(Illustration by Gaich Muramatsu)
> > >Your patch seems to be reversed, and it isn't clear if it is actually >complete since it doesn't include any context (diff -u tends to be is >nicer to work with). I'll try to figure out what you did, but I might >not be able to get everything right in one shot. > >Jan > > > Sorry. Now the rhight diff: ------------------------------------------ --- coda-6.0.7/coda-src/auth2/krb5.c 2004-04-14 22:48:34.000000000 +0400 +++ krb5.c 2005-03-16 20:57:10.000000000 +0300 @@ -239,7 +239,12 @@ } /* we now have the key in session_key -- hopefully ->length, ->data */ - HashSecret(session_key->contents, session_key->length, *secret); +#ifdef __KRB5_H__ + HashSecret(session_key->keyvalue.data, session_key->keyvalue.length, *secret); +#endif +#ifdef KRB5_GENERAL__ + HashSecret(session_key->contents,session_key->length, *secret); +#endif *slen = RPC2_KEYSIZE; *identity = authenticator.data; @@ -287,15 +292,24 @@ } /* Check whether the realm is correct */ - if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm, - ticket->enc_part2->client->realm.length)) { +#ifdef __KRB5_H__ + if (strncmp(ticket->client->realm, kerberos5realm, + strlen(ticket->client->realm))) { /* names differ */ fprintf(stderr, "incorrect realm in ticket\n"); goto out; } - + krc=krb5_unparse_name(krb5context, ticket->client, &cp); +#endif +#ifdef KRB5_GENERAL__ + if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm, + ticket->enc_part2->client->realm.length)) { + fprintf(stderr,"incorrect realm in ticket\n"); + goto out; + } /* success authenticating someone, but who? */ krc = krb5_unparse_name(krb5context, ticket->enc_part2->client, &cp); +#endif if (krc) { /* this is a bad situation -- kerberos server should not generate bad names in its authenticators? */ @@ -318,10 +332,16 @@ /* now prepare the keys */ /* hKey is the md5 hash of the kerberos session secret */ +#ifdef __KRB5_H__ + HashSecret(ticket->ticket.key.keyvalue.data, + ticket->ticket.key.keyvalue.length, + hKey); +#endif +#ifdef KRB5_GENERAL__ HashSecret(ticket->enc_part2->session->contents, ticket->enc_part2->session->length, hKey); - +#endif /* sKey is a random sequence of bytes */ GenerateSecret(sKey); _______________________ I have just replaced lines with krb5 structures which has no correspondong fields in heimdal kerberos. __KRB5_H__ and KRB5_GENERAL__ are "#define"-ed in krb5.h in heimdal and MIT distributions respectively.Received on 2005-03-17 02:29:31