<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">
<title>
GitLab
</title>
<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<h3>
Timo Aaltonen pushed to branch upstream
at <a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp">FreeIPA packaging / gss-ntlmssp</a>
</h3>
<h4>
Commits:
</h4>
<ul>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/e498737a96e8832a2cb9141ab1fe51e129185a48">e498737a</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2016-07-01T10:18:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add compatibility with OpenSSL 1.1.0
In their continued wisdom OpenSSL developers keep breaking APIs left and right
with very poor documentation and forward/backward source compatibility.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/5bdd7f00d204ced1be540a1f10bc561d1d3761c0">5bdd7f00</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2017-03-20T09:51:55-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Port some documentation into the tree
It used to be on the old fedorahosted wiki, but let's keep it as
markdown in the tree for now.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/3599d8174c0cec498ae3fdf50e4f52efbd454ca0">3599d817</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2017-03-31T18:01:50-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Rename and split the README file
Use markdown for neat formatting on pagure.
This file is used as the project description so add information on other
related documentation and split out the old testing information.
Signed-off-by: Simo Sorce <simo@redhat.com>
Merges #9
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/17ce6893fffbd3d1d27a23eba06b9e586aef5bb1">17ce6893</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-04-18T14:09:32-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support for RFC5801
These are the only GSS-API functions that can return a mechanism name
given an oid. These are now used by mod_auth_gssapi, so let's support
them in gssntlmssp.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/554dc66bf059efef988b05d70e60a89ad4448df1">554dc66b</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-04-18T15:29:44-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add support to return SSF value
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/75e3840fc7d7471235a8e1edaf114b0ba735e377">75e3840f</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-04-18T15:36:40-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release 0.8.0
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/1092838e47d6f3bacb41c682027238fabded6dc4">1092838e</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-05-15T21:04:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix strncpy warnings with recent compilers
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/7c06e520782818b34fe946c5420c30958ad8a18a">7c06e520</a></strong>
<div>
<span>by David Woodhouse</span>
<i>at 2019-05-15T21:04:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add gss_inquire_attrs_for_mech()
Since commit 030a4a03a ("Report inquire_attrs_For_mech mech failures") in
MIT krb5, NTLMSSP fallback within SPNEGO is no longer working. It seems
that providing a gss_inquire_attrs_for_mech() function is now mandatory.
Although it does seem that perhaps krb5 should be a little more forgiving
and just assume GSS_C_NO_OID_SET, fix it anyway.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/2251a7224f488ac20604b6a12ccfe30d99170ef2">2251a722</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-05-15T21:04:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Return actual data for RFC5587 API
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/c0e7dfb2cd1988e66c35168c6e1c0ca41c28b5b8">c0e7dfb2</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-12-11T17:16:23-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add new Windows version flags
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/17da78c71c65b643b5ec9658d9efa053b63968e4">17da78c7</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-12-11T17:16:43-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add Key exchange also when wanting integrity only
Key Exchange allows for improved security properties so it is always a
good idea to ask it whenever we want to perform any integrity not just
when full confidentiality is requested.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/0edd59546b68197648340dec34547c4d8b7f67d6">0edd5954</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-12-17T09:05:33-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add build CI</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/18e44bbbd56e84bafba5ec00a0b69d5342ff46f8">18e44bbb</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-12-17T09:14:53-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">also on pull requests</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/b3484a6fffa82ab3f9d8d5b0ba937b4afbf95cd5">b3484a6f</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2019-12-17T10:35:41-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix CI dependencies
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/bfc7232dbb2259072a976fc9cdb6ae4bfd323304">bfc7232d</a></strong>
<div>
<span>by Amandeep Gautam</span>
<i>at 2019-12-17T19:31:08-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">add support for getting session key
Return seesion key when gssntlm_inquire_sec_context_by_oid is called
witth GSS_C_INQ_SSPI_SESSION_KEY.
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/ef893b8942ed44f585ebaa40d0b3bfa62d4b96e0">ef893b89</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-08T11:43:35-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Minor wording change about release pages</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/e3d6fa39bb574f0d1c0848f8a8fb6ceb91536c70">e3d6fa39</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-08T12:14:42-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">We moved gss-ntlmssp officially to Github
Update docs to reflect the move</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/2be70af840f8fec74e0fc827455e1a11ddbf7902">2be70af8</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-08T12:26:55-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Minor formatting</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/9d7a275a4d6494606fb54713876e4f5cbf4d1362">9d7a275a</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-08T12:32:32-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add build status</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/38a28bf71277ca49a5f21fdc8b80819f38b5028d">38a28bf7</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-29T15:27:56-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Drop support for GSS_C_MA_NOT_DFLT_MECH
When this MEchanism Attribute is exposed as supported it causes GSSAPI
implementations to eclude the mechanism completely as vaiable to acquire
creds from pseudo mechanisms like SPNEGO.
This is not what was intended when we added this flag. The intention was
to not make this mechanism the default when mutliple are available, and
specifically to not make it preferred over krb5.
However given this is not how the fal works, we need to drop it now.
It may be re-introduced at a later time as a runtime settings when we
grow a way to set configuration in a file somewhere so that admin can
control this behavior.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/c22160db77b2e0cd931b0213feb3744348cfdace">c22160db</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-04-29T15:44:49-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release version 0.9.0
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/dbae04dd4a115ba332ecc2f375fe835e3a45e18b">dbae04dd</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix test_gssapi_rfc5587
Test was broken by commit 38a28bf71277ca49a5f21fdc8b80819f38b5028d
But CI failed to catch it because it was not actually running tests just
building them ...
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/9f35bf83a06e459e429811695acd54efc7beb9da">9f35bf83</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Actually run tests with make check
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/f89766bd60687315f73fe1a62bde19eb8591ed6b">f89766bd</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add two tests around NTLMSSP_NEGOTIATE_LMKEY
One test is a missing example from the MS-NLMP test vectors.
The second one is the puzzle in issue #13
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/556adfa0ca0a4adb628ecac2120d9c266ce9d6b6">556adfa0</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refine LM compatibility level logic
Fix a bug with level 4 not allowing NTLMv2
Rename the V2 flag to give the right meaning.
Fix LM Challenger Response geneation, I realized the artifical
NoLMResponseNTLMv1 boolean in MS-NLMP documents just refers to
compatibility level 2 where NTLMv1 is used but LM is not.
Add one call to check for v2 usage helper instead of doing raw checks
on ctx flags outside of gss_ntlmssp.c Contextually make flags private,
to gss_ntlmssp.c so helpers must be used.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/ab1f3211e6ca297e4c415895407fbb1cfea8616e">ab1f3211</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Refactor the gssntlm_required_security function
Keeps manipulation of ctx->sec_req inside gss_ntlmssp.c
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/8e99bcbb705742c56320d901c3acbd50df1ee947">8e99bcbb</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Implement reading LM/NT hashes
Fixes imports of NT hashes (hex_to_key was broken)
Adds ability to read NTLM_USER_FILE that uses smbpasswd format.
(allows to import NT and LM hashes directly)
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/4c94faabfc78611148eadf0664723d8a73a0c479">4c94faab</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test for smpasswd-like user files
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/13818978eac7b366d12c8852ad8f03f7efd76dfd">13818978</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-14T11:12:12+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix CI scripts
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/a14a99672c81fe2d0eebb71edd86055ad190e417">a14a9967</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-18T18:57:07+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Return confidentiality status.
And make sure it is tested so it does not regress.
Thanks to Jordan Borean for spotting this.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/26b3b6b954ca87c69d3cb537a1e51fd15a5ef2d4">26b3b6b9</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-20T11:59:23+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix segfault in sign/seal functions
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/0279a3e8209de555476b2ce075f949fb82913bb2">0279a3e8</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-26T21:58:39+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix dummy signature generation
When always sign is set but no sign or seal was negotiated we mistakenly
set the sequence number ionstead of the signature version in the
signature version field.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/36b3a2685f235a24e5a0a7fb84ca055aab57acac">36b3a268</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-27T12:17:15+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use UCS16LE instead of UCS-2LE
MS-NLMP in 2.2 indicates that UTF-16 little endian w/o BOM is used.
Make sure we do the same as now some chracters maybe used in
usernames and passwords that use code points outside of the range
that can be handled by UCS-2LE.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/9377d9087f0a2ed9e4f027b2aaa390ac928ad8f2">9377d908</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-05-28T21:34:26+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Provide a zero lm key if the password is too long
In Windows LM and NT keys are not geneated on the fly, but usually
stored in the Windows key store, therefore when LM generation fails or
is disable the LM Key is usually all zeros. Do the same here.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/46c642f0d39a6c68539641b5f4003c7c53608120">46c642f0</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-06-09T14:15:40+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Completely omit CBs AV pairs when no CB provided
Although the MS-NLMP Spec says zero CBs should be equivalent to no CBs,
Windows apparently fails validation when CBs are optional and an all
zero CB is presented.
So avoid sending any CBs if we have none.
Also make sure to deal with missing CBs on the accpetor by ignoreing
missing CBs and setting the new GSS_C_CHANNEL_BOUND_FLAG in gss flags if
the CBs are present and matching.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/eb4cf16f5f0ca65bcc7b1e158f82c29641c681b8">eb4cf16f</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-06-19T20:48:13+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove obsolete TODO comments
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/b31c587a8af8a57c64c0cde4227522840cb791ea">b31c587a</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-06-26T13:45:03+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change license to the more permissive ISC
This change is not sudden, I have been thinking about relicensing this
project for quite a while.
The main trigger is that I received a couple of requests for a more
permissive license, but the real reason is that I always felt it at
odds that a module that is targeted to be loaded by MIT/Krb5's gssapi
library had such a widely different license.
It may give rise to misunderstandings as well as create undue burden
on users to figure out license compatibility with their applications
(proven in fact by the requests to relicense).
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/18aed834f7ac6a7840508830e3213ba63c43e597">18aed834</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-07-08T14:26:06+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Do not require cached users with winbind
When acquiring credentials we may need to know if a cache is available.
This is necessary in the ISC cacse as we need to use those cached
credentials to perform NTLM authentication. However in the ASC case
we do not need creds of the user to be cached, all we need is a handle
that can be used to later authenticated the user against a DC.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/336473a5d5313aaa2034f865d8f0ac65201457f5">336473a5</a></strong>
<div>
<span>by Volodymyr Khomenko</span>
<i>at 2020-07-20T20:50:42+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed memleak of usr_cred
Used in gssntlm_accept_sec_context as temporary credential
holding data needed for the server authentication step
Signed-off-by: Volodymyr Khomenko <volodymyr@vastdata.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/f93ca02d63c27d9b030e667932ea7423e2a15328">f93ca02d</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-07-21T18:39:44+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add ability to pass keyfile via cred store
This works both for ISC and ASC, so a user can pass their own keyfile
with a single entry or a server can be passed a keyfile with all users'
entries.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/588d6a10cdd08591cc4ab7daad22ed67a81b2b41">588d6a10</a></strong>
<div>
<span>by Volodymyr Khomenko</span>
<i>at 2020-08-07T17:39:50+00:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Support get_sids request via name attributes
To allow server to get details about authenticated user
new get_sid request by "urn:gssntlmssp:sids" name attribute
is implemented (see RFC6680) to report the list of user SIDs.
The list of SIDs is stored in gssntlm source_name
(part of gss context, can be get by gss_inquire_context)
in textual representation - comma-separated list of SIDs.
gss_get_name_attribute() and gssntlm_inquire_name()
should be used to inquire name attributes.
Unit-test for get_sids name attributes:
Test is checking memory management for name attributes
with gss_duplicate_name, gss_release_name and
gss_get_name_attribute / gss_inquire_name API
for accessing name attributes
in both textual and binary representation.
Signed-off-by: Volodymyr Khomenko <volodymyr@vastdata.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/575e3b9303a4450d663137ba13086903780a9e40">575e3b93</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-08-24T15:20:19-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Remove unused parts of Makefile.am
These are causing issues whenever make clean is called, and we have no
docs we want to generate or install on the user system anyway yet.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/b9e59df8bbe91ccf204cbe4b383e7ebd5cccbc35">b9e59df8</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-08-24T15:20:19-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Move attribute names to allocated strings
Unfortunately as our interfaces allow for importing and exporting the
gssntlmssp context via serialization we need to use allocated strings or
fixed size buffers.
In this case, given the attribute names are arbitrary strings I prefer
to allocate the names for ease of handling.
The bulk of the data for sids is in the values anyway so it is a small
price to pay to have a strdup() for the attribute name.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/0109215346c806f5d434bf6162b4053efc076281">01092153</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-08-24T15:20:19-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Adjust serialization for name attributes
This allows us to serialize and import back also named attributes.
NOTE: this commit also fixes a few severe export_data_buffer reallocation
bugs that so far flew under the radar because the initial allocation
size (4k) was big enough to contain the context as used in tests.
Larger contexts caused failures in the code that were also hard to
diagnose.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/88e84ace82f062c3c4edd22b75f73dd6e15fbe06">88e84ace</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-09-25T17:10:33-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix crash in acquiring credentials
When a credential store is provided, but no name is provided, we end up
crashing by dereferencing the name.
Allow the request to proceed without a name, as it may be selected out
of a credential file, but if none was found, return an error.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/52b45b5fdc6a6fd35fc1dbe560883316c369926b">52b45b5f</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-09-25T17:10:33-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fix fallback to external_creds interface
The code was incorrectly immediately erroring out if no credential file is
provided. Change the code to try to look for external credentials in
case of any error in the previous code block.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/ecda1a5a82300b72af47260f1e90c181c04a2270">ecda1a5a</a></strong>
<div>
<span>by Volodymyr Khomenko</span>
<i>at 2020-09-30T10:33:40-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Fixed memory leaks found by valgrind
Run 'valgrind --tool=memcheck ntlmssptest'
and fixed all important memory leaks
(one more is left in gssntlm_debug_init() -> debug_fd
as designed behaviour)
Signed-off-by: Volodymyr Khomenko <volodymyr@vastdata.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/9266d3747ef56a2318d75ee91d754cf212def7f3">9266d374</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-10-21T14:59:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Introduce parse_user_name() function
The formet get_enterprise_name() function wa stoo naive and did not
allow to properly recognize enterprise names.
The code is now rearchitected under a new helper function named
parse_user_name() and the function has a proper truth table that
establishes input -> output mappings.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/6f5a131614c59776e0309ef97893b46a01f2e709">6f5a1316</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-10-21T14:59:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Add test for parse_user_name
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/7949fa8eceadb76c6f2967af20c02b23d9dca4fb">7949fa8e</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2020-10-21T14:59:20-04:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Change how we assemble user names in ASC
Use a DOMAIN\Username format to insure proper detection of enterprise
names versus classic GSS formatted names.
In general using the DOMAIN\username form is always preferred as it
allows to express all valid name formats without escaping.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/d55c0e50851a001d7a55608e0181115746526e02">d55c0e50</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2021-02-10T13:31:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Use thread local storage for winbind context
This allow multiple calls into winbindd from parallel threads without
suffering from a common mutex that serializaes all authentications.
The price to pay is that a new context is allocated for each thread, and
the way windbind works, this probably mean a separate file descriptor is
created for each of this thread on the application side (winbindd will
be ok as it will kick idle connections).
The users of gssntlmssp in a multi-threaded environment will need to be
careful to limit the number of threads they allow to use gssapi in this
case.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/1348c92301560684cf5eaa8a3d750d116216e5d5">1348c923</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2021-02-10T13:31:42-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Make per thread winbind context optional
By default proceed to acquire a new context for each operation that
needs it. High performance programs that have full control of their
thread usage and can afford one socket per thread can set the
GSSNTLMSSP_WB_TLS_CTX environment variable.
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
<li>
<strong><a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/commit/3718f86a6af815db103785602956a621c91626ca">3718f86a</a></strong>
<div>
<span>by Simo Sorce</span>
<i>at 2021-02-10T14:26:52-05:00</i>
</div>
<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">Release version 1.0.0
Signed-off-by: Simo Sorce <simo@redhat.com>
</pre>
</li>
</ul>
<h4>30 changed files:</h4>
<ul>
<li class="file-stats">
<a href="#bffe144f62bf1039a7711f6070e09a172eb81eac">
<span class="new-file">
+
.github/workflows/ccpp.yml
</span>
</a>
</li>
<li class="file-stats">
<a href="#6156cd6ac57d8b88e473d9202392ec064b623c93">
COPYING
</a>
</li>
<li class="file-stats">
<a href="#d5b4de16d947214ec306bd57bed1bd23a939b5f9">
Makefile.am
</a>
</li>
<li class="file-stats">
<a href="#8ec9a00bfd09b3190ac6b22251dbb1aa95a0579d">
<span class="new-file">
+
README.md
</span>
</a>
</li>
<li class="file-stats">
<a href="#022e5648a9a4900c4a90fa8b27613b1a1a2f2836">
README.txt
→
TESTING.txt
</a>
</li>
<li class="file-stats">
<a href="#62edc9aee70bdb3da33d40efa2794f3b5b6c8f15">
conf_macros.m4
</a>
</li>
<li class="file-stats">
<a href="#87db583be5c13c1f7b3c958b10e03d67b6a2ca06">
configure.ac
</a>
</li>
<li class="file-stats">
<a href="#f55ceaff049120690301b291a73c9181594bcfb9">
contrib/gssntlmssp.spec.in
</a>
</li>
<li class="file-stats">
<a href="#d15ca4e737cd97a6504c637189bc41667601f891">
<span class="new-file">
+
doc/compatibility.md
</span>
</a>
</li>
<li class="file-stats">
<a href="#2c5d83d4bd49690cf73d83647413b2978993205d">
<span class="new-file">
+
doc/release-process.md
</span>
</a>
</li>
<li class="file-stats">
<a href="#7be1341cb303af8bd0949a3abdc7bf6a3c026b6a">
<span class="new-file">
+
examples/test_user_file2.txt
</span>
</a>
</li>
<li class="file-stats">
<a href="#a79f89d636d5ab8deebbcf969e78ad1d3a829a4c">
<span class="new-file">
+
examples/test_user_file3.txt
</span>
</a>
</li>
<li class="file-stats">
<a href="#b1acd64bfc702e83ef9d72ac88869589744d3d66">
src/crypto.c
</a>
</li>
<li class="file-stats">
<a href="#9e197fece16c3f09fbab95c3a8b41d808dff5717">
src/crypto.h
</a>
</li>
<li class="file-stats">
<a href="#32f05c0132dbb0b8aa0829dabe96f0075f1df5fa">
src/external.c
</a>
</li>
<li class="file-stats">
<a href="#c6fadef20639f7a078aeeba2eb4ed66770fa525a">
src/gss_auth.c
</a>
</li>
<li class="file-stats">
<a href="#8d52ba05bad825ad69c256075a2da3f0a31bea9f">
src/gss_creds.c
</a>
</li>
<li class="file-stats">
<a href="#a01ab641548e731cd8885c4ba3dbc96d2cb4e1ce">
src/gss_names.c
</a>
</li>
<li class="file-stats">
<a href="#2f58e8a696c4b9e4a809613f0cd650156d6e22fd">
src/gss_ntlmssp.c
</a>
</li>
<li class="file-stats">
<a href="#cb300dd9fb4debe668f85f0807da68cac38e3302">
src/gss_ntlmssp.h
</a>
</li>
<li class="file-stats">
<a href="#ca1ddd3c6b07065bc973f22e21c6c05277f798ab">
src/gss_ntlmssp_winbind.h
</a>
</li>
<li class="file-stats">
<a href="#51e2ac768cb4e49df543414b6ac5f51f5a7e1916">
src/gss_sec_ctx.c
</a>
</li>
<li class="file-stats">
<a href="#6bc57af99ae51ca95f5a43945de822cc584fbdaf">
src/gss_serialize.c
</a>
</li>
<li class="file-stats">
<a href="#5a5b3ca8c9426341b891886426dc93ec421a7cf0">
src/gss_signseal.c
</a>
</li>
<li class="file-stats">
<a href="#2bd40303f335427a071aa239ed98a6a86d78fb65">
src/gss_spi.c
</a>
</li>
<li class="file-stats">
<a href="#42b60c2156a7e5a87ac66d7115bce2cd18b27165">
src/gssapi_ntlmssp.h
</a>
</li>
<li class="file-stats">
<a href="#906754e43a865e7993e84eb827dc70fcee0c86d7">
src/ntlm.c
</a>
</li>
<li class="file-stats">
<a href="#5a22283792825e8ebfc57dd8ced91855e1fe0e65">
src/ntlm.h
</a>
</li>
<li class="file-stats">
<a href="#336467a68f3f2f7c3f79a35351388ba9336cf8cc">
src/ntlm_common.h
</a>
</li>
<li class="file-stats">
<a href="#369900a44f4359b08d50220602a91bfe4eb14ff9">
src/ntlm_crypto.c
</a>
</li>
</ul>
<h5>The diff was not included because it is too large.</h5>
</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #666;">
—
<br>
<a href="https://salsa.debian.org/freeipa-team/gss-ntlmssp/-/compare/8e4485ca11aabaedfed4a2a3f3ce9ddabd50fa5b...3718f86a6af815db103785602956a621c91626ca">View it on GitLab</a>.
<br>
You're receiving this email because of your account on salsa.debian.org.
If you'd like to receive fewer emails, you can
adjust your notification settings.
</p>
</div>
</body>
</html>