.c (krb5_fcc_get_name): * cc_stdio.c (krb5_scc_get_name): * cc_memory.c (krb5_mcc_get_name): * ccfns.c (krb5_cc_get_name): Declare as returning const char *. 2000-09-25 Ezra Peisach <epeisach@mit.edu> * cc_file.c ccbase.c, cc_stdio.c, cc_retr.c, cc_memory.c: More signed/unsigned fixes. Sat Sep 23 23:42:32 2000 Ezra Peisach <epeisach@mit.edu> * t_cc.c: Code cleanup. Test more failure modes of the cache library. * cccopy.c (krb5_cc_copy_creds): Memory leak. Call krb5_cc_end_seq_get. * cc_file.c (krb5_fcc_generate_new): Set flags to KRB5_TC_OPENCLOSE, otherwise parts of the library assumes that the file is open, when it is not. * cc_stdio.c (krb5_scc_generate_new): Same as cc_file.c change. 2000-09-22 Ezra Peisach <epeisach@mit.edu> * Makefile.in (check-unix): Build and exectute t_cc. * t_cc.c: Test harness for memory, stdio and file caches. 2000-07-20 Danilo Almeida <dalmeida@mit.edu> * cc_file.c, cc_stdio.c: Remove unused krb5_[fs]cc_default_name() prototype. * cc_stdio.c: Fix calling convention for op functions. * ccfns.c (krb5_cc_get_type): Fix calling convention. * Makefile.in: Change ${CC} and ${OBJS} to $(CC) and $(OBJS) so nmake does not freak out. 2000-07-19 Ken Raeburn <raeburn@mit.edu> * cc_memory.c (mcc_head): Combine static declaration and initialization. 2000-07-14 Ken Raeburn <raeburn@mit.edu> * t_stdio.c, t_file.c, t_memory.c: Test cases copied from old subdirectories. Currently unused. * Makefile.in (t_stdio): New target, basically same as 'test' in old stdio/Makefile.in. * file, memory, stdio: Subdirectories deleted. * cc_file.c, cc_stdio.c, cc_memory.c: New files, built from source files of appropriate subdirectories. * fcc.h, scc.h: New files, copied from subdirectories; temporary. * ccfns.c: New file, implementing what used to be krb5_cc_* macros in krb5.h. * Makefile.in (STLIBOBJS, OBJS, SRCS): Updated. (LOCAL_SUBDIRS): Now empty. (LOCALINCLUDES): Remove file and stdio subdirs. (MAC_SUBDIRS): Remove file, stdio, memory. (##DOS## stuff, clean-windows): Delete file and memory parts. * cc_memory.c (mcc_head): Now static. 2000-06-28 Ezra Peisach <epeisach@mit.edu> * ccdefault.c: Add newline at end of file (compiler warning) 2000-5-31 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c: Changed kerberosPrincipal_V5 to kerberosVersion_V5 to reflect the new constant name. 2000-4-26 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c: Added version number to internal Kerberos Login Library routine. 2000-4-13 Alexandra Ellwood <lxs@mit.edu> * ccdefault.c: Added Kerberos Login library support (with ifdefs to control whether or not it is on. Also added support to store a krb5_principal in the os_context along with the default ccache name (if known, this principal is the same as the last time we looked at the ccache. * ccdefname.c: Added support to store a krb5_principal in the os_context along with the default ccache name (if known, this principal is the same as the last time we looked at the ccache. 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-08-23 Ken Raeburn <raeburn@mit.edu> * cc_retr.c: New file. (krb5_cc_retrieve_cred_seq): New function, derived from fcc_retrieve but takes an optional list of enctypes to look for in priority order. (krb5_cc_retrieve_cred_default): New function. Same signature as original fcc_retrieve but if new flag KRB5_TC_SUPPORTED_KTYPES is set, calls krb5_get_tgs_ktypes to get a list of enctypes to look for. * Makefile.in (STLIBOBJS, OBJS, SRCS): Add it. Tue May 18 19:52:56 1999 Danilo Almeida <dalmeida@mit.edu> * Makefile.in: Remove - from recursive Win32 make invocation. Mon May 17 14:11:45 1999 Danilo Almeida <dalmeida@mit.edu> * Makefile.in: Clean ccapi subdirectory in clean-windows target. Mon May 10 15:24:08 1999 Danilo Almeida <dalmeida@mit.edu> * Makefile.in: Do win32 build in subdir. 1999-03-31 Theodore Ts'o <tytso@rsts-11.mit.edu> * ccdefops.c: Change the default ccache type under windows to be original FILE ccache type; this will get set to ccapi if the krbcc32.dll can be found. Mon Feb 8 21:53:37 1999 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in: Enable the ccapi directory for windows builds. * ccdefops.c: Make the ccapi the default ccache type for Windows machines. 1999-01-26 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Add ccapi to the include path so we can find stdcc.h 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) Sat Dec 5 01:20:31 1998 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in, ccdefops.c: Temporarily back out the ccapi ccache under Windows so we can make sure the rest of the krb5 tree builds correctly under Windows. (Note: I didn't revert lib/krb5/os/ccdefname.c, so setting KRB5_CC_NAME to FILE:C:\tmp\tkt is required to make things work.) 1998-08-24 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Add windows build instructions to build CCache API Cache implementation. Fri Aug 20 18:30:00 1998 Miro Jurisic <meeroh@mit.edu> * Added Frank's CCache API cache implementation and made it default on the Mac Thu Jul 30 13:12:30 1998 Sam Hartman <hartmans@utwig.mesas.com> * ccbase.c: Enable memory ccache (merge adapted from Kerbnet) 1998-05-27 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Add ccache/memory as a directory to be recursively built by this makefile under Windows. Fri Feb 27 18:03:33 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Changed thisconfigdir to point at the lib/krb5 directory, since we've moved the configure.in tests in this directory to the toplevel lib/krb5 configure.in Wed Feb 18 16:19:12 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Thu Feb 12 16:17:46 1998 Tom Yu <tlyu@mit.edu> * configure.in: Add commented out AC_OUTPUT to force autoreconf to rebuild the configure script. Wed Feb 11 22:56:49 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile * configure.in: Create the makefiles for all of the subdirectories and move all of the configure.in tests from the subdirectories into this configure.in. Sat Dec 6 02:26:16 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: Add cccopy.c. * cccopy.c: New file; krb5_cc_copy_creds from Cygnus. Mon Sep 15 15:14:16 1997 Ezra Peisach <epeisach@mit.edu> * ccbase.c (krb5_cc_resolve): Incoming cache name is const. Thu Nov 21 11:55:16 EST 1996 Richard Basch <basch@lehman.com> * Makefile.in: win32 build * ccbase.c, ccdefault.c: DLL export basic ccache functions Thu Jan 2 16:57:35 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * configure.in: Update to new lib build procedure. Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (all-windows): Don't pass $(LIBCMD) on the command line. It's set in the windows.in prologue for all Makefiles anyway. Wed Feb 7 00:23:18 1996 Theodore Y. Ts'o <tytso@dcl> * Makefile.in: Folded in danw's changes to allow building Makefiles for the Macintosh. We now can build MPW makefiles which are interpreted by CodeWarrior. Fri Nov 3 21:12:31 1995 Theodore Y. Ts'o <tytso@dcl> * configure.in: Added memory subdirectory Fri Oct 6 22:03:30 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in: Remove ##DOS!include of config/windows.in. config/windows.in is now included by wconfig. Mon Sep 25 16:56:30 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the Makefile. Tue Aug 29 13:35:23 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in, .Sanitize, ser_cc.c - Add new ccache handle serialization routines. Fri Jun 9 19:31:13 1995 <tytso@rsx-11.mit.edu> * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. Use DO_SUBDIRS to recurse down subdirectories. Fri May 26 20:19:26 1995 Theodore Y. Ts'o (tytso@dcl) * configure.in, Makefile.in: Add support for building shared libraries. Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) * ccbase.c: removed unneeded INTERFACE from non-api functions. Wed Mar 22 11:47:49 1995 <tytso@rsx-11.mit.edu> * Makefile.in (CFLAGS): Make -I options work when the build and source tree are different. Fri Mar 17 19:19:07 1995 John Gilmore (gnu at toad.com) * Makefile.in (LDFLAGS): Remove, duplicates config/pre.in. (CFLAGS): Add -I options for file and stdio, to avoid paths in #include statements. (all-mac, clean-mac): Add. * ccdefops.c: Avoid includes with pathnames, since they don't work on the Mac. Configure the default cache based on whether the system has <sys/types.h> (which defines types for low-level file operations, among other things). * configure.in (CONFIG_DIRS): Build stdio before file, for Mac convenience (where file doesn't build). Wed Mar 15 20:23:17 1995 Keith Vetter (keithv@fusion.com) * Makefile.in: cleaned up for the PC Tue Mar 7 19:53:05 1995 Mark Eichin <eichin@cygnus.com> * configure.in: take out ISODE_DEFS. Tue Mar 7 15:55:12 1995 Keith Vetter (keithv@fusion.com) * ccbase.c, ccdefault.c: added window INTERFACE keyword. * Makefile.in: made to work on the PC. Tue Feb 28 00:35:33 1995 John Gilmore (gnu at toad.com) * ccbase.c, ccdefault.c: Avoid <krb5/...> includes. Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) * Added krb5_context to all krb5_routines Thu Oct 13 17:23:08 1994 Theodore Y. Ts'o (tytso@maytag) * configure.in: Add ISODE_DEFS