[OpenAFS-devel] Re: [OpenAFS] New Windows AKLOG...
Rodney M Dyer
rmdyer@uncc.edu
Wed, 23 Jul 2003 11:54:25 -0400
At 10:02 AM 7/23/2003 -0400, you wrote:
>Hey, I thought you were doing a "from-scratch, clean room implementation"? :-)
Shhhh! Doh! Ok, yea, the orginal code was "cleaned"...in a
"room". ;) Yea, I'm using most of the original code, just buffed up real
nicely for Windows.
I've noticed a couple of strange anomalies in the original code. The first
was related to the free'ing of the memory allocated by
krb5_get_host_realm(). The krb5_xfree() call now causes a Debug assertion
failure. I noticed what seems to be a new call krb5_free_host_realm(). I
used that instead and it solved the problem. Was I correct in doing
this? It is strange that on older compiles of the original code with older
Krb5 versions the krb5_xfree() worked correctly.
The second problem is related to checking of the existing token to see if
it matches the new token to be set. I found that this code never works...
if
(
!force &&
!ktc_GetToken(&aserver, &btoken, sizeof(btoken), &aclient) &&
atoken.kvno == btoken.kvno &&
atoken.ticketLen == btoken.ticketLen &&
!memcmp(&atoken.sessionKey, &btoken.sessionKey,
sizeof(atoken.sessionKey)) &&
!memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)
)
{
if (dflag) fprintf(stdout, "Identical tokens already exist;
skipping.\n");
return 0;
}
The reason is in the line...
!memcmp(atoken.ticket, btoken.ticket, atoken.ticketLen)
The token that is in the AFS cred cache always differs from the new token
to be set because of the last 8 bytes of the credential.ticket_st.dat buffer.
What is going on with those last 8 bytes?
>That's fine with me; the people who's aklog mine is based on didn't care,
>and I certainly don't either.
Ok, so you are saying there are no export restrictions on the code or binary?
Thanks,
Rodney