x

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23476 ec53bebd-3082-4978-b11e-865c3cabbd6b
2008-07-28 15:01:11 +00:00
parent ba2127c788
commit dddacbd40e
1 changed files with 21 additions and 0 deletions
--- a/21
+++ b/21
@@ -1,3 +1,24 @@
+2008-07-28  Love Hornquist Astrand  <lha@10a96laptop.meeting.ietf.org>
+
+	* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
+	issues invalid AFS tokens
+	(here "occasionally" means for certain users in certain realms).
+	
+	In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
+	is padded to a multiple of 8 bytes. If it is already a multiple of
+	8 bytes, 8 additional 0-bytes are added.
+	
+	This catches the AFS krb4 ticket decoder by surprise: unless the
+	ticket is exactly 56 bytes, it only supports the minimum necessary
+	padding.  It detects the superfluous padding by comparing the
+	ticket length decoded to the advertised ticket length.
+	
+	Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
+	40 bytes, got "padded" to 48 bytes which the rxkad decoder
+	rejected.
+	
+	From Rainer Toebbicke.
+
 2008-07-25  Love H<>rnquist <20>strand  <lha@h5l.org>

 	* kuser/kinit.c: add --ok-as-delegate and --windows flags