[3177] in Kerberos
Re: Kerberized FTP
daemon@ATHENA.MIT.EDU (Shawn Mamros)
Tue Apr 26 09:58:22 1994
To: kerberos@MIT.EDU
Date: Fri, 22 Apr 1994 08:26:32
From: mamros@ftp.com (Shawn Mamros)
Reply-To: mamros@ftp.com
walrus@enchanter.ifs.umich.edu (michael shiplett) writes:
> I've successfully installed a (the?) kerberized telnetd/telnet
>programs for SunOS 4.1.3 & NeXTSTEP 3.0. I have been trying
>unsuccessfully for a couple hours now to get the Bellcore kerberized
>ftpd/ftp working. I'm using the modified BSD ftp & have used both the
>modified WU & BSD ftpd. All of this is for K4.
>
> This is the client-side error I'm seeing [long lines split]:
[remainder of session deleted for brevity]
>Kerberos V4 krb_rd_safe failed: Message integrity error (krb_rd_req)
Hmm... This looks an awful lot like the "classic" V4 krb_rd_safe() bug
in the MIT code. What happens is that, when you exchange a safe message
between two machines that use different byte orderings (Suns are
big-endian, while NeXTSTEP runs on Intel-based (little-endian) PCs, right?),
krb_rd_safe() has to byte-swap the 16 byte checksum in the safe message
before it can successfully compare it vs. the checksum it calculates itself.
Problem is, krb_rd_safe() uses the swap_u_16() macro to do this, but if
you take a close look at the des_quad_cksum() routine, you'll see that
the checksum is actually constructed as four-byte blocks concatenated
together. swap_u_16() swaps the entire 16-byte value end over end, but
what you really want to do is to swap each four-byte piece *in place*.
A simple patch to rd_safe.c should fix the problem - basically you want
to use swap_u_long() four times rather than swap_u_16() once.
Hope this helps...
-Shawn Mamros
E-mail to: mamros@ftp.com
