[OpenAFS] Heimdal KDC bug mentioned in rekeying document
Derrick Brashear
shadow@gmail.com
Fri, 26 Jul 2013 16:15:14 -0400
--001a11c2f670f2ff0e04e26fccff
Content-Type: text/plain; charset=ISO-8859-1
On Fri, Jul 26, 2013 at 7:33 AM, Sergio Gelato <Sergio.Gelato@astro.su.se>wrote:
> * Ragnar Sundblad [2013-07-26 13:01:00 +0200]:
> > >> I believe you should change the test to also check that ret_key ==
> NULL:
> > >> if (clientbest != ETYPE_NULL && enctype == ETYPE_NUL &&
> ret_key == NULL) {
> > >> enctype = clientbest;
> > >> ret = 0;
> > >> }
> > >> since if there is no common key-type, key will be NULL, and the later
> > >> if (ret == 0 && ret_key != NULL)
> > >> *ret_key = key;
> > >> will return a NULL pointer.
> > >
> > > Yes, good point.
> >
> > (Please double check that this is correct, I haven't tried it, only read
> it. :-)
>
> I'm compiling my next (and hopefully final) iteration right now.
> I went for this variant:
> if (clientbest != (krb5_enctype)ETYPE_NULL &&
> enctype == (krb5_enctype)ETYPE_NULL) {
> enctype = clientbest;
> if (ret_key == NULL)
> ret = 0;
> }
>
> This plus
[kdc]svc-use-strongest-
session-key=true
Works.
--
Derrick
--001a11c2f670f2ff0e04e26fccff
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><br><div class=3D"gmail_extra"><br><br><div class=3D"gmail=
_quote">On Fri, Jul 26, 2013 at 7:33 AM, Sergio Gelato <span dir=3D"ltr">&l=
t;<a href=3D"mailto:Sergio.Gelato@astro.su.se" target=3D"_blank">Sergio.Gel=
ato@astro.su.se</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex">* Ragnar Sundblad [2013-0=
7-26 13:01:00 +0200]:<br>
<div class=3D"im">> >> I believe you should change the test to als=
o check that ret_key =3D=3D NULL:<br>
> >> =A0 =A0 =A0 =A0if (clientbest !=3D ETYPE_NULL && enct=
ype =3D=3D ETYPE_NUL && ret_key =3D=3D NULL) {<br>
> >> =A0 =A0 =A0 =A0 =A0 =A0enctype =3D clientbest;<br>
> >> =A0 =A0 =A0 =A0 =A0 =A0ret =3D 0;<br>
> >> =A0 =A0}<br>
> >> since if there is no common key-type, key will be NULL, and t=
he later<br>
> >> =A0 =A0 =A0 =A0if (ret =3D=3D 0 && ret_key !=3D NULL)=
<br>
> >> =A0 =A0 =A0 =A0 =A0 =A0*ret_key =3D key;<br>
> >> will return a NULL pointer.<br>
> ><br>
> > Yes, good point.<br>
><br>
> (Please double check that this is correct, I haven't tried it, onl=
y read it. :-)<br>
<br>
</div>I'm compiling my next (and hopefully final) iteration right now.<=
br>
I went for this variant:<br>
<div class=3D"im">=A0 =A0 =A0 =A0 if (clientbest !=3D (krb5_enctype)ETYPE_N=
ULL &&<br>
</div><div class=3D"im">=A0 =A0 =A0 =A0 =A0 =A0 enctype =3D=3D (krb5_enctyp=
e)ETYPE_NULL) {<br>
=A0 =A0 =A0 =A0 =A0 =A0 enctype =3D clientbest;<br>
</div>=A0 =A0 =A0 =A0 =A0 =A0 if (ret_key =3D=3D NULL)<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 ret =3D 0;<br>
<div class=3D"im">=A0 =A0 =A0 =A0 }<br>
<br></div></blockquote><div>This plus<br> [kdc]svc-use-strongest-<div id=3D=
":3ag">session-key=3Dtrue<br><br>Works.<br clear=3D"all"></div></div></div>=
<br>-- <br>Derrick
</div></div>
--001a11c2f670f2ff0e04e26fccff--