[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Accumulated patches

To: heimdal-discuss@sics.se
Subject: Re: Accumulated patches
From: Derrick J Brashear <shadow@dementia.org>
Date: Mon, 18 Jun 2001 13:35:32 -0400 (EDT)
In-Reply-To: <xof7kya5xo3.fsf@blubb.pdc.kth.se>
Sender: owner-heimdal-discuss@sics.se

On 18 Jun 2001, Johan Danielsson wrote:

> It's always (as far as I can tell) wrong to use a key different from
> the remote subkey when verifying remote packets. We should have set
> the remote subkey in krb5_rd_rep, and do now. So the remote subkey
> should now be the correct one, also for clients in mutual mode. The
> relevant patch for rd_rep looks like:
> 
> --- rd_rep.c    2001/05/14 06:14:50     1.21
> +++ rd_rep.c    2001/06/18 02:13:34
> @@ -97,7 +97,10 @@
>      goto out;
>    }
>    if ((*repl)->seq_number)
> -    auth_context->remote_seqnumber = *((*repl)->seq_number);
> +      krb5_auth_con_setremoteseqnumber(context, auth_context,
> +                                      *((*repl)->seq_number));
> +  if ((*repl)->subkey)
> +    krb5_auth_con_setremotesubkey(context, auth_context, (*repl)->subkey);
>    
>  out:
>    krb5_data_free (&data);
> 
> Can perhaps Derrick verify that this does what he wants?

I will try to do so before I see you in Boston. My recollection is I did
it the way I did it to try to best fit to what you were already doing.

-D

Follow-Ups:
- Re: Accumulated patches
  - From: joda@pdc.kth.se (Johan Danielsson)

References:
- Re: Accumulated patches
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: Accumulated patches
Next by Date: Re: Accumulated patches
Prev by thread: Re: Accumulated patches
Next by thread: Re: Accumulated patches
Index(es):
- Date
- Thread