[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: none

Diana Eichert <deichert@wrench.com> writes:

>    /* Get tgt */
>    if (code = krb5_build_principal_ext(kcontext, &server,
>       krb5_princ_realm(kcontext, me)->length,
>       krb5_princ_realm(kcontext, me)->data,
>       tgtname.length, tgtname.data,
>       krb5_princ_realm(kcontext, me)->length,
>       krb5_princ_realm(kcontext, me)->data,
>       0)) {

The problem is that it's trying to access the contents of a principal,
which is not well behaved (it specified as internal interface in the
"API" spec). Furthermore, the API sucks in this regard, since it
assumes that principal components can contain arbitrary data, which is
not very likely, and probably not allowed by the wire-protocol (but
that is a question for the ASN.1 department).

You probably want something like (untested):

const char *realm = krb5_principal_get_realm(kcontext, me);
krb5_build_principal(kcontext, &server, 
        strlen(realm), realm,
        tgtname.length, tgtname.data,
        strlen(realm), realm,

The first function is not part (as far as I know) of the MIT
libraries, but we've proposed it as a useful function.

> I understand there are differences between the MIT API and heimdals.

There are some, but the biggest problem is that there *isn't* an API
(or at least not a useful one). Many functions in the API spec,
behaves differently in the MIT code. There is some discussion about
improving the situation.