Coda File System

Re: coda+Windows+Kerberos - success story

From: <mkondrin_at_hppi.troitsk.ru>
Date: Thu, 17 Mar 2005 06:27:01 +0300
>
>
>Your patch seems to be reversed, and it isn't clear if it is actually
>complete since it doesn't include any context (diff -u tends to be is
>nicer to work with). I'll try to figure out what you did, but I might
>not be able to get everything right in one shot.
>
>Jan
>
>  
>
Sorry.  Now the rhight diff:
------------------------------------------
--- coda-6.0.7/coda-src/auth2/krb5.c    2004-04-14 22:48:34.000000000 +0400
+++ krb5.c    2005-03-16 20:57:10.000000000 +0300
@@ -239,7 +239,12 @@
     }
 
     /* we now have the key in session_key -- hopefully ->length, ->data */
-    HashSecret(session_key->contents, session_key->length, *secret);
+#ifdef __KRB5_H__   
+     HashSecret(session_key->keyvalue.data, 
session_key->keyvalue.length, *secret);
+#endif
+#ifdef KRB5_GENERAL__
+     HashSecret(session_key->contents,session_key->length, *secret);
+#endif
     *slen = RPC2_KEYSIZE;
 
     *identity = authenticator.data;
@@ -287,15 +292,24 @@
     }
 
     /* Check whether the realm is correct */
-    if (strncmp(ticket->enc_part2->client->realm.data, kerberos5realm,
-        ticket->enc_part2->client->realm.length)) {
+#ifdef __KRB5_H__
+    if (strncmp(ticket->client->realm, kerberos5realm,
+        strlen(ticket->client->realm))) {
     /* names differ */
     fprintf(stderr, "incorrect realm in ticket\n");
     goto out;   
     }
-
+    krc=krb5_unparse_name(krb5context, ticket->client, &cp);
+#endif
+#ifdef KRB5_GENERAL__
+    if (strncmp(ticket->enc_part2->client->realm.data,kerberos5realm,
+        ticket->enc_part2->client->realm.length)) {
+      fprintf(stderr,"incorrect realm in ticket\n");
+      goto out;
+    }
     /* success authenticating someone, but who? */
     krc = krb5_unparse_name(krb5context, ticket->enc_part2->client, &cp);
+#endif
     if (krc) {
     /* this is a bad situation -- kerberos server should not generate
        bad names in its authenticators? */
@@ -318,10 +332,16 @@
     /* now prepare the keys */
 
     /* hKey is the md5 hash of the kerberos session secret */
+#ifdef __KRB5_H__
+    HashSecret(ticket->ticket.key.keyvalue.data,
+           ticket->ticket.key.keyvalue.length,
+           hKey);
+#endif
+#ifdef KRB5_GENERAL__
     HashSecret(ticket->enc_part2->session->contents,
            ticket->enc_part2->session->length,
            hKey);
-
+#endif
     /* sKey is a random sequence of bytes */
     GenerateSecret(sKey);

_______________________

I have just replaced lines with krb5 structures which has no 
correspondong fields in heimdal kerberos. __KRB5_H__ and KRB5_GENERAL__ 
are "#define"-ed in krb5.h in heimdal and MIT distributions respectively.
Received on 2005-03-17 02:29:31