git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23476 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2008-07-28 15:01:11 +00:00
parent ba2127c788
commit dddacbd40e

View File

@@ -1,3 +1,24 @@
2008-07-28 Love Hornquist Astrand <lha@10a96laptop.meeting.ietf.org>
* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
issues invalid AFS tokens
(here "occasionally" means for certain users in certain realms).
In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
is padded to a multiple of 8 bytes. If it is already a multiple of
8 bytes, 8 additional 0-bytes are added.
This catches the AFS krb4 ticket decoder by surprise: unless the
ticket is exactly 56 bytes, it only supports the minimum necessary
padding. It detects the superfluous padding by comparing the
ticket length decoded to the advertised ticket length.
Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
40 bytes, got "padded" to 48 bytes which the rxkad decoder
rejected.
From Rainer Toebbicke.
2008-07-25 Love H<>rnquist <20>strand <lha@h5l.org>
* kuser/kinit.c: add --ok-as-delegate and --windows flags