[kerberos-discuss] code review request for MIT 1.6.3 resync/pkinit

[Will Fiveash]

On Wed, Oct 01, 2008 at 05:47:18PM +0200, Mark Phalan wrote:
> On Mon, 2008-09-29 at 19:20 -0500, Will Fiveash wrote:
> > On Thu, Aug 28, 2008 at 08:22:27PM +0200, Mark Phalan wrote:
> > > 
> > > 
> > > I've just uploaded a webrev of my resync/pkinit workspace. There still
> > > needs to be some work on pkinit so don't expect the code in
> > > usr/src/lib/krb5/plugins/preauth/pkinit/ to be complete (you can ignore
> > > it for now). I'll post another incremental webrev with any changes I
> > > make to the pkinit code later on. The rest of the changes are resync
> > > changes for MIT 1.6.3. The hg comment needs to be updated, I'll do that
> > > once we get the pkinit PSARC case submitted.
> > > 
> > > I've chunked the review up into four pieces as I expect the krb team to
> > > do the review.
> > > 
> > > Shawn: Chunk 1
> > > Peter: Chunk 2
> > > Glenn: Chunk 3
> > > Will: Chunk 4
> > > 
> > > I'd like to have this completed by 17th Sept. Let me know if thats a
> > > problem for anyone.
> > > 
> > > webrev here:
> > > http://cr.opensolaris.org/~mbp/pkinit/

In usr/src/uts/common/gssapi/mechs/krb5/include/k5-int.h:
 265      -/*
 266      - * Solaris Kerberos:
 267      - * Define whether or not to do a reverse lookup when looking up a 
host in DNS.
 268      - */
 269      -#define REV_LOOKUP 1
 270      -#define NO_REV_LOOKUP 0

- Did you make the change so that the current Solaris behavior (no
  reverse lookup) is  maintained by default?

In usr/src/uts/common/gssapi/mechs/krb5/include/k5-thread.h:

 595  630  # endif
 596      -
      631 +asdfsdf

- asdfsdf seems like a typo.  How did this compile?

In usr/src/uts/common/gssapi/mechs/krb5/mech/k5seal.c:

 137      -        conflen = kg_confounder_size(context, enc);
 138      -    else
 139      -        conflen = 0;
      115 +      conflen = kg_confounder_size(context, enc);
      116 +    else conflen = 0;

- I hate the format change on line 116 .

 223      -    md5cksum.length = (size_t)sumlen;
      195 +    md5cksum.length = sumlen;

- Still linty fresh?

 241      -    if (pad)
 242      -        (void) memset(plain+conflen+text->length, pad, pad);
      214 +    if (pad) (void) memset(plain+conflen+text->length, pad, pad);

- more format ickyness.

In usr/src/uts/common/gssapi/mechs/krb5/mech/k5sealv3.c:

 494      -            plain.length = bodysize - ec;
      493 +            plain.length = bodysize-ec;

- more format ickyness.

That's all I've got for section 4 (except for the
usr/src/lib/krb5/plugins/preauth/pkinit/* files).
-- 
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/