[1361] in Kerberos-V5-bugs
Kerberos 5 beta 5 and DCE Interoperability
daemon@ATHENA.MIT.EDU (Doug Engert)
Sat May 6 23:42:22 1995
Date: Sat, 06 May 95 22:41:42 CDT
From: "Doug Engert" <DEEngert@anl.gov>
To: <KRB5-BUGS@MIT.EDU>, <SIG-SECURITY@OSF.ORG>
Cc: <AUTHTF@ES.NET>, <KERBEROS@MIT.EDU>
I have found a problem with the asn1_get.c routine when using the K5 beta 5
kinit command. It would fail with a ASN.1 identifier doesn't match expected
value message.
It appears that the call to asn1buf_remains() which was in K5.4.3
in asn1_get.c was included at some point during the conversion to K5.5.
Changes were then made to asn1buf_remains() to fix the DCE encoding
problem. These same changes were not made to the inlined code in asn1_get.c.
By reverting to calling asn1buf_remains() rather then trying to
inline the code fixes the problem.See attached diff file.
I am now able to get tickets from the DCE security server (Transarc's 1.0.3a
running on Solaris 2.3) from a SunOS 4.1.3 kinit!!
(Still don't have any appls working, will get to them on monday.)
------- asn1_get.c -------
35,36c35,41
< if (buf == NULL || buf->base == NULL ||
< buf->bound - buf->next + 1 <= 0) {
---
> /* ANL - this was an inlined asn1buf_remains, but to get it
> to work with DCE, we need to go back to the modified
> version of the asn1buf_remains which was modified */
>
> /* if (buf == NULL || buf->base == NULL || ANL */
> /* buf->bound - buf->next + 1 <= 0) { ANL */
> if (asn1buf_remains(buf) <= 0){ /* ANL */
Douglas E. Engert
Systems Programming
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(708) 252-5444
Internet: DEEngert@anl.gov
