[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: shishi_keys_for_serverrealm_in_file
|
From: |
Simon Josefsson |
|
Subject: |
Re: shishi_keys_for_serverrealm_in_file |
|
Date: |
Fri, 26 May 2006 10:45:43 +0200 |
|
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/22.0.50 (gnu/linux) |
Elrond <address@hidden> writes:
> Hi,
>
> I just was lurking around a bit and stumbled over
> shishi_keys_for_serverrealm_in_file():
>
> - Are the two identical strcmp in there really correct? For
> me the second at least looks quite wrong.
Hi! Yes, it looks wrong. I changed the logic to:
if ((!server ||
(shishi_key_principal (key) &&
strcmp (server, shishi_key_principal (key)) == 0)) &&
(!realm ||
(shishi_key_realm (key) &&
strcmp (realm, shishi_key_realm (key)) == 0)))
break;
> - Not to mention, that it doesn't do a an AND search for
> (server AND realm) matching.
Yup, should work better above.
> - shishi seems to assume the whole way of hostkeys, that
> services have only one key?
Yes, that seems wrong... I think there are two ways to solve this:
1) Have the functions take additional parameters, like etype, and
filter out hostkeys based on them, and only return one matching
key.
2) Have some meta-structure, a "key set", with all the keys for a
particular service, that can be passed to functions that require a
hostkey, and let the function decide which key to use (i.e., which
etype, which salt, etc...).
The latter seem more generic, but also involve more work. How are you
using hostkeys now? Maybe 1) would suffice.
In general, the server-side (KDC/hostkeys) are the least tested part
of shishi right now, so it isn't surprising that you run into these
things. I'll try to fix them though!
/Simon