1 | 2003-02-03 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
2 | * cmulocal/sasl2.m4: Don't use -ldes to check for Heimdal |
---|
3 | * saslauthd/auth_krb4.c, saslauthd/auth_shadow.c, |
---|
4 | saslauthd/auth_getpwent.c, lib/kerberos4.c: |
---|
5 | Smarter checking of #includs for des.h |
---|
6 | (Mark Keasling <mark@air.co.jp>) |
---|
7 | * saslauthd/testsaslauthd.c, saslauthd/saslauthd-doors.c: |
---|
8 | retry_read() should use a char * buffer not a void * |
---|
9 | buffer (Mark Keasling <mark@air.co.jp>) |
---|
10 | * cmulocal/berkdb.m4: Set CPPFLAGS around tests |
---|
11 | (based on patch from Leena Heino <Leena.Heino@uta.fi>) |
---|
12 | * config/sasldb.m4: Actually use results of Berkeley DB tests |
---|
13 | (Leena Heino <Leena.Heino@uta.fi>) |
---|
14 | * Ready for 2.1.12 |
---|
15 | |
---|
16 | 2003-01-31 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
17 | * Ready for 2.1.11 |
---|
18 | * utils/Makefile.am: Ensure that dbconverter-2 can see the sasldb |
---|
19 | include directory. |
---|
20 | |
---|
21 | 2003-01-29 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
22 | * plugins/digestmd5.c: Fix a situation where the realm wasn't |
---|
23 | being set for the client context, causing a segfault |
---|
24 | * config/kerberos_v4.m4: first check des_* then check DES_* |
---|
25 | during OpenSSL tests (based on ideas from |
---|
26 | Leena Heino <Leena.Heino@uta.fi>) |
---|
27 | |
---|
28 | 2003-01-28 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
29 | * config/sasldb.m4: Don't build sasldb plugin if compiling |
---|
30 | --with-dblib=none, since it will only fail to load anyway. |
---|
31 | |
---|
32 | 2003-01-27 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
33 | * saslauthd/configure.in: use CMU_ADD_LIBPATH for LDAP support |
---|
34 | (Simon Brady <simon.brady@otago.ac.nz>) |
---|
35 | |
---|
36 | 2003-01-23 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
37 | * saslauthd/acconfig.h: protect file from being included more than |
---|
38 | once (reported by Jeremy Rumpf <jrumpf@heavyload.net>) |
---|
39 | * saslauthd/configure.in, configure.in: Move OpenSSL detection into |
---|
40 | cmulocal, detect openssl for use with lak.c |
---|
41 | |
---|
42 | 2003-01-21 Ken Murchison <ken@oceana.com> |
---|
43 | * plugins/ntlm.c: only _require_ one response (LM and/or NT), not both |
---|
44 | |
---|
45 | 2003-01-09 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
46 | * saslauthd/lak.c, saslauthd/lak.h: Add the fastbind auth method |
---|
47 | (Simon Brady <simon.brady@otago.ac.nz>) |
---|
48 | |
---|
49 | 2003-01-01 Ken Murchison <ken@oceana.com> |
---|
50 | * saslauthd/configure.in, saslauthd/Makefile.am: don't make |
---|
51 | -lcrypt dependent upon --enable-plain |
---|
52 | |
---|
53 | 2002-12-11 Ken Murchison <ken@oceana.com> |
---|
54 | * plugins/otp.c: set SASL_FEAT_ALLOWS_PROXY on client side |
---|
55 | |
---|
56 | 2002-12-10 Ken Murchison <ken@oceana.com> |
---|
57 | * plugins/otp.c: explicitly #include <openssl/md5.h> to resolve |
---|
58 | OpenBSD/OpenSSL cruftiness |
---|
59 | |
---|
60 | 2002-12-10 Rob Siemborksi <rjs3@andrew.cmu.edu> |
---|
61 | * saslauthd/saslauthd-doors.c: Fix a potential memory leak when |
---|
62 | we call door_return() |
---|
63 | |
---|
64 | 2002-12-09 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
65 | * lib/auxprop.c: Correct leak in prop_clear, also update list_end |
---|
66 | in prop_request. |
---|
67 | * doc/options.html: Update use of saslauthd_path to be correct |
---|
68 | |
---|
69 | 2002-12-06 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
70 | * Ready for 2.1.10 |
---|
71 | |
---|
72 | 2002-12-05 Larry Greenfield <leg@andrew.cmu.edu> |
---|
73 | * plugins/digestmd5.c: DES key fixes. stupid DES libraries want |
---|
74 | the key in the stupid DES parity format. |
---|
75 | * plugins/digestmd5.c: refactored some of the cipher code so that |
---|
76 | there isn't RC4 state around when we're using DES and vice versa |
---|
77 | |
---|
78 | 2002-12-05 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
79 | * saslauthd/lak.c: Allocate a large enough buffer to account for |
---|
80 | a completely escaped username. (lak_escape and lak_filter) |
---|
81 | * lib/common.c: Ensure there is enough space for the trailing \0 |
---|
82 | in _sasl_log |
---|
83 | |
---|
84 | 2002-12-04 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
85 | * lib/canonusr.c: Check for potential buffer overflow |
---|
86 | |
---|
87 | 2002-12-03 Ken Murchison <ken@oceana.com> |
---|
88 | * plugins/digestmd5.c: major fast reauth rewrite, mech_step cleanup |
---|
89 | * doc/options.html: server-side reauth is disabled by default |
---|
90 | |
---|
91 | 2002-11-24 Ken Murchison <ken@oceana.com> |
---|
92 | * plugins/login.c: allow authid to be passed in initial response |
---|
93 | * doc/draft-sasl-login.txt, doc/mechanisms.html: |
---|
94 | documentation updates re: initial response |
---|
95 | |
---|
96 | 2002-11-07 Ken Murchison <ken@oceana.com> |
---|
97 | * doc/draft-nerenberg-sasl-crammd5-03.txt: added |
---|
98 | * doc/draft-nerenberg-sasl-crammd5-02.txt: deleted |
---|
99 | * doc/draft-zeilenga-sasl-anon-01.txt: added |
---|
100 | * doc/draft-zeilenga-sasl-anon-00.txt: deleted |
---|
101 | * doc/draft-zeilenga-sasl-plain-01.txt: added |
---|
102 | * doc/draft-zeilenga-sasl-plain-00.txt: deleted |
---|
103 | * doc/index.html: updated to latest CRAM-MD5, ANONYMOUS, PLAIN drafts |
---|
104 | |
---|
105 | 2002-11-01 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
106 | * plugins/kerberos4.c: Make at most 1 canon_user call, not two. |
---|
107 | (Howard Chu <hyc@highlandsun.com>) |
---|
108 | |
---|
109 | 2002-10-25 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
110 | * saslauthd/lak.c: minor cleanups |
---|
111 | |
---|
112 | 2002-10-24 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
113 | * saslauthd/lak.c: fix problem where saslauthd stops LDAP |
---|
114 | authentications when ldap_auth_method is bind. |
---|
115 | (Igor Brezac <igor@ypass.net>) |
---|
116 | * doc/sysadmin.html, doc/options.html, saslauthd/saslauthd.mdoc: |
---|
117 | documentation updates re: saslauthd mux path |
---|
118 | |
---|
119 | 2002-10-23 Ken Murchison <ken@oceana.com> |
---|
120 | * lib/external.c: added SASL_SEC_NOANONYMOUS to client side |
---|
121 | (Howard Chu, <hyc@highlandsun.com>) |
---|
122 | |
---|
123 | 2002-10-21 Ken Murchison <ken@oceana.com> |
---|
124 | * plugins/ntlm.c: NTLM probably doesn't offer perfect forward secrecy |
---|
125 | * doc/mechanisms: added table of properties/features |
---|
126 | |
---|
127 | 2002-10-20 Ken Murchison <ken@oceana.com> |
---|
128 | * saslauthd/lak.ch: consolidated hashed password checking code |
---|
129 | |
---|
130 | 2002-10-18 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
131 | * saslauthd/lak.[ch], saslauthd/auth_ldap.c: |
---|
132 | Code cleanup, now support {SHA}, {SSHA}, {MD5}, and {SMD5} hashes, |
---|
133 | misc other cleanup. (Igor Brezac <igor@ypass.net> and |
---|
134 | Thomas Lussnig <thomas.lussnig@bewegungsmelder.de>) |
---|
135 | |
---|
136 | 2002-10-17 Ken Murchison <ken@oceana.com> |
---|
137 | * doc/draft-melnikov-rfc2831bis-02.txt: added |
---|
138 | * doc/draft-melnikov-rfc2831bis-01.txt: deleted |
---|
139 | * doc/index.html: updated to latest RFC 2831bis draft |
---|
140 | |
---|
141 | 2002-10-11 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
142 | * lib/Makefile.am: add missing staticopen.h to EXTRA_DIST, |
---|
143 | fix some dependencies |
---|
144 | * Ready for 2.1.9 |
---|
145 | |
---|
146 | 2002-10-10 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
147 | * Ready for 2.1.8 |
---|
148 | |
---|
149 | 2002-10-09 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
150 | * lib/client.c: Allow plaintext mechanisms under an external security |
---|
151 | layer. |
---|
152 | |
---|
153 | 2002-10-07 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
154 | * sample/server.c: Fix some IPV6 defines |
---|
155 | (Marshall Rose <mrose@dbc.mtview.ca.us>) |
---|
156 | |
---|
157 | 2002-10-02 Ken Murchison <ken@oceana.com> |
---|
158 | * lib/checkpw.c: return SASL_NOUSER when we can't find APOP secret |
---|
159 | * lib/server.c: plug APOP memory leak and consolidate canonification |
---|
160 | * configure.in: force the use of a cache file |
---|
161 | (Carlos Velasco <carlosev@newipnet.com>) |
---|
162 | |
---|
163 | 2002-10-02 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
164 | * lib/checkpw.c: Fix some misuses of sasl_seterror |
---|
165 | (Martin Exler <m.exler@gmx.at>) |
---|
166 | |
---|
167 | 2002-09-24 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
168 | * config/sasl2.m4, saslauthd/Makefile.am: GSSAPI doesn't need |
---|
169 | to link ndbm. Also cleanup some sasldb linking in saslauthd. |
---|
170 | |
---|
171 | 2002-09-23 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
172 | * config/kerberos_v4.m4: Don't compile with kerberos unless we |
---|
173 | have both the libs and the headers (Carlos Velasco |
---|
174 | <carlosv@newipnet.com>) |
---|
175 | |
---|
176 | 2002-09-19 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
177 | * plugins/gssapi.c: endinaness corrections |
---|
178 | * sasldb/db_berkeley.c, utils/dbconverter-2.c: Berkley DB 4.1 |
---|
179 | support (Mika Iisakkila <mika.iisakkila@pingrid.fi>) |
---|
180 | |
---|
181 | 2002-09-19 Ken Murchison <ken@oceana.com> |
---|
182 | * plugins/plugin_common.[ch]: make SASL_CB_USER and result optional |
---|
183 | * plugins/anonymous.c: use SASL_CB_USER for fetching trace info, |
---|
184 | don't require SASL_CB_AUTHNAME |
---|
185 | * plugins/gssapi.c, plugins/kerberos.c: don't require SASL_CB_USER |
---|
186 | * lib/external.c: define SASL_FEAT_ALLOWS_PROXY for this mechanism, |
---|
187 | don't require SASL_CB_USER |
---|
188 | |
---|
189 | 2002-09-18 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
190 | * plugins/srp.c, plugins/kerberos4.c: correct maxoutbuf handling |
---|
191 | * plugins/digestmd5.c: correct maxoutbuf handling, actually |
---|
192 | send maxbuf to the remote. |
---|
193 | * lib/common.c: sanity check security properties |
---|
194 | |
---|
195 | 2002-09-17 Ken Murchison <ken@oceana.com> |
---|
196 | * plugins/ntlm.c: home-grown client/server NTLM implementation |
---|
197 | * configure.in: NTLM depends on OpenSSL libcrypto |
---|
198 | * doc/sysadmin.html: added NTLM blurb |
---|
199 | |
---|
200 | 2002-09-16 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
201 | * lib/canonusr.c: don't index begin_u with -1 |
---|
202 | (Randy Kunkee <randy@randallkunkee.com>) |
---|
203 | * doc/sysadmin.html: cleanup |
---|
204 | * utils/saslpasswd.c: don't exit with -SASL_FAIL |
---|
205 | * saslauthd/saslauthd-unix.c: use a char* instead of a void* in |
---|
206 | retry_read |
---|
207 | |
---|
208 | 2002-09-12 Ken Murchison <ken@oceana.com> |
---|
209 | * lib/common.c: NULL outbuf if we get no output from sasl_decode() |
---|
210 | |
---|
211 | 2002-09-11 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
212 | * plugins/mysql.c: Actually loop through the potential servers |
---|
213 | properly (Seow Kok Heng <kokheng@jhs.com.sg>) |
---|
214 | * acinclude.m4: Added copy of the correct libtool macros as |
---|
215 | acinclude.m4 |
---|
216 | * configure.in: fix for gcc 3.x |
---|
217 | (Carlos Velasco <carlosev@newipnet.com>) |
---|
218 | |
---|
219 | 2002-09-10 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
220 | * lib/server.c: Better handling of add_plugin failures |
---|
221 | |
---|
222 | 2002-09-10 Ken Murchison <ken@oceana.com> |
---|
223 | * acconfig.h, configure.in: enable/disable NTLM |
---|
224 | * lib/staticopen.h, plugins/Makefile.am, makeinit.sh, ntlm.c: |
---|
225 | added NTLM support (client-side only) |
---|
226 | |
---|
227 | 2002-09-07 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
228 | * saslauthd/configure.in, saslauthd/Makefile.am: don't |
---|
229 | do configure substitutions for the saslauthd_SOURCES variable |
---|
230 | (Carlos Velasco <carlosev@newipnet.com>) |
---|
231 | |
---|
232 | 2002-09-05 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
233 | * doc/os390.html: added |
---|
234 | * doc/index.html: referenced os390.html and macosx.html |
---|
235 | * lib/Makefile.am: better handling of plugin_common |
---|
236 | |
---|
237 | 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
238 | * (throughout) Extensive cleanup of how we build static and |
---|
239 | shared versions of libsasl. Also some more portability |
---|
240 | fixes (Howard Chu <hyc@highlandsun.com>) |
---|
241 | |
---|
242 | 2002-09-04 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
243 | * acconfig.h, configure.in: Actually check for sysexits.h, |
---|
244 | varargs.h, and stdarg.h |
---|
245 | * lib/checkpw.c: compatibility patch for retry_read |
---|
246 | (Howard Chu <hyc@highlandsun.com>) |
---|
247 | |
---|
248 | 2002-09-03 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
249 | * (throughout) fix handling of sys/param.h |
---|
250 | * (throughout) fix handling of time.h and sys/time.h |
---|
251 | * include/exits.h: include a replacement for sysexits.h |
---|
252 | * acconfig.h: define MAXHOSTNAMELEN if it isn't |
---|
253 | * lib/getaddrinfo.c, config/ipv6.m4: minor fixes for partial |
---|
254 | getaddrinfo/getnameinfo implementations |
---|
255 | * (Above changes are all from or based on ideas from |
---|
256 | Howard Chu <hyc@highlandsun.com>) |
---|
257 | |
---|
258 | 2002-08-28 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
259 | * lib/client.c, lib/saslint.h: Properly handle client-side |
---|
260 | serverFQDN and clientFQDN |
---|
261 | |
---|
262 | 2002-08-19 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
263 | * lib/dlopen.c: use correct paths when a .la file is not present |
---|
264 | (Justin Gibbs <gibbs@scsiguy.com>) |
---|
265 | |
---|
266 | 2002-08-13 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
267 | * doc/sysadmin.html: fix some /usr/lib/sasl references to |
---|
268 | /usr/lib/sasl2 (Andrew Jones <arjones@simultan.dyndns.org>) |
---|
269 | |
---|
270 | 2002-08-09 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
271 | * saslauthd/Makefile.am: fix small parts of the saslauthd.8 build |
---|
272 | process. |
---|
273 | * Ready for 2.1.7 |
---|
274 | |
---|
275 | 2002-08-06 Ken Murchison <ken@oceana.com> |
---|
276 | * plugins/digestmd5.c: disable/remove server-side fast reauth |
---|
277 | |
---|
278 | 2002-08-02 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
279 | * include/sasl.h, lib/common.c: Add SASL_AUTHUSER as a parameter |
---|
280 | to sasl_getprop |
---|
281 | |
---|
282 | 2002-08-01 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
283 | * saslauthd/lak.c: allow use of more than one %u or %r in the filter |
---|
284 | (Laurent Larquère <llarquere@aacom.fr>) |
---|
285 | |
---|
286 | 2002-07-30 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
287 | * lib/client.c, lib/server.c: Add checks for SASL_NEED_PROXY and |
---|
288 | SASL_FEAT_ALLOWS_PROXY |
---|
289 | * include/sasl.h, include/saslplug.h: Add SASL_NEED_PROXY and |
---|
290 | SASL_FEAT_ALLOWS_PROXY |
---|
291 | * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c, |
---|
292 | plugins/otp.c, plugins/plain.c, plugins/srp.c: define |
---|
293 | SASL_FEAT_ALLOWS_PROXY for these mechanisms |
---|
294 | |
---|
295 | 2002-07-27 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
296 | * saslauthd/auth_sasldb.c: Include mechanisms.h in a reasonable place. |
---|
297 | |
---|
298 | 2002-07-24 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
299 | * saslauthd/Makefile.am: Fix DEFS to still supply -I. and -I.. |
---|
300 | * configure.in: Make --with-ldap show up in top level configure script, |
---|
301 | make saslauthd compile by default |
---|
302 | * lib/saslutil.c: use read() and not fread() on /dev/random to preserve |
---|
303 | entropy |
---|
304 | * doc/sysadmin.html: Add note about using /dev/urandom |
---|
305 | |
---|
306 | 2002-07-19 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
307 | * doc/sysadmin.html, doc/readme.html, doc/upgrading.html: |
---|
308 | Misc. documentation cleanup (Joe Rhett <jrhett@isite.net>) |
---|
309 | |
---|
310 | 2002-07-17 Ken Murchison <ken@oceana.com> |
---|
311 | * lib/canonusr.c: update length of user string to length of output |
---|
312 | from callback |
---|
313 | |
---|
314 | 2002-07-16 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
315 | * plugins/cram.c: Fix a security problem in the verification of |
---|
316 | the digest string. (Andrew Jones <arjones@simultan.dyndns.org>) |
---|
317 | * Ready for 2.1.6 |
---|
318 | |
---|
319 | 2002-07-06 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
320 | * plugins/mysql.c: Further memory management cleanup. (never |
---|
321 | strdup the options, and therefore don't free staticly allocated |
---|
322 | strings) |
---|
323 | * man/sasl_getopt_t.3: Clarify semantics of memory management |
---|
324 | |
---|
325 | 2002-07-05 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
326 | * saslauthd/lak.c: Better handling of downed ldap servers |
---|
327 | (Igor Brezac <igor@ipass.net>) |
---|
328 | * sasldb/db_berkeley.c, utils/dbconverter-2.c: Use db_strerror() |
---|
329 | rather than strerror() for Berkeley DB error values. |
---|
330 | (J.H.M. Dassen (Ray) <jdassen@debian.org>) |
---|
331 | * saslauthd/Makefile.am, saslauthd/auth_ldap.c: don't |
---|
332 | hardwire the saslauthd conf file |
---|
333 | (J.H.M. Dassen (Ray) <jdassen@debian.org>) |
---|
334 | |
---|
335 | 2002-07-03 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
336 | * man/sasl_user_exists.3: fix sasl_idle reference |
---|
337 | |
---|
338 | 2002-07-02 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
339 | * lib/auxprop.c: Can now select multiple auxprop plugins |
---|
340 | * doc/options.html: updated for above |
---|
341 | * lib/client.c: improve mechanism selection to include |
---|
342 | number of security flags |
---|
343 | |
---|
344 | 2002-06-27 Ken Murchison <ken@oceana.com> |
---|
345 | * doc/draft-zeilenga-sasl-plain-00.txt: added |
---|
346 | * doc/index.html: added PLAIN draft |
---|
347 | |
---|
348 | 2002-06-26 Ken Murchison <ken@oceana.com> |
---|
349 | * doc/draft-zeilenga-sasl-anon-00.txt: added |
---|
350 | * doc/index.html: added ANONYMOUS draft |
---|
351 | |
---|
352 | 2002-06-20 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
353 | * lib/auxprop.c: Make "cound not find auxprop plugin" warning |
---|
354 | log at LOG_DEBUG |
---|
355 | |
---|
356 | 2002-06-19 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
357 | * plugins/digestmd5.c: create layer keys for integrity as |
---|
358 | well as privacy |
---|
359 | * saslauthd/auth_ldap.[ch], saslauthd/lak.[ch]: |
---|
360 | Large rewrite (Igor Brezac <igor@ipass.net>) |
---|
361 | * lib/client.c, lib/server.c, lib/common.c: |
---|
362 | Actually set most of the sparams and cparams structures |
---|
363 | |
---|
364 | 2002-06-19 Ken Murchison <ken@oceana.com> |
---|
365 | * doc/draft-melnikov-rfc2831bis-01.txt: added |
---|
366 | * doc/draft-melnikov-rfc2831bis-00.txt: deleted |
---|
367 | * doc/index.html: updated to latest RFC 2831bis draft |
---|
368 | |
---|
369 | 2002-06-18 Ken Murchison <ken@oceana.com> |
---|
370 | * doc/draft-nerenberg-sasl-crammd5-02.txt: added |
---|
371 | * doc/draft-nerenberg-sasl-crammd5-01.txt: deleted |
---|
372 | * doc/index.html: updated to latest CRAM-MD5 draft |
---|
373 | |
---|
374 | 2002-06-17 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
375 | * plugins/login.c, plugins/plain.c: Canonicalize username before |
---|
376 | doing checkpass |
---|
377 | |
---|
378 | 2002-06-14 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
379 | * lib/client.c, lib/server.c, lib/saslint.h, lib/common.c. |
---|
380 | lib/seterror.c: continued size_t vs unsigned cleanups |
---|
381 | |
---|
382 | 2002-06-13 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
383 | * saslauthd/ : remove LDAP support |
---|
384 | * Ready for 2.1.5 |
---|
385 | |
---|
386 | 2002-06-12 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
387 | * plugins/digestmd5.c: rename get_realm to get_server_realm, and |
---|
388 | pay attention to its return value |
---|
389 | * lib/external.c, lib/seterror.c: cleanup size_t/unsigned confusion |
---|
390 | |
---|
391 | 2002-06-10 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
392 | * sasldb/Makefile.am: fix handling of allockey (only include it once) |
---|
393 | * plugins/kerberos4.c: fix a reference count leak |
---|
394 | * Ready for 2.1.4 |
---|
395 | |
---|
396 | 2002-05-28 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
397 | * saslauthd/LDAP_SASLAUTHD, saslauthd/saslauthd.mdoc: |
---|
398 | Update documentation for LDAP and Saslauthd as per |
---|
399 | Igor Brezac <igor@ipass.net> |
---|
400 | |
---|
401 | 2002-05-22 Lawrence Greenfield <leg+@andrew.cmu.edu> |
---|
402 | * lib/checkpw.c: close door file descriptor in |
---|
403 | saslauthd_verify_password |
---|
404 | |
---|
405 | 2002-05-21 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
406 | * saslauthd/auth_krb5.c: fix a leak due to not |
---|
407 | calling krb5_cc_destroy on failure |
---|
408 | |
---|
409 | 2002-05-17 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
410 | * saslauthd/saslauthd-*.c: support a generic mechanism option -O |
---|
411 | instead of -H |
---|
412 | * saslauthd/auth_ldap.c, lak.c, et. al: auth_ldap overhaul |
---|
413 | (Igor Brezac <igor@ipass.net>) |
---|
414 | * lib/common.c, include/sasl.h: add sasl_version |
---|
415 | |
---|
416 | 2002-05-13 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
417 | * lib/checkpw.c: use "*cmusaslsecretPLAIN" in auxprop_verify_password |
---|
418 | (Howard Chu, <hyc@highlandsun.com>), also only make a single |
---|
419 | canon_user call. |
---|
420 | |
---|
421 | 2002-05-13 Ken Murchison <ken@oceana.com> |
---|
422 | * plugins/plugin_common.c: set the return code to SASL_FAIL, and |
---|
423 | NULL the results of the _plug_get_*() functions before we get |
---|
424 | started |
---|
425 | * plugins/digestmd5.c, otp.c, plain.c, srp.c: check for NULL or |
---|
426 | empty authzid from callback |
---|
427 | |
---|
428 | 2002-05-09 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
429 | * saslauthd/configure.in: --with-ldap now takes a path |
---|
430 | |
---|
431 | 2002-05-08 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
432 | * saslauthd/acconfig.h, auth_ldap.c, configure.in, lak.c, lak.h: |
---|
433 | Misc compile/portability fixes (mostly header-related) |
---|
434 | * utils/testsuite.c: minor getopt() parameter fix |
---|
435 | (Claus Assmann <ca+sasl@sendmail.org>) |
---|
436 | * lib/checkpw.c: fix some warnings |
---|
437 | |
---|
438 | 2002-05-07 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
439 | * Ready for 2.1.3-BETA |
---|
440 | |
---|
441 | 2002-05-06 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
442 | * include/saslplug.h: add name member for canon_user plugins |
---|
443 | * lib/canonusr.c: use name member |
---|
444 | |
---|
445 | 2002-05-06 Ken Murchison <ken@oceana.com> |
---|
446 | * plugins/digestmd5.c: added client-side reauth |
---|
447 | |
---|
448 | 2002-05-05 Ken Murchison <ken@oceana.com> |
---|
449 | * lib/client.c: pass global_context to mech_new() |
---|
450 | * lib/server.c: don't free global_context (the plugin should free it) |
---|
451 | * utils/testsuite: swapped serverlast tests so that the |
---|
452 | descriptions are correct |
---|
453 | |
---|
454 | 2002-05-03 Ken Murchison <ken@oceana.com> |
---|
455 | * plugins/digestmd5.c: added server-side reauth |
---|
456 | * doc/index.html: added Marshall Rose's SASL papers |
---|
457 | * doc/options.html: added 'reauth_timeout' |
---|
458 | |
---|
459 | 2002-05-03 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
460 | * plugins/kerberos4.c: fix compile errors |
---|
461 | * config/kerberos_v4.m4, plugins/digestmd5.c: fix des_cbc_encrypt |
---|
462 | interoperability problem (OpenSSL) |
---|
463 | * saslauthd/Makefile.am, acconfig.h, auth_ldap.c, auth_ldap.h, |
---|
464 | configure.in, lak.c, lak.h, mechanisms.c, mechanisms.h, |
---|
465 | saslauthd.conf: added experimental LDAP saslauthd module |
---|
466 | (by Igor Brezac <igor@ipass.net>) |
---|
467 | * include/saslplug.h: give auxprop plugins a name |
---|
468 | * plugins/sasldb.c: give sasldb plugin a name |
---|
469 | * lib/auxprop.c: allow auxprop selection |
---|
470 | * doc/options.html: document auxprop_plugin option |
---|
471 | |
---|
472 | 2002-05-01 Ken Murchison <ken@oceana.com> |
---|
473 | * plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: |
---|
474 | general plugin cleanup - standardizing structure |
---|
475 | |
---|
476 | 2002-04-30 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
477 | * plugins/gssapi.c: Minor cleanup of struct hack in context structure |
---|
478 | |
---|
479 | 2002-04-30 Ken Murchison <ken@oceana.com> |
---|
480 | * plugins/plugin_common.[ch], anonymous.c, cram.c, login.c, otp.c, |
---|
481 | plain.c, sasldb.c, srp.c, |
---|
482 | lib/client.c, external.c, saslint.h, server.c: general plugin |
---|
483 | cleanup - reusing more common code, standardizing structure |
---|
484 | |
---|
485 | 2002-04-28 Ken Murchison <ken@oceana.com> |
---|
486 | * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, |
---|
487 | gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, |
---|
488 | lib/external.c:finalize movement of callback/interaction stuff |
---|
489 | into plugin_common |
---|
490 | |
---|
491 | 2002-04-27 Ken Murchison <ken@oceana.com> |
---|
492 | * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, |
---|
493 | gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, |
---|
494 | lib/external.c: move make_prompts stuff into plugin_common |
---|
495 | * utils/testsuite.c: allow for testing of EXTERNAL |
---|
496 | |
---|
497 | 2002-04-26 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
498 | * sasldb/allockey.c: be sure to set userPassword and not *userPassword |
---|
499 | |
---|
500 | 2002-04-26 Ken Murchison <ken@oceana.com> |
---|
501 | * lib/client.c, server.c: check 'doneflag' just before mech_step() |
---|
502 | * plugins/plugin_common.[ch], anonymous.c, cram.c, digestmd5.c, |
---|
503 | gssapi.c, kerberosv4.c, login.c, otp.c, plain.c, srp.c, |
---|
504 | lib/external.c, Makefile.am: move callback/interaction stuff |
---|
505 | into plugin_common |
---|
506 | * plugins/plugin_common.[ch], digestmd5.c, gssapi.c, |
---|
507 | kerberosv4.c, srp.c: move decode/concatenation of multiple |
---|
508 | packets into plugin_common |
---|
509 | * utils/testsuite.c: set SASL_AUTH_EXTERNAL so we can test EXTERNAL |
---|
510 | |
---|
511 | 2002-04-25 Ken Murchison <ken@oceana.com> |
---|
512 | * plugins/otp.c: don't free the secret when we get data from a |
---|
513 | callback (and don't copy it) |
---|
514 | * plugins/gssapi.c, plain.c: make sure to set 'doneflag' when done |
---|
515 | * lib/client.c, server.c: don't call mech_step() if 'doneflag' is set |
---|
516 | |
---|
517 | 2002-04-24 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
518 | * plugins/cram.c, digestmd5.c, login.c, plain.c, srp.c: don't |
---|
519 | free the secret when we get data from a callback (and don't copy it) |
---|
520 | |
---|
521 | 2002-04-22 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
522 | * include/gai.h: Fix for compatibility with older glibc versions |
---|
523 | (Howard Chu, <hyc@highlandsun.com>) |
---|
524 | * plugins/gssapi.c: Don't always send authzid on client side |
---|
525 | (Howard Chu, <hyc@highlandsun.com>) |
---|
526 | |
---|
527 | 2002-04-18 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
528 | * saslauthd/auth_sasldb.c: Use "use_realm" instead of "realm" |
---|
529 | for lookup of secret. (Jonas Oberg <jonas@gnu.org>) |
---|
530 | * plugins/gssapi.c: Correct handling of client-side authid and |
---|
531 | authzid (Howard Chu, <hyc@highlandsun.com>) |
---|
532 | * lib/external.c: Better handling of user canonicalization |
---|
533 | (Howard Chu, <hyc@highlandsun.com>) |
---|
534 | * plugins/cram.c, digestmd5.c, gssapi.c, kerberos4.c, |
---|
535 | login.c, otp.c, plain.c, srp.c: zero out prompt_need structures |
---|
536 | before use |
---|
537 | |
---|
538 | 2002-04-17 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
539 | * plugins/cram.c, digestmd5.c, srp.c: Adjust cmusaslsecretFOO to |
---|
540 | *cmusaslsecretFOO |
---|
541 | * plugins/sasldb.c: correctly handle *(property) |
---|
542 | * lib/canonusr.c, server.c: Lookup authzid and authid auxprops |
---|
543 | correctly (and in the same place). |
---|
544 | * include/sasl.h, saslplug.h: Fix auxprop lookups |
---|
545 | (e.g. SASL_AUXPROP_AUTHZID) |
---|
546 | |
---|
547 | 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
548 | * plugins/gssapi.c: Handle null authzid's correctly |
---|
549 | * lib/server.c: fix a strcmp() that should be a memcmp() |
---|
550 | |
---|
551 | 2002-04-15 Rob Siemborski <rjs3@andrew.cmu.edu> |
---|
552 | * plugins/gssapi.c: fix how name_token and name_without_realm are |
---|
553 | freed. |
---|
554 | |
---|
555 | 2002-04-12 Ken Murchison <ken@oceana.com> |
---|
556 | * doc/draft-melnikov-rfc2831bis-00.txt: added |
---|
557 | * doc/draft-myers-saslrev-02.txt: moved TOC |
---|
558 | * doc/draft-myers-saslrev-02.txt: added |
---|
559 | * doc/draft-myers-saslrev-01.txt: deleted |
---|
560 | * doc/index.html: changed link to updated saslrev draft, |
---|
561 | added KERBEROS_V4 notation, |
---|
562 | added link to rfc2831bis draft |
---|
563 | |
---|
564 | 2002-04-08 Ken Murchison <ken@oceana.com> |
---|
565 | * lib/server.c, doc/options.html: allow multiple pwcheck_methods |
---|
566 | |
---|
567 | 2002-04-03 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
568 | * saslauthd/configure.in: properly define AUTH_KRB5 |
---|
569 | * saslauthd/auth_krb5.c: changes for MIT KRB5 |
---|
570 | |
---|
571 | 2002-03-27 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
572 | * Removed check for db3/db.h (people can just use --with-bdb-incdir) |
---|
573 | |
---|
574 | 2002-03-26 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
575 | * Ready for 2.1.2 |
---|
576 | |
---|
577 | 2002-03-11 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
578 | * plugins/kerberos4.c: Fix a race condition during mutex allocation |
---|
579 | |
---|
580 | 2002-03-04 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
581 | * lib/checkpw.c: Stop logging "authentication failed" message |
---|
582 | * plugins/gssapi.c: Reduce log level of "gss_accept_context" message |
---|
583 | |
---|
584 | 2002-02-27 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
585 | * saslauthd/saslauthd.mdoc: Clarify that sasldb with saslauthd |
---|
586 | is not what you want to be doing. |
---|
587 | * doc/sysadmin.html: Update "sasldb" verifier to "auxprop" |
---|
588 | |
---|
589 | 2002-02-22 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
590 | * lib/checkpw.c: made retry_read static |
---|
591 | |
---|
592 | 2002-02-21 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
593 | * lib/checkpw.c (auxprop_verify_password) report SASL_NOUSER instead |
---|
594 | of SASL_FAIL. |
---|
595 | * lib/client.c, lib/server.c: More Complete returning of SASL_NOTINIT |
---|
596 | * utils/testsuite.c: Better checking for SASL_NOTINIT |
---|
597 | |
---|
598 | 2002-02-11 Ken Murchison <ken@oceana.com> |
---|
599 | * plugins/srp.c: removed OpenSSL 0.9.6 dependencies, small bugfix |
---|
600 | * configure.in: cleaned up OpenSSL (libcrypto) check |
---|
601 | |
---|
602 | 2002-02-05 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
603 | * contrib/tclsasl: Add Marshall Rose's <mrose@dbc.mtview.ca.us> |
---|
604 | tclsasl patch. |
---|
605 | * plugins/anonymous.c: No longer append extra NUL to client response |
---|
606 | |
---|
607 | 2002-02-04 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
608 | * utils/saslpasswd.c: Added -n option (Ken Murchison) |
---|
609 | * lib/dlopen.c: Removed confusing entry point message. |
---|
610 | * Ready for 2.1.1 |
---|
611 | |
---|
612 | 2002-02-01 Ken Murchison <ken@oceana.com> |
---|
613 | * plugins/srp.c: fixed srp_setpass() |
---|
614 | |
---|
615 | 2002-01-31 Ken Murchison <ken@oceana.com> |
---|
616 | * include/sasl.h, lib/server.c, |
---|
617 | plugins/digestmd5.c, gssapi.c, kerberos4.c, srp.c: |
---|
618 | added SASL_SEC_MUTUAL_AUTH |
---|
619 | * plugins/srp.c: cleanup error messages and return codes |
---|
620 | |
---|
621 | 2002-01-30 Ken Murchison <ken@oceana.com> |
---|
622 | * plugins/otp.c, plugins/otp.h: added non-OPIE client/server |
---|
623 | implementation (requires OpenSSL) |
---|
624 | * configure.in: OTP now requires OpenSSL, OPIE is optional |
---|
625 | * doc/options.html, doc/readme.html, doc/sysadmin.html, doc/TODO: |
---|
626 | updated for new OTP implementation |
---|
627 | |
---|
628 | 2002-01-25 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
629 | * saslauthd/Makefile.am: Correct multiple EXTRA_DIST bug |
---|
630 | * saslauthd/Makefile.am: small typo fixed (Leena Heino <liinu@uta.fi>) |
---|
631 | |
---|
632 | 2002-01-23 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
633 | * utils/dbconverter-2.c (main): More intelligent default paths |
---|
634 | * acconfig.h: #ifndef's for _GNU_SOURCE (Assar <assar@permabit.com>) |
---|
635 | |
---|
636 | 2002-01-22 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
637 | * lib/common.c: Complete definition of sasl_global_listmech |
---|
638 | (from Love <lha@stacken.kth.se>) |
---|
639 | * lib/client.c: added checks for _sasl_client_active to |
---|
640 | sasl_client_new and sasl_client_start |
---|
641 | |
---|
642 | 2002-01-21 Ken Murchison <ken@oceana.com> |
---|
643 | * doc/draft-myers-saslrev-01.txt: moved TOC |
---|
644 | * doc/draft-ietf-cat-sasl-gssapi-05.txt: moved TOC |
---|
645 | * doc/draft-nerenberg-sasl-crammd5-01.txt: added |
---|
646 | * doc/draft-nerenberg-sasl-crammd5-00.txt: deleted |
---|
647 | * doc/index.html: changed link to updated draft |
---|
648 | * plugins/login.c (login_client_mech_step): fix client-first |
---|
649 | handling |
---|
650 | |
---|
651 | 2002-01-21 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
652 | * lib/server.c (sasl_server_start): null out *serverout and |
---|
653 | *serveroutlen, just in case. |
---|
654 | * lib/external.c: Added correct required_prompts |
---|
655 | * saslauthd/testsaslauthd.c: Added simple saslauthd client |
---|
656 | * saslauthd/Makefile.am: rules for testsaslauthd |
---|
657 | * doc/sysadmin.html: updated to reference testsaslauthd |
---|
658 | * saslauthd/saslauthd.c: allow -n 0 (for fork-per-connection) |
---|
659 | * saslauthd/saslauthd.mdoc: documentation of -n 0 |
---|
660 | * plugins/cram.c (crammd5_client_mech_step): fix client-first |
---|
661 | handling |
---|
662 | * sasldb/db_gdbm.c: improved error reporting |
---|
663 | (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> |
---|
664 | * config/sasldb.m4: improved gdbm configure handling |
---|
665 | (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> |
---|
666 | * config/kerberos_v4.m4: Detect OpenSSL libdes first. |
---|
667 | (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us> |
---|
668 | * plugins/cram.c, digestmd5.c, kervberos4.c, login.c, |
---|
669 | lib/client.c, server.c, include/saslplug.h: |
---|
670 | Cleaner client-first ABI. |
---|
671 | |
---|
672 | 2002-01-19 Ken Murchison <ken@oceana.com> |
---|
673 | * plugins/otp.c: set serverout to NULL where we have nothing to |
---|
674 | send instead of the empty string |
---|
675 | * plugins/srp.c: let glue code handle client-last/server-last |
---|
676 | situation by setting serverout appropriately |
---|
677 | |
---|
678 | 2002-01-19 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
679 | * plugins/plain.c, plugins/login.c, plugins/digestmd5.c: |
---|
680 | set serverout to NULL where we have nothing to send instead of |
---|
681 | the empty string |
---|
682 | * include/saslplug.h, lib/client.c, lib/server.c: eliminated |
---|
683 | SASL_FEAT_WANT_SERVER_LAST in favor of clever setting of serverout |
---|
684 | * plugins/digestmd5.c: removed SASL_FEAT_WANT_SERVER_LAST |
---|
685 | |
---|
686 | 2002-01-18 Ken Murchison <ken@oceana.com> |
---|
687 | * plugins/srp.c: updated to draft-burdis-cat-srp-sasl-06 |
---|
688 | * plugins/srp.c: server uses external SSF |
---|
689 | * plugins/srp.c: server sends mandatory options based on min SSF |
---|
690 | * doc/draft-burdis-cat-srp-sasl-06.txt: added |
---|
691 | * doc/draft-burdis-cat-srp-sasl-05.txt: deleted |
---|
692 | * doc/index.html: changed link to updated draft |
---|
693 | |
---|
694 | 2002-01-17 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
695 | * plugins/kerberos4.c: Actually allocate a mutex on the client side |
---|
696 | |
---|
697 | 2002-01-16 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
698 | * lib/server.c (mech_permitted): fixed incorrect return value of |
---|
699 | SASL_NOMECH that should have been 0. |
---|
700 | * lib/common.c (sasl_errdetail): fixed core if passed in conn is NULL |
---|
701 | * plugins/digestmd5.c (encode_tmp_buf): removed unneeded buffer |
---|
702 | |
---|
703 | 2002-01-16 Ken Murchison <ken@oceana.com> |
---|
704 | * plugins/srp.c: fixed layer decoding to handle multiple packets |
---|
705 | * plugins/srp.c: plugged memory leaks (now passes testsuite) |
---|
706 | * plugins/srp.c: more logging |
---|
707 | * plugins/srp.c: lots of other nits, bug fixes |
---|
708 | * utils/testsuite.c: added SSF=0/56 test |
---|
709 | |
---|
710 | 2002-01-14 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
711 | * saslauthd/auth_krb4.c (auth_krb4): fix tf_name memory leak, |
---|
712 | and other efficency fixes |
---|
713 | |
---|
714 | 2002-01-11 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
715 | * include/saslplug.h: Add flags member to params structures |
---|
716 | * lib/client.c, lib/server.c: flags parameter to sasl_*_new |
---|
717 | now gets to the plugins |
---|
718 | |
---|
719 | 2002-01-10 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
720 | * include/sasl.h: Update for sasl_global_listmech API |
---|
721 | * lib/common.c, lib/client.c, lib/server.c: sasl_global_listmech() |
---|
722 | * lib/dlopen.c (_parse_la): fix parseing of dlname= line |
---|
723 | * Ready for 2.1.0 |
---|
724 | |
---|
725 | 2002-01-09 Ken Murchison <ken@oceana.com> |
---|
726 | * plugins/otp.c: fixed security_flags |
---|
727 | * plugins/srp.c: corrected integrity layer encoding |
---|
728 | * plugins/srp.c: finished maxbuffersize handling |
---|
729 | * plugins/srp.c: fixed security_flags |
---|
730 | * doc/index.html: added reference to SRP paper |
---|
731 | |
---|
732 | 2002-01-09 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
733 | * lib/common.c (sasl_decode): Removed maxoutbuf check |
---|
734 | * man/sasl_setprop.3: Minor clarifications |
---|
735 | * plugins/digestmd5.c, plugins/gssapi.c, plugins/kerberos4.c: |
---|
736 | Assorted security layer fixes (maxoutbuf setting, mech_ssf setting) |
---|
737 | * lib/common.c, lib/client.c, lib/server.c, lib/saslint.h: |
---|
738 | Allowed client-side sasl_listmech calls. |
---|
739 | * include/sasl.h: Minor cosmetic fix to comments |
---|
740 | * doc/programming.html: Interaction memory management clarifications |
---|
741 | * lib/common.c: Fix several crash problems in getprop |
---|
742 | (Courtesy Marshall T. Rose <mrose@dbc.mtview.ca.us>) |
---|
743 | |
---|
744 | 2002-01-05 Lawrence Greenfield <leg+@andrew.cmu.edu> |
---|
745 | * saslauthd/saslauthd.c: F_SETLK doesn't block; F_SETLKW does |
---|
746 | * saslauthd/saslauthd.c: detect errors somewhat better |
---|
747 | |
---|
748 | 2002-01-04 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
749 | * lib/common.c: Allow sasl_setprop for SASL_DEFUSERREALM |
---|
750 | |
---|
751 | 2002-01-04 Ken Murchison <ken@oceana.com> |
---|
752 | * plugins/srp.c: don't send M2 if using a confidentiality layer |
---|
753 | * plugins/srp.c: more constraint checks |
---|
754 | * plugins/otp.c: improve standard hex/word response detection |
---|
755 | * doc/install.html, doc/sysadmin.html, contrib/opie-2.4-fixes: |
---|
756 | add patch for OPIE 2.4 to enable extended responses |
---|
757 | |
---|
758 | 2002-01-03 Ken Murchison <ken@oceana.com> |
---|
759 | * configure.in: removed check fpr gmp |
---|
760 | * plugins/srp.c: migrated to OpenSSL's BN (removed GNU MP dependency) |
---|
761 | |
---|
762 | 2001-12-20 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
763 | * sasldb/db_ndbm.c: Fixed small memory leak |
---|
764 | (Courtesy Howard Chu <hyc@highlandsun.com>) |
---|
765 | |
---|
766 | 2001-12-18 Ken Murchison <ken@oceana.com> |
---|
767 | * plugins/srp.c: more constraint checks |
---|
768 | |
---|
769 | 2001-12-17 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
770 | * saslauthd/saslauthd.c: Prefork a number of processes to handle |
---|
771 | connections. |
---|
772 | * saslauthd/auth_krb4.c: Handle concurrent accesses better. |
---|
773 | |
---|
774 | 2001-12-15 Ken Murchison <ken@oceana.com> |
---|
775 | * plugins/srp.c: added confidentiality layers |
---|
776 | |
---|
777 | 2001-12-14 Ken Murchison <ken@oceana.com> |
---|
778 | * plugins/srp.c: improved client/server layer option handling |
---|
779 | * plugins/srp.c: added client-side support for mandatory options |
---|
780 | * plugins/srp.c: added framework for confidentiality layers |
---|
781 | * plugins/srp.c: added some data sanity checking (thanks to |
---|
782 | Tom Holroyd <tomh@po.crl.go.jp> for feedback) |
---|
783 | |
---|
784 | 2001-12-13 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
785 | * lib/server.c, lib/common.c: Fix handling of |
---|
786 | global callbacks so that plugin_list works again |
---|
787 | |
---|
788 | 2001-12-12 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
789 | * pwcheck/Makefile.am: Added include of ../lib |
---|
790 | (from Hajimu UMEMOTO <ume@mahoroba.org>) |
---|
791 | |
---|
792 | 2001-12-11 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
793 | * sasldb/db_ndbm.c: fix call to dbm_nextkey, from |
---|
794 | Scot W. Hetzel <scot@genroco.com> |
---|
795 | |
---|
796 | 2001-12-10 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
797 | * doc/plugprog.html: Update for new user canonicalization usage. |
---|
798 | * man/sasl_canon_user.3: Update for new user canonicalization usage. |
---|
799 | * configure.in: Actually set STATIC_GSSAPIV2 when necessary |
---|
800 | |
---|
801 | 2001-12-08 Ken Murchison <ken@oceana.com> |
---|
802 | * plugins/srp.c: make sure we have the HMAC before trying to use it |
---|
803 | * plugins/srp.c: don't advertise server integrity w/o HMAC-SHA-1 |
---|
804 | * plugins/srp.c: move EVP_cleanup() to mech_free so mech can be reused |
---|
805 | |
---|
806 | 2001-12-07 Ken Murchison <ken@oceana.com> |
---|
807 | * configure.in: SRP now requires OpenSSL |
---|
808 | * plugins/srp.c: migrated to OpenSSL's MDA/cipher abstraction API |
---|
809 | * plugins/srp.c: added RIPEMD-160 support |
---|
810 | * plugins/srp.c: using "standard ACSII names" for MDA-names as |
---|
811 | documented by [SCAN] (until determined otherwise) |
---|
812 | * plugins/srp.c: using updated canon_user API to allow separate |
---|
813 | canonicalization of authid and authzid. |
---|
814 | |
---|
815 | 2001-12-06 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
816 | * lib/canonusr.c: Better logging when desired plugin is not found. |
---|
817 | * lib/checkpw.c: spelling error fixed. |
---|
818 | * lib/canonusr.c, lib/checkpw.c, lib/client.c, lib/external.c, |
---|
819 | lib/saslint.h, lib/server.c, include/sasl.h, include/saslplug.h, |
---|
820 | plugins/*.c: Updated canon_user API to allow separate |
---|
821 | canonicalization of authid and authzid. |
---|
822 | |
---|
823 | 2001-12-05 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
824 | * saslauthd/Makefile.am, saslauthd/acconfig.h, saslauthd/configure.in: |
---|
825 | Solaris 7 and FreeBSD (FreeBSD is courtesy of Claus Assmann |
---|
826 | <ca+sasl@sendmail.org>) |
---|
827 | * sasldb/Makefile.am: link order fix (Courtesy Claus Assmann |
---|
828 | <ca+sasl@sendmail.org>) |
---|
829 | |
---|
830 | 2001-12-05 Ken Murchison <ken@oceana.com> |
---|
831 | * configure.in: |
---|
832 | * plugins/Makefile.am: only build SRP with sasldb libs when |
---|
833 | srp_setpass() is enabled |
---|
834 | * plugins/srp.c: added HMAC-SHA-160 integrity layer |
---|
835 | * plugins/srp.c: don't offer integrity layers unless HMAC-SHA-160 |
---|
836 | is available (mandatory) |
---|
837 | * plugins/srp.c: fixed multiple integrity/confidentiality layer |
---|
838 | client-side bug |
---|
839 | * plugins/srp.c: fixed delete SRP secret bug |
---|
840 | * plugins/srp.c: removed VL() stuff |
---|
841 | |
---|
842 | 2001-12-04 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
843 | * utils/Makefile.am, config/sasldb.m4: Build sasldblistusers2 |
---|
844 | and saslpasswd2. Default database now /etc/sasldb2 |
---|
845 | * INSTALL, README, doc/index.html, doc/upgrading.html: Update |
---|
846 | with upgrading instructions in preparation for release. |
---|
847 | * doc/, /: Documentation reorganization, convert README and INSTALL to |
---|
848 | HTML format. |
---|
849 | * Bumped appropriate version numbers, Ready for 2.0.5-BETA |
---|
850 | |
---|
851 | 2001-12-04 Ken Murchison <ken@oceana.com> |
---|
852 | * acconfig.h, configure.in: dependency checking for SRP |
---|
853 | * acconfig.h, configure.in: |
---|
854 | * plugins/srp.c: made srp_setpass() a compile-time option (default=off) |
---|
855 | * plugins/srp.c: use auxprop to fetch cmusaslsecretSRP/userPassword |
---|
856 | * plugins/srp.c: code cleanup |
---|
857 | * acconfig.h, configure.in: |
---|
858 | * doc/sysadmin.html: |
---|
859 | * plugins/otp.c: made otp_setpass() a compile-time option (default=off) |
---|
860 | |
---|
861 | 2001-12-02 Ken Murchison <ken@oceana.com> |
---|
862 | * plugins/srp.c: fixed SHA1 support |
---|
863 | * plugins/srp.c: changed calculation of 'x' to coincide with draft -05 |
---|
864 | * plugins/srp.c: code cleanup |
---|
865 | |
---|
866 | 2001-12-01 Ken Murchison <ken@oceana.com> |
---|
867 | * plugins/srp.c: abstracted MDA interface |
---|
868 | * plugins/srp.c: added SHA1 support (not working) |
---|
869 | |
---|
870 | 2001-11-30 Ken Murchison <ken@oceana.com> |
---|
871 | * plugins/srp.c: renumbered steps to start at 1 |
---|
872 | * plugins/srp.c: check plugin API version instead of SRP_VERSION |
---|
873 | * plugins/srp.c: changed data exchanges to conform to draft -05 |
---|
874 | |
---|
875 | 2001-11-29 Ken Murchison <ken@oceana.com> |
---|
876 | * plugins/srp.c: code now compiles and runs |
---|
877 | * plugins/Makefile.am: added sasldb libs to SRP build |
---|
878 | |
---|
879 | 2001-11-24 Ken Murchison <ken@oceana.com> |
---|
880 | * lib/external.c: made EXTERNAL a client-send-first mechanism |
---|
881 | * doc/index.html: added CRAM-MD5 draft |
---|
882 | |
---|
883 | 2001-11-22 Ken Murchison <ken@oceana.com> |
---|
884 | * plugins/otp.c: fixed otp_setpass() bug |
---|
885 | * doc/sysadmin.html: OTP additions/changes |
---|
886 | |
---|
887 | 2001-11-19 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
888 | * utils/saslpasswd.c: Corrected disable handling |
---|
889 | |
---|
890 | 2001-11-17 Ken Murchison <ken@oceana.com> |
---|
891 | * doc/index.html, rfc2945.txt, rfc3174.txt: specification additions |
---|
892 | * doc/Makefile.am: Updated included RFCs and IDs |
---|
893 | |
---|
894 | 2001-11-14 Ken Murchison <ken@oceana.com> |
---|
895 | * lib/server.c, doc/options.html: added 'mech_list' option |
---|
896 | |
---|
897 | 2001-11-14 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
898 | * sasldb/allockey.c: removed an assert() call |
---|
899 | * sasldb/db_ndmb.c, sasldb/db_gdbm.c: Fixed cntxt's to be conn's |
---|
900 | |
---|
901 | 2001-11-13 Ken Murchison <ken@oceana.com> |
---|
902 | * acconfig.h, configure.in: |
---|
903 | * plugins/otp.c: support client-side OTP without OPIE |
---|
904 | |
---|
905 | 2001-11-08 Ken Murchison <ken@oceana.com> |
---|
906 | * plugins/otp.c: allow entry of one-time password via |
---|
907 | SASL_CB_ECHOPROMPT callback |
---|
908 | * plugins/otp.c: code cleanup |
---|
909 | * doc/index.html, draft*.txt: specification updates/additions |
---|
910 | |
---|
911 | 2001-11-08 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
912 | * plugins/cram.c, digestmd5.c, sasldb.c: Removed all assert() |
---|
913 | calls from supported plugins. |
---|
914 | |
---|
915 | 2001-11-07 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
916 | * utils/testsuite.c: added proxy policy checks |
---|
917 | * lib/checkpw.c (_sasl_auxprop_verify_apop): correct handling |
---|
918 | of seterror calls |
---|
919 | |
---|
920 | 2001-11-06 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
921 | * lib/canonusr.c (_canonuser_internal): added necessary seterror calls |
---|
922 | * doc/Makefile.am: Updated included RFCs and IDs |
---|
923 | * lib/canonusr.c, lib/server.c: Corrected authzid/authid handling |
---|
924 | * plugins/digestmd5.c: Unconfused authzid/authid in server call to |
---|
925 | canon_user |
---|
926 | |
---|
927 | 2001-11-01 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
928 | * plugins/gssapi.c, plugins/kerberos4.c: Get rid of unnecessary |
---|
929 | buffer copy in security layer encodes. |
---|
930 | |
---|
931 | 2001-10-24 Ken Murchison <ken@oceana.com> |
---|
932 | * plugins/otp.c: added otp_setpass() so that saslpasswd can |
---|
933 | be used instead of opiepasswd on closed systems |
---|
934 | * doc/sysadmin.html: OTP additions/changes |
---|
935 | |
---|
936 | 2001-10-22 Ken Murchison <ken@oceana.com> |
---|
937 | * acconfig.h, configure.in: detect OPIE, enable/disable OTP |
---|
938 | * plugins/Makefile.am, makeinit.sh, otp.c: added OTP support |
---|
939 | (still need work on RFC2444 compliance - depends on OPIE changes) |
---|
940 | * doc/index.html, options.html, sysadmin.html, rfc*.txt: |
---|
941 | OTP additions/changes |
---|
942 | |
---|
943 | 2001-10-18 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
944 | * utils/testsuite.c: Test DES harder for DIGEST-MD5 |
---|
945 | * plugins/digestmd5.c (enc_des): Get rid of one buffer copy. |
---|
946 | * plugins/digestmd5.c (dec_des, dec_3des): correct handling of |
---|
947 | padding length check. |
---|
948 | |
---|
949 | 2001-10-17 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
950 | * config/sasldb.m4: detect berkeley db 4 |
---|
951 | * plugins/gssapi.c, cram.c, kerberos4.c, digestmd5.c: have dispose |
---|
952 | calls deal with the possibility of a null context |
---|
953 | |
---|
954 | 2001-10-16 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
955 | * saslauthd/Makefile.am: Link LIB_PAM as well, if needed |
---|
956 | * plugins/digestmd5.c: Don't send a trailing nul on challenge and |
---|
957 | responses. |
---|
958 | * lib/server.c (sasl_server_start, sasl_server_step): Deal with |
---|
959 | authentication failures better. (Reported by Larry Rosenbaum |
---|
960 | <lmr@ornl.gov>) |
---|
961 | |
---|
962 | 2001-10-02 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
963 | * saslauthd/Makefile.am, saslauthd/auth_sasldb.c, |
---|
964 | saslauthd/configure.in: Changes to allow extraction of saslauthd |
---|
965 | as needed. |
---|
966 | |
---|
967 | 2001-09-19 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
968 | * lib/getaddrinfo.c (getaddrinfo): Correct fix for |
---|
969 | AI_PASSIVE bug from Hajimu UMEMOTO <ume@mahoroba.org> |
---|
970 | * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): |
---|
971 | revert to previous versions. |
---|
972 | |
---|
973 | * plugins/Makefile.am: Include necessry compatibility objects |
---|
974 | as needed. |
---|
975 | * lib/Makefile.am: compatibility code for static libsasl |
---|
976 | * configure.in: small changes to make compatibility objects easy |
---|
977 | to use. |
---|
978 | |
---|
979 | 2001-09-18 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
980 | * plugins/plugin_common.c, lib/common.c (_*_ipfromstring): |
---|
981 | no longer use AI_PASSIVE hint for getaddrinfo |
---|
982 | |
---|
983 | 2001-09-13 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
984 | * saslauthd/auth_sasldb.c, saslauthd/auth_sasldb.h: |
---|
985 | Added experimental sasldb saslauthd module |
---|
986 | * saslauthd/configure.in: sasldb related config changes, |
---|
987 | do not config if disabled |
---|
988 | |
---|
989 | 2001-09-12 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
990 | * saslauthd/*, lib/checkpw.c (saslauthd_verify_password): |
---|
991 | merged new saslauthd protocol from Ken Murchison <ken@oceana.com> |
---|
992 | |
---|
993 | 2001-08-30 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
994 | |
---|
995 | * configure.in, saslauthd/configure.in: check for inet_aton |
---|
996 | in libresolv.so, so as to link it if necessary |
---|
997 | |
---|
998 | * config/sasldb.m4 (BERKELEY_DB_CHK_LIB): set runpath of library |
---|
999 | if necessary |
---|
1000 | |
---|
1001 | 2001-08-29 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1002 | |
---|
1003 | * utils/testsuite.c: Minor testsuite fix (include paths) |
---|
1004 | |
---|
1005 | * Ready for 2.0.4-BETA |
---|
1006 | |
---|
1007 | 2001-08-24 Rolf Braun <rbraun+@andrew.cmu.edu> |
---|
1008 | |
---|
1009 | * Mac OS 9 and X support, including Carbon |
---|
1010 | Mac OS 9 Classic support based on the SASL v1 code |
---|
1011 | by Aaron Wohl <n3liw+@andrew.cmu.edu> |
---|
1012 | |
---|
1013 | * updated ltconfig and ltmain.sh |
---|
1014 | * acconfig.h: |
---|
1015 | * configure.in: |
---|
1016 | * lib/saslutil.c: use random() when jrand48() isn't available |
---|
1017 | |
---|
1018 | * dlcompat-20010505: |
---|
1019 | dlcompat included for OS X support, compiles separately |
---|
1020 | * lib/dlopen.c: prefix symbols with underscore on OS X, as on OpenBSD |
---|
1021 | note that this is also detected automatically by configure, |
---|
1022 | this only helps when cross-compiling (for OS X?) |
---|
1023 | |
---|
1024 | * acconfig.h: |
---|
1025 | * configure.in: |
---|
1026 | * config/kerberos_v4.m4 |
---|
1027 | look for libdes524 when libdes doesn't exist. |
---|
1028 | look for libkrb4 when libkrb doesn't exist. |
---|
1029 | |
---|
1030 | * lib/saslint.h: |
---|
1031 | * lib/common.c: |
---|
1032 | * lib/seterror.c: |
---|
1033 | * lib/Makefile.am: |
---|
1034 | split sasl_seterror() into a new file. |
---|
1035 | add_string -> _sasl_add_string and made this non-static |
---|
1036 | so seterror can use it. |
---|
1037 | added _sasl_get_errorbuf to go into the conn_t struct |
---|
1038 | so we don't have to know the format of that struct when |
---|
1039 | seterror.c is linked from glue code (i.e., the Mac OS X CFM glue) |
---|
1040 | |
---|
1041 | * acconfig.h: |
---|
1042 | fix the order of the fake iovec struct for systems that |
---|
1043 | don't have it (like Mac OS 9) so it's the same order as |
---|
1044 | most Unixes that do (like Mac OS X) -- the CFM glue needs this |
---|
1045 | |
---|
1046 | * acconfig.h: |
---|
1047 | include <sys/types.h> before we include <sys/uio.h> |
---|
1048 | |
---|
1049 | * plugins/kerberos4.c: |
---|
1050 | * lib/checkpw.c: |
---|
1051 | * acconfig.h: |
---|
1052 | * configure.in: |
---|
1053 | check for krb_get_err_txt in the kerberos 4 library, |
---|
1054 | and use it instead of the krb_err_txt[] array if available |
---|
1055 | |
---|
1056 | * plugins/kerberos4.c: |
---|
1057 | define KEYFILE to "/etc/srvtab" if not already defined |
---|
1058 | by the kerberos 4 headers (needed for MIT KfM 4.0) |
---|
1059 | |
---|
1060 | * doc/macosx.html: added this |
---|
1061 | * README: point Mac OS X users to doc/macosx.html |
---|
1062 | * doc/Makefile.am: add doc/macosx.html to distfiles |
---|
1063 | |
---|
1064 | * Makefile.am: |
---|
1065 | * lib/Makefile.am: |
---|
1066 | * include/Makefile.am: |
---|
1067 | * config/Info.plist: |
---|
1068 | * configure.in: |
---|
1069 | when building on Mac OS X, install a framework |
---|
1070 | in /Library/Frameworks |
---|
1071 | |
---|
1072 | * mac/*: |
---|
1073 | projects and support files for Mac OS 9, classic and Carbon |
---|
1074 | * mac/osx_cfm_glue: |
---|
1075 | the glue to allow CFM Carbon applications under Mac OS X |
---|
1076 | call the Unix-layer SASL library |
---|
1077 | |
---|
1078 | * lib/common.c: |
---|
1079 | * lib/canonusr.c: |
---|
1080 | don't do the auxprop stuff on Mac OS 9 |
---|
1081 | |
---|
1082 | * lib/getaddrinfo.c: |
---|
1083 | don't look up hostnames on Mac OS 9 (we only officially |
---|
1084 | support passing IP address strings anyway) |
---|
1085 | |
---|
1086 | * lib/getaddrinfo.c: |
---|
1087 | * plugins/plugin_common.c: |
---|
1088 | * plugins/plugin_common.h: |
---|
1089 | don't include headers on Mac OS 9 that we don't have. |
---|
1090 | |
---|
1091 | * sample/sample-client.c: |
---|
1092 | add a cast for Mac OS 9 (different type handling of char) |
---|
1093 | |
---|
1094 | * plugins/makeinit.sh: |
---|
1095 | include the stub header to export the right symbols on Mac OS 9 |
---|
1096 | |
---|
1097 | 2001-08-20 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1098 | * plugins/gssapi.c (gssapi_server_mech_step): fixed accidental |
---|
1099 | back link into glue code |
---|
1100 | |
---|
1101 | * config/kerberos4.m4: Actually link in -lkrb |
---|
1102 | |
---|
1103 | 2001-08-15 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1104 | * lib/common.c (_sasl_iptostring): #if 0'd out. |
---|
1105 | |
---|
1106 | * lib/server.c (sasl_user_exists): only check the verifier we |
---|
1107 | are using |
---|
1108 | |
---|
1109 | * config/kerberos_v4.m4 (SASL_DES_CHK): added |
---|
1110 | * config/kerberos_v4.m4 (SASL_KERBEROS_V4_CHK): included |
---|
1111 | entire check from configure.in |
---|
1112 | * configure.in: moved kerberos 4 code completely out. |
---|
1113 | * saslauthd/acconfig.h (WITH_DES, WITH_SSL_DES): Added |
---|
1114 | DES-related symbols |
---|
1115 | |
---|
1116 | 2001-08-14 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1117 | * configure.in: Check for sys/uio.h |
---|
1118 | * saslauthd/configure.in: Check for sys/uio.h |
---|
1119 | * config.h: Do the Right Thing for struct iovec (and |
---|
1120 | no longer include sys/uio.h elsewhere) |
---|
1121 | * saslauthd/config.h: Do the Right Thing for struct iovec (and |
---|
1122 | no longer include sys/uio.h elsewhere) |
---|
1123 | |
---|
1124 | 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1125 | * plugins/digestmd5.c (init_des, init_3des, enc_des, dec_des, |
---|
1126 | enc_3des, dec_3des): fixed interoperability problems, |
---|
1127 | 3des was not decrypting with correct key and des was not |
---|
1128 | setting up the initial vector. |
---|
1129 | |
---|
1130 | * lib/checkpw.c (always_true): log users who log in via this verifier |
---|
1131 | |
---|
1132 | 2001-08-13 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1133 | * utils/testsuite.c (giveokpath): fix memory leak |
---|
1134 | |
---|
1135 | * lib/common.c (sasl_ipfromstring): add call to freeaddrinfo() |
---|
1136 | * plugins/plugin_common.c (_plug_ipfromstring): add call to |
---|
1137 | freeaddrinfo() |
---|
1138 | |
---|
1139 | * lib/saslutil.c (sasl_randseed): actually initilize the randpool |
---|
1140 | |
---|
1141 | * saslauthd/auth_getpwent.c (auth_getpwent): clear a warning |
---|
1142 | * saslauthd/auth_shadow.c (auth_shadow): clear a similar warning |
---|
1143 | |
---|
1144 | * utils/Makefile.am (EXTRA_DIST): Actually include the needed files |
---|
1145 | |
---|
1146 | * saslauthd/configure.in: Handle shadow passwords correctly |
---|
1147 | * saslauthd/acconfig.h: Handle shadow passwords correctly |
---|
1148 | |
---|
1149 | * lib/checkpw.c (always_true): added |
---|
1150 | * configure.in: added check for alwaystrue verifier |
---|
1151 | * acconfig.h: added HAVE_ALWAYSTRUE |
---|
1152 | * doc/options.html: alwaystrue verifier documented |
---|
1153 | |
---|
1154 | 2001-08-11 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1155 | * saslauthd/: Now configures separately from SASL, so as |
---|
1156 | to localize tests for that package within that package |
---|
1157 | |
---|
1158 | * utils/dbconverter-2.c (listusers_cb): fix handling of APOP |
---|
1159 | |
---|
1160 | 2001-08-10 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1161 | * saslauthd/Makefile.am (install-data-local): |
---|
1162 | correct handling of $(DESTDIR) (and create the directory if it |
---|
1163 | isn't there) [Amos Gouaux <amos@utdallas.edu>] |
---|
1164 | |
---|
1165 | * lib/server.c (sasl_server_init): Added plugname to add_plugin |
---|
1166 | call for EXTERNAL |
---|
1167 | |
---|
1168 | * doc/index.html: updated |
---|
1169 | * doc/appconvert.html: cleaned up |
---|
1170 | |
---|
1171 | 2001-08-09 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1172 | * plugins/digestmd5.c (digestmd5_client_mech_step): handle |
---|
1173 | missing authorization name |
---|
1174 | * plugins/plain.c (plain_client_mech_step): handle |
---|
1175 | missing authorization name |
---|
1176 | |
---|
1177 | * include/sasl.h: better documentation of SASL_CB_CANON_USER |
---|
1178 | |
---|
1179 | 2001-08-08 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1180 | * saslauthd/saslauthd.mdoc: updated re: pam |
---|
1181 | * saslauthd/saslauthd.8: regenerated |
---|
1182 | * saslauthd/Makefile.am: Link against PLAIN_LIBS also |
---|
1183 | (from Ken Murchison <ken@oceana.com>) |
---|
1184 | |
---|
1185 | 2001-08-07 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1186 | * lib/client.c (sasl_server_step): corrected maxoutbuf handleing |
---|
1187 | * lib/server.c (sasl_server_step): corrected maxoutbuf handleing |
---|
1188 | * lib/saslint.h (DEFAULT_MAXOUTBUF): removed |
---|
1189 | |
---|
1190 | * lib/common.c (sasl_encodev, sasl_decode): maxbufsize checking |
---|
1191 | |
---|
1192 | * utils/testsuite.c (testseclayer,doauth): more security layer |
---|
1193 | checking. Added parameter to doauth to disable fatal() calls, |
---|
1194 | updated all callers. |
---|
1195 | |
---|
1196 | * utils/smtptest.c (main): added ability to support LMTP |
---|
1197 | |
---|
1198 | * plugins/gssapi.c: conform with draft-ietf-cat-sasl-gssapi-05.txt |
---|
1199 | |
---|
1200 | * doc/draft-ietf-cat-sasl-gssapi-05.txt: added |
---|
1201 | * doc/Makefile.am (EXTRA_DIST): added above to EXTRA_DIST |
---|
1202 | |
---|
1203 | 2001-08-06 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1204 | * utils/dbconverter-2.c (listusers_cb): handle PLAIN-APOP |
---|
1205 | |
---|
1206 | * lib/client.c (sasl_client_add_plugin, client_done): |
---|
1207 | save plugin name |
---|
1208 | * lib/server.c (sasl_server_add_plugin, server_done): |
---|
1209 | save plugin name |
---|
1210 | * lib/dlopen.c (_sasl_plugin_load): correctly pass pluginname |
---|
1211 | * lib/common.c (sasl_getprop): implement SASL_AUTHSOURCE properly |
---|
1212 | * lib/saslint.h (cmechanism_t, mechanism_t): added plugname field |
---|
1213 | * lib/canonusr.c (internal_canonuser_init): no longer limit |
---|
1214 | based on plugname |
---|
1215 | * plugins/sasldb.c (sasldb_auxprop_plug_init): no longer limit |
---|
1216 | based on plugname |
---|
1217 | |
---|
1218 | 2001-08-01 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1219 | * utils/smtptest.c (iptostring): better behaved w.r.t endianness |
---|
1220 | |
---|
1221 | * plugins/cram.c (crammd5_server_mech_step): support for old-style |
---|
1222 | secrets |
---|
1223 | * plugins/digestmd5.c (digestmd5_server_mech_step): support for |
---|
1224 | old-style secrets |
---|
1225 | * lib/checkpw.c (auxprop_verify_password,_sasl_make_plain_secret): |
---|
1226 | support for old-style secrets |
---|
1227 | * utils/dbconverter-2.c: added |
---|
1228 | * utils/sasldblistusers.c (listusers): Print out property names |
---|
1229 | as well as username@realm format. |
---|
1230 | * utils/saslpasswd.c (_sasl_sasldb_set_pass): Correctly handle updates |
---|
1231 | that concern old-style secrets |
---|
1232 | |
---|
1233 | * sasldb/allockey.c: Added a missing null to propName in key parser |
---|
1234 | |
---|
1235 | 2001-07-31 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1236 | * plugins/kerberos4.c (mech_avail): made static |
---|
1237 | |
---|
1238 | * plugins/kerberos4.c (mech_avail): fixed ipv4 check |
---|
1239 | (patch from Hajimu UMEMOTO <ume@mahoroba.org>) |
---|
1240 | |
---|
1241 | * doc/appconvert.html: vague guide documenting our experience |
---|
1242 | porting Cyrus IMAPd to use SASLv2 |
---|
1243 | * doc/Makefile.am: added appconvert.html |
---|
1244 | |
---|
1245 | * lib/client.c (sasl_client_new): fixed ip address setting to hit |
---|
1246 | relevant params structures as well |
---|
1247 | * lib/server.c (sasl_server_new): fixed ip address setting to hit |
---|
1248 | relevant params structures as well |
---|
1249 | * lib/common.c (sasl_setprop): fixed ip address setting to hit |
---|
1250 | relevant params structures as well |
---|
1251 | |
---|
1252 | * lib/common.c (sasl_seterror): fixed spelling error |
---|
1253 | |
---|
1254 | 2001-07-30 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1255 | * sasldb/db_berkeley.c: utils->seterror() calls |
---|
1256 | * sasldb/db_gdbm.c: utils->seterror() calls |
---|
1257 | * sasldb/db_ndbm.c: utils->seterror() calls |
---|
1258 | * sasldb/allockey.c: utils->seterror() calls |
---|
1259 | |
---|
1260 | * lib/common.c (sasl_seterror): still call logging callback with a |
---|
1261 | null sasl_conn_t |
---|
1262 | |
---|
1263 | * plugins/sasldb.c (sasldb_auxprop_lookup): support for multiple |
---|
1264 | properties |
---|
1265 | |
---|
1266 | * plugins/Makefile.am: added -module to LDFLAGS |
---|
1267 | |
---|
1268 | * config/sasldb.m4: Allow specification of exact berkeley db |
---|
1269 | lib and include paths |
---|
1270 | * sasldb/Makefile.am: Add proper include directory |
---|
1271 | |
---|
1272 | * sasldb/sasldb.m4 (SASL_DB_BACKEND_STATIC): include allockey.o |
---|
1273 | |
---|
1274 | * Ready for 2.0.3-BETA |
---|
1275 | |
---|
1276 | * plugins/kerberos4.c (kerberos4_server_plug_init): reset |
---|
1277 | srvtab when we do not load correctly. |
---|
1278 | |
---|
1279 | * lib/staticopen.c (_sasl_load_plugins): do not fail |
---|
1280 | if a single plugin load fails |
---|
1281 | |
---|
1282 | * include/sasl.h (SASL_CLIENT_FALLBACK): removed |
---|
1283 | |
---|
1284 | 2001-07-27 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1285 | * configure.in: extracted SASLDB-related checking |
---|
1286 | * config/sasldb.m4: added |
---|
1287 | |
---|
1288 | * configure.in: now cache the JNI include directory path |
---|
1289 | |
---|
1290 | * utils/testsuite.c: switch some sasl_errstrings to sasl_errdetail |
---|
1291 | * plugins/gssapi.c: Fix error reporting |
---|
1292 | |
---|
1293 | * plugins/gssapi.c: Required SASL_CB_USER instead of SASL_CB_AUTHNAME |
---|
1294 | |
---|
1295 | * plugins/anonymous.c: Function name standardization |
---|
1296 | * plugins/cram.c: Function name standardization |
---|
1297 | * plugins/digestmd5.c: Function name standardization |
---|
1298 | * plugins/gssapi.c: Function name standardization |
---|
1299 | * plugins/kerberos.c: Function name standardization |
---|
1300 | * plugins/login.c: Function name standardization |
---|
1301 | * plugins/plain.c: Function name standardization |
---|
1302 | |
---|
1303 | * sasldb/allockey.c: Generalized SASLdb API |
---|
1304 | * sasldb/db_berkeley.c: Generalized SASLdb API |
---|
1305 | * sasldb/db_gdbm.c: Generalized SASLdb API |
---|
1306 | * sasldb/db_ndbm.c: Generalized SASLdb API |
---|
1307 | * sasldb/db_none.c: Generalized SASLdb API |
---|
1308 | * sasldb/db_testw32.c: Added #error to block compile so the API will |
---|
1309 | be fixed when we do the Win 32 port |
---|
1310 | * plugins/sasldb.c: Use new SASLdb API |
---|
1311 | * utils/saslpasswd.c: Use new SASLdb API |
---|
1312 | |
---|
1313 | 2001-07-26 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1314 | * lib/common.c (_sasl_getcallback): fixed reference to |
---|
1315 | possibly NULL conn |
---|
1316 | |
---|
1317 | * configure.in: only build saslpasswd and sasldblistusers |
---|
1318 | if we have a meaningfull libsasldb (e.g. not db_none), |
---|
1319 | * utils/Makefile.am: only build saslpasswd and sasldblistusers |
---|
1320 | if we have a meaningfull libsasldb (e.g. not db_none), |
---|
1321 | |
---|
1322 | * configure.in: conditionally build smtptest |
---|
1323 | * utils/Makefile.am: conditionally build smtptest |
---|
1324 | |
---|
1325 | * sasldb/allockey.c (_sasldb_parse_key): added |
---|
1326 | |
---|
1327 | * sasldb/sasldb.h: New key list access API, added parameter to |
---|
1328 | sasl_check_db (all callers updated, all callees updated) |
---|
1329 | * sasldb/db_berkeley.c: Implement key list access API |
---|
1330 | * sasldb/db_gdbm.c: Implement key list access API |
---|
1331 | * sasldb/db_ndbm.c: Implement key list access API |
---|
1332 | * sasldb/db_none.c: Implement key list access API |
---|
1333 | |
---|
1334 | * utils/sasldblistuser.c: Use libsasldb instead of internal |
---|
1335 | functions. |
---|
1336 | |
---|
1337 | * utils/saslpasswd.c: No longer have separate global_utils, |
---|
1338 | call sasl_dispose and sasl_done |
---|
1339 | |
---|
1340 | * acconfig.h: check for inttypes.h |
---|
1341 | * configure.in: check for inttypes.h |
---|
1342 | * plugins/plugin_common.c: include, if necessary, inttypes.h, |
---|
1343 | reference uint32_t instead of u_int32_t |
---|
1344 | |
---|
1345 | 2001-07-25 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1346 | * lib/saslint.h: changed "sasldb" verifier to "auxprop" |
---|
1347 | * lib/server.c: changed "sasldb" verifier to "auxprop" |
---|
1348 | * lib/checkpw.c: changed "sasldb" verifier to "auxprop" |
---|
1349 | * utils/testsuite.c: changed "sasldb" verifier to "auxprop" |
---|
1350 | * doc/options.html: changed "sasldb" verifier to "auxprop" |
---|
1351 | |
---|
1352 | * README: updated upgrade information |
---|
1353 | |
---|
1354 | * utils/Makefile.am (CLEANFILES): added |
---|
1355 | |
---|
1356 | * sasldb/allockey.c (alloc_key): single place for alloc_key() |
---|
1357 | Removed alloc_key from other source files. |
---|
1358 | * sasldb/sasldb.h: added declaration of alloc_key() |
---|
1359 | |
---|
1360 | * configure.in: added checks for db-3.3 and db3.3 |
---|
1361 | |
---|
1362 | * plugins/digestmd5.c (get_realm): now error on empty user_realm |
---|
1363 | |
---|
1364 | * plugins/cram.c (client_required_prompts): removed redundant |
---|
1365 | required_prompts |
---|
1366 | |
---|
1367 | * plugins/plain.c (client_continue_step): server-send-last error |
---|
1368 | |
---|
1369 | * utils/testsuite.c (main): detailed client-send-first, |
---|
1370 | server-send-last checking |
---|
1371 | |
---|
1372 | 2001-07-24 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1373 | * plugins/sasldb.c: Cleaned up calls into the glue code |
---|
1374 | |
---|
1375 | * java/Test/*: Cleaned up java test utilities |
---|
1376 | |
---|
1377 | * configure.in: Minor GSSAPI configure changes |
---|
1378 | |
---|
1379 | * utils/saslpasswd.c: Clarfied -d option for saslpasswd |
---|
1380 | * utils/saslpasswd.8: Clarfied -d option for saslpasswd |
---|
1381 | |
---|
1382 | * doc/plugprog.html: Added plugin programmer's guide |
---|
1383 | * doc/index.html: linked to plugin programmer's guide |
---|
1384 | |
---|
1385 | * configure.in: corrected configure checking of Berkeley DB |
---|
1386 | (from Scot W. Hetzel <scot@genroco.com>) |
---|
1387 | |
---|
1388 | * configure.in: corrected checking for libcom_err |
---|
1389 | (from Scot W. Hetzel <scot@genroco.com>) |
---|
1390 | |
---|
1391 | 2001-07-23 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1392 | * configure.in: Added check for db3/db.h |
---|
1393 | |
---|
1394 | * plugins/kerberos4.c Added mech_avail (checks for IP info) |
---|
1395 | |
---|
1396 | * lib/common.c: Fixed setting of serverFQDN in _sasl_conn_init |
---|
1397 | |
---|
1398 | * lib/server.c: Fully Implemented mech_avail calls in glue code |
---|
1399 | |
---|
1400 | * lib/server.c: Fixed allocation/destruction of sasl_conn_t's |
---|
1401 | * lib/client.c: Fixed allocation/destruction of sasl_conn_t's |
---|
1402 | * lib/common.c: Rely on earlier initialization in server.c and client.c |
---|
1403 | |
---|
1404 | * doc/options.html: added |
---|
1405 | |
---|
1406 | * ChangeLog: back to standard format |
---|
1407 | |
---|
1408 | 2001-07-20 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1409 | * Can now deal with variable client-first mechs such as |
---|
1410 | DIGEST-MD5, though this interface is subject to change |
---|
1411 | * Modified parseuser to deal better with default realms |
---|
1412 | * Simplified realm handling in DIGEST-MD5 (getrealm callback |
---|
1413 | is no longer required). |
---|
1414 | * Cleaned up some memory management issues in DIGEST-MD5 |
---|
1415 | |
---|
1416 | 2001-07-19 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1417 | * Fixed prototype of sasl_getpath_t to be in conformance with |
---|
1418 | memory allocation rules |
---|
1419 | * Fixed up samples directory |
---|
1420 | * Try to dlopen using information in .la file if available |
---|
1421 | (based on patch from |
---|
1422 | Stoned Elipot <Stoned.Elipot@script.jussieu.fr>) |
---|
1423 | * Resolution of most of the server-send-first and client-send-last |
---|
1424 | issues (using mechanism feature flags) |
---|
1425 | |
---|
1426 | 2001-07-18 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1427 | * Updated config.guess and config.sub |
---|
1428 | * Better underscore checking for dlsym |
---|
1429 | * Resolved possible global_utils namespace collision |
---|
1430 | * Updated sasldb library to be expandable to multiple properties |
---|
1431 | if the need arises in the future. |
---|
1432 | * IPv6 support from Hajimu UMEMOTO <ume@mahoroba.org> |
---|
1433 | |
---|
1434 | 2001-07-17 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1435 | * Extricated sasldb support to an auxprop plugin only. |
---|
1436 | sasldb modifications can now only be done through the saslpasswd |
---|
1437 | interface. |
---|
1438 | |
---|
1439 | 2001-07-13 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1440 | * Fixed buffer overrun problem in sasldb auxprop plugin |
---|
1441 | * Removed severe memory leak from testsuite |
---|
1442 | * Version 2.0.2-ALPHA Released |
---|
1443 | |
---|
1444 | 2001-07-11 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1445 | * error reporting in KERBEROS_V4 plugin |
---|
1446 | * vague handling of SASL_AUTHSOURCE for getprop |
---|
1447 | * random misc error reporting bugs |
---|
1448 | * basic error messages for GSSAPI plugin |
---|
1449 | |
---|
1450 | 2001-07-10 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1451 | * added client-send-first logic in glue code |
---|
1452 | * removed some client-send-first logic in mechanisms |
---|
1453 | * removed IPv4 specifics from sasl_conn_t |
---|
1454 | * Much gluecode error revamping (store the error code |
---|
1455 | in sasl_conn_t) |
---|
1456 | |
---|
1457 | 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1458 | * Removed dependency on "name" in canonuser plugin structure |
---|
1459 | * Update configure.in from a new configure.scan |
---|
1460 | * Update copyright info in man pages, finished all API man pages |
---|
1461 | * Added auxprop tests to testsuite |
---|
1462 | * Added userdb callback support |
---|
1463 | |
---|
1464 | 2001-07-09 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1465 | * First attempt at making the java code work again |
---|
1466 | * Minor memory and byte order bugfixes |
---|
1467 | * Added testing support for dmalloc (--with-dmalloc) |
---|
1468 | |
---|
1469 | 2001-07-06 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1470 | * Loading of auxprop and canonuser plugins from DSOs |
---|
1471 | (This still sucks performance wise, and will be fixed soon) |
---|
1472 | * Fixed some lack of indirection in the plugins |
---|
1473 | * Reverted to the v1 entry points for the plugins |
---|
1474 | * Cleaned up a good deal of the library loading code so it |
---|
1475 | now only gets called from the sasl_*_init functions, and |
---|
1476 | all the cleanup happens in the common sasl_done function |
---|
1477 | * Added SASL_IPREMOTEPORT and SASL_IPLOCALPORT to setprop, |
---|
1478 | and now _sasl_conn_init calls it to do the same work. |
---|
1479 | |
---|
1480 | 2001-07-05 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1481 | * Working libsfsasl and smtptest program (--with-sfio) |
---|
1482 | * Fixed sasldblistusers (atleast for Berkeley DB) |
---|
1483 | * seterror() calls in ANONYMOUS, CRAM, PLAIN and LOGIN |
---|
1484 | * Some new manpages |
---|
1485 | |
---|
1486 | 2001-07-03 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1487 | * Static library compilation now optional (--with-staticsasl) |
---|
1488 | Note that this is different from --enable-static, which causes |
---|
1489 | libtool to build static versions of everything is is almost |
---|
1490 | certainly NOT what you want. |
---|
1491 | * Removed all references to the ancient NANA code. |
---|
1492 | * Updated some documentation. |
---|
1493 | |
---|
1494 | 2001-07-02 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1495 | * Improved allocation efficiency of KERBEROS_V4, DIGEST-MD5, |
---|
1496 | and GSSAPI security layers. |
---|
1497 | * Fixed a decode bug in DIGEST-MD5 (and testsuite improvements to |
---|
1498 | help find similar ones) |
---|
1499 | * Fixed a number of solaris compiler warnings |
---|
1500 | * Static Library Build Support |
---|
1501 | |
---|
1502 | 2001-06-30 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1503 | * Cleanup of some man pages (added sasl_errors.3) |
---|
1504 | |
---|
1505 | 2001-06-29 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1506 | * Cleanup of APOP Code + new man page (Ken Murchison <ken@oceana.com>) |
---|
1507 | * Cleanup of comments in some files (Ken Murchison <ken@oceana.com>) |
---|
1508 | * Fixed some compiler errors on Solaris using /opt/SUNWspro/bin/cc |
---|
1509 | (Reported by Mei-Hui Su <mei@ISI.EDU> |
---|
1510 | |
---|
1511 | 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1512 | * Improved memory allocation in default sasl_decode handler |
---|
1513 | * Added ability to disable sasl_checkapop (--disable-checkapop) |
---|
1514 | * Re-initialized kerberos mutex to NULL after it was freed |
---|
1515 | |
---|
1516 | 2001-06-28 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1517 | * Fixed a severe bug in DIGEST-MD5 Plugin |
---|
1518 | * KERBEROS_V4 plugin now thread safe |
---|
1519 | * Version 2.0.1-ALPHA Released (due to DIGEST-MD5 problem) |
---|
1520 | |
---|
1521 | 2001-06-27 Rob Siemborski <rjs3+@andrew.cmu.edu> |
---|
1522 | * Version 2.0.0-ALPHA Released |
---|