Re: Tickets with instance names.

help-shishi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tickets with instance names.

From:	Mats Erik Andersson
Subject:	Re: Tickets with instance names.
Date:	Wed, 15 Aug 2012 20:13:25 +0200
User-agent:	Mutt/1.5.18 (2008-05-17)

onsdag den 15 augusti 2012 klockan 13:06 skrev Mats Erik Andersson detta:
> torsdag den  9 augusti 2012 klockan 23:14 skrev Simon Josefsson detta:
> > Mats Erik Andersson <address@hidden> writes:
> > 
> > > Am I incorrect in believing that AS-REP was built from incorrect
> > > data, since the name string is not split into name proper and
> > > instance name?
> > 
> > Yes.  The code parsing sigge/admin should probably have splitted that
> > into two components.  Is that a Shishi KDC?  It sounds like a bug.
> 
> Client and server built from GNU Inetutils development head,
> so libshishi is incomplete here. A quick search reveals that
> "lib/encticketpart.c" and "lib/kdc.c" are accessing the ASN.1
> descriptor "sname.name-string", so presumably either of these
> files could be cheating.

The following crude patch allows the exchange to proceed further.
Now the procedure get as far as halting on failed HMAC verification.
More investigation is needed.

Regards

  Mats



diff --git a/lib/encticketpart.c b/lib/encticketpart.c
index 94da535..962378e 100644
--- a/lib/encticketpart.c
+++ b/lib/encticketpart.c
@@ -211,6 +211,12 @@ shishi_encticketpart_cname_set (Shishi * handle,
                                const char *principal)
 {
   int res;
+  char *name, *instance = NULL;
+
+  name = xstrdup (principal);
+  instance = strchr (name, '/');
+  if (instance)
+    *instance++ = '\0';
 
   res = shishi_asn1_write_uint32 (handle, encticketpart,
                                  "cname.name-type", name_type);
@@ -229,10 +235,26 @@ shishi_encticketpart_cname_set (Shishi * handle,
 
   res = shishi_asn1_write (handle, encticketpart,
                           "cname.name-string.?1",
-                          principal, strlen (principal));
+                          name, strlen (name));
   if (res != SHISHI_OK)
     return res;
 
+  if (instance)
+    {
+      res = shishi_asn1_write (handle, encticketpart,
+                              "cname.name-string", "NEW", 1);
+      if (res != SHISHI_OK)
+       return res;
+
+      res = shishi_asn1_write (handle, encticketpart,
+                              "cname.name-string.?2",
+                              instance, strlen (instance));
+      if (res != SHISHI_OK)
+       return res;
+    }
+
+  free (name);
+
   return SHISHI_OK;
 }

[Prev in Thread]

Current Thread

[Next in Thread]

Tickets with instance names., Mats Erik Andersson, 2012/08/09
- Re: Tickets with instance names., Simon Josefsson, 2012/08/09
  - Re: Tickets with instance names., Mats Erik Andersson, 2012/08/15
    - Re: Tickets with instance names., Mats Erik Andersson <=
    - Re: Tickets with instance names., Simon Josefsson, 2012/08/15
    - Re: Tickets with instance names., Simon Josefsson, 2012/08/15
    - Re: Tickets with instance names., Mats Erik Andersson, 2012/08/15
    - Re: Tickets with instance names., Simon Josefsson, 2012/08/16

Prev by Date: Re: On shishi_parse_name().
Next by Date: Re: shishid: Usage of syslog facilities.
Previous by thread: Re: Tickets with instance names.
Next by thread: Re: Tickets with instance names.
Index(es):
- Date
- Thread