Re: coda+Windows+Kerberos - success story

Wed, 16 Mar 2005 23:27:05 -0800 



Your patch seems to be reversed, and it isn't clear if it is actually
complete since it doesn't include any context (diff -u tends to be is
nicer to work with). I'll try to figure out what you did, but I might
not be able to get everything right in one shot.

Jan



Sorry.  Now the rhight diff:
------------------------------------------
--- coda-6.0.7/coda-src/auth2/krb5.c    2004-04-14 22:48:34.000000000 +0400
+++ krb5.c    2005-03-16 20:57:10.000000000 +0300
@@ -239,7 +239,12 @@
    }

/* we now have the key in session_key -- hopefully ->length, ->data */
- HashSecret(session_key->contents, session_key->length, *secret);
+#ifdef __KRB5_H__ + HashSecret(session_key->keyvalue.data, session_key->keyvalue.length, *secret);
+#endif
+#ifdef KRB5_GENERAL__
+ HashSecret(session_key->contents,session_key->length, *secret);
+#endif
*slen = RPC2_KEYSIZE;

    *identity = authenticator.data;
@@ -287,15 +292,24 @@
    }

/* Check whether the realm is correct */
- if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm,
- ticket->enc_part2->client->realm.length)) {
+#ifdef __KRB5_H__
+ if (strncmp(ticket->client->realm, kerberos5realm,
+ strlen(ticket->client->realm))) {
/* names differ */
fprintf(stderr, "incorrect realm in ticket\n");
goto out; }
-
+ krc=krb5_unparse_name(krb5context, ticket->client, &cp);
+#endif
+#ifdef KRB5_GENERAL__
+ if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm,
+ ticket->enc_part2->client->realm.length)) {
+ fprintf(stderr,"incorrect realm in ticket\n");
+ goto out;
+ }
/* success authenticating someone, but who? */
krc = krb5_unparse_name(krb5context, ticket->enc_part2->client, &cp);
+#endif
if (krc) {
/* this is a bad situation -- kerberos server should not generate
bad names in its authenticators? */
@@ -318,10 +332,16 @@
/* now prepare the keys */

    /* hKey is the md5 hash of the kerberos session secret */
+#ifdef __KRB5_H__
+    HashSecret(ticket->ticket.key.keyvalue.data,
+           ticket->ticket.key.keyvalue.length,
+           hKey);
+#endif
+#ifdef KRB5_GENERAL__
    HashSecret(ticket->enc_part2->session->contents,
           ticket->enc_part2->session->length,
           hKey);
-
+#endif
    /* sKey is a random sequence of bytes */
    GenerateSecret(sKey);

_______________________

I have just replaced lines with krb5 structures which has no correspondong fields in heimdal kerberos. __KRB5_H__ and KRB5_GENERAL__ are "#define"-ed in krb5.h in heimdal and MIT distributions respectively.

Reply via email to