[32309] in Kerberos
RFC 4121 (Kerberos 5 V2 - GSSAPI) - RRC
daemon@ATHENA.MIT.EDU (Srinivas Cheruku)
Thu May 6 06:37:17 2010
From: "Srinivas Cheruku" <srinivas.cheruku@gmail.com>
To: <krbdev@mit.edu>, <kerberos@mit.edu>
Date: Thu, 6 May 2010 16:07:03 +0530
Message-ID: <4be29bd7.881ee30a.0a27.3509@mx.google.com>
MIME-Version: 1.0
Content-Language: en-us
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi,
According to RFC 4121 on RRC Field:
Excluding the first
16 octets of the token header, the resulting Wrap token in the
previous section is rotated to the right by "RRC" octets. The net
The Wrap token should be rotated to the right by count specified in RRC
field, where as looks like MIT Kerberos (1.8.1) is rotating to left (when
gss_unwrap() is called). Is this right?
Code shown from krb5-1.8.1/src/lib/gssapi/krb5/k5sealv3.c, function
gss_krb5int_unseal_token_v3().
if (toktype == KG_TOK_WRAP_MSG) {
if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
goto defective;
if (ptr[3] != 0xff)
goto defective;
ec = load_16_be(ptr+4);
rrc = load_16_be(ptr+6);
seqnum = load_64_be(ptr+8);
if (!gss_krb5int_rotate_left(ptr+16, bodysize-16, rrc)) {
no_mem:
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
Thanks,
Srini
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
