[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Time to Display My Ignorance, or What Is This Packet Anyway?

If the desire is to just send back an error it would be simpler to  
patch the maybe_version4() routine in kerberos4.c to accept the packet.  
  That's just the first block in my patch.
-	return len > 0 && *buf == 4;
+	return len > 0 && (*buf == 4 || *buf == 99);
+	/*  4 is the first byte of standard Kerberos 4 messages.          */
+	/* 99 is the first byte of Transarc Windows Kerb 4 messages.      */

The redundant check in do_version4() would then reject the Transarc  
request with that same error anyway.  No further changes needed.

I'd like one of the three possible patches in 0.7, so I don't have to  
keep track of this in the long run.  Obviously I'm voting for my patch  
(until convinced otherwise), but any one should work.

> On Sep 16, 2004, at 4:52 AM, Love wrote:
>> So there is a patch, now that I remember who wrote it.
>> http://www.e.kth.se/~mattiasa/patches/heimdal/4_decode.patch
>> That solved the problem for us/them, its kind of strange how it works
>> though. It makes the code accept the broken request, detect the error  
>> in
>> the patch (not version 4), and send back an error. This will make the
>> client try again, this time, it send a correct packet.
>> At least that is how Mattias and I rememeber how it worked.
>> Good luck,
>> Love
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu