Kerberos Ticket Forwarding Patch/Update (3.2)
Derrick Schommer
dschommer at F5.com
Mon Jul 28 19:44:55 GMT 2008
I'm not sure anything needs to be byte swapped if I'm reading this spec right:
The 0x8003 GSS checksum MUST have the following
structure:
Octet Name Description
-----------------------------------------------------------------
0..3 Lgth Number of octets in Bnd field; Represented
in little-endian order; Currently contains
hex value 10 00 00 00 (16).
4..19 Bnd Channel binding information, as described in
section 4.1.1.2 [RFC4121].
20..23 Flags Four-octet context-establishment flags in
little-endian order as described in section
4.1.1.1 [RFC4121].
24..25 DlgOpt The delegation option identifier (=1) in
little-endian order [optional]. This field
and the next two fields are present if and
only if GSS_C_DELEG_FLAG is set as described
in section 4.1.1.1 [RFC4121].
26..27 Dlgth The length of the Deleg field in
little-endian order [optional].
28..(n-1) Deleg KRB_CRED message (n = Dlgth + 28) [optional].
n..last Exts Extensions
source: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-gss-cb-hash-agility-04.txt
-----Original Message-----
From: Love Hörnquist Åstrand [mailto:lha at kth.se]
Sent: Saturday, July 26, 2008 14:41
To: Derrick Schommer
Cc: samba-technical at lists.samba.org
Subject: Re: Kerberos Ticket Forwarding Patch/Update (3.2)
The flags field in the 8003 checksum should match the gss-api flags
given to gss_init_sec_context(), your patch sets it to
GSSAPI_NO_C_BINDINGS (0), which is wrong, it should at least be
GSS_C_DELEG_FLAG, see page 4 of rfc1934.
+ uint8_t deleg[]; /* Deleg field buffer ( one
or more bytes of GSS-API data) */
This is not valid c89.
The patch do no byte swaping, so it will only work on LE machines.
Love
25 jul 2008 kl. 20.14 skrev Derrick Schommer:
> Here is the update with C-style comment fixes for 3.2 for the Kerberos
> update and the gss_init() updated to have the C_DELEGAT flag enabled.
>
More information about the samba-technical
mailing list