[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Accumulated patches
Chris Chiappa <email@example.com> writes:
> Since these seem to not have made it into 0.3f final I've made an
> accumulated diff.
We're not always very fast when it comes to feedback.
> * ktutil list of an empty keytab segfaults. To reproduce:
> ktutil --keytab=krb4:/dev/null list
Fixed, but slightly different.
> * kinit can convert to v4 when renewing v5 tickets (me) and the
> --524convert switch for kinit to convert from v5 to v4 without any
> other actions (Derrick Brashear)
I have some similar changes, that does more. I'll try to finish them
in not too long.
> * kinit warns of errors with v4 ticket files
> * A tweak in gssapi/verify_mic.c which prevents the Krb5 patches for Openssh
> ( http://www.sxw.org.uk/computing/patches/openssh.html ) from segfaulting.
I think we fixed this differently.
It's always (as far as I can tell) wrong to use a key different from
the remote subkey when verifying remote packets. We should have set
the remote subkey in krb5_rd_rep, and do now. So the remote subkey
should now be the correct one, also for clients in mutual mode. The
relevant patch for rd_rep looks like:
--- rd_rep.c 2001/05/14 06:14:50 1.21
+++ rd_rep.c 2001/06/18 02:13:34
@@ -97,7 +97,10 @@
- auth_context->remote_seqnumber = *((*repl)->seq_number);
+ krb5_auth_con_setremoteseqnumber(context, auth_context,
+ if ((*repl)->subkey)
+ krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
Can perhaps Derrick verify that this does what he wants?
> * A change to convert_creds which makes v4 tickets useful with
> renewable v5 tickets (like MIT behavior).
Fixed. Now also API-compatible with MIT.
> * A couple of implicit decls in telnet (harmless)
These should be in 0.3f.