Kerberos Ticket Forwarding Patch/Update (3.2)
Love Hörnquist Åstrand
lha at kth.se
Mon Jul 28 21:44:11 GMT 2008
All fields longer then one byte needs to be byte swaped to LE on BE
platforms.
Love
28 jul 2008 kl. 20.44 skrev Derrick Schommer:
> I'm not sure anything needs to be byte swapped if I'm reading this
> spec right:
>
>
> The 0x8003 GSS checksum MUST have the following
> structure:
> Octet Name Description
> -----------------------------------------------------------------
> 0..3 Lgth Number of octets in Bnd field; Represented
> in little-endian order; Currently contains
> hex value 10 00 00 00 (16).
> 4..19 Bnd Channel binding information, as described in
> section 4.1.1.2 [RFC4121].
> 20..23 Flags Four-octet context-establishment flags in
> little-endian order as described in section
> 4.1.1.1 [RFC4121].
> 24..25 DlgOpt The delegation option identifier (=1) in
> little-endian order [optional]. This field
> and the next two fields are present if and
> only if GSS_C_DELEG_FLAG is set as
> described
> in section 4.1.1.1 [RFC4121].
> 26..27 Dlgth The length of the Deleg field in
> little-endian order [optional].
> 28..(n-1) Deleg KRB_CRED message (n = Dlgth + 28)
> [optional].
> n..last Exts Extensions
>
>
> source: http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-gss-cb-hash-agility-04.txt
>
>
>
> -----Original Message-----
> From: Love Hörnquist Åstrand [mailto:lha at kth.se]
> Sent: Saturday, July 26, 2008 14:41
> To: Derrick Schommer
> Cc: samba-technical at lists.samba.org
> Subject: Re: Kerberos Ticket Forwarding Patch/Update (3.2)
>
> The flags field in the 8003 checksum should match the gss-api flags
> given to gss_init_sec_context(), your patch sets it to
> GSSAPI_NO_C_BINDINGS (0), which is wrong, it should at least be
> GSS_C_DELEG_FLAG, see page 4 of rfc1934.
>
> + uint8_t deleg[]; /* Deleg field buffer ( one
> or more bytes of GSS-API data) */
>
> This is not valid c89.
>
> The patch do no byte swaping, so it will only work on LE machines.
>
> Love
>
>
> 25 jul 2008 kl. 20.14 skrev Derrick Schommer:
>
>> Here is the update with C-style comment fixes for 3.2 for the
>> Kerberos
>> update and the gss_init() updated to have the C_DELEGAT flag enabled.
>>
>
More information about the samba-technical
mailing list