[2886] in Kerberos-V5-bugs
Re: pending/556: prepending a '\'
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Tue Mar 10 02:27:45 1998
Date: Tue, 10 Mar 1998 02:27:36 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: krb5-bugs@MIT.EDU, "HNELLORE.US.ORACLE.COM" <HNELLORE@us.oracle.com>
Cc: gnats-admin@RT-11.MIT.EDU, krb5-prs@RT-11.MIT.EDU
In-Reply-To: HNELLORE.US.ORACLE.COM's message of Mon, 9 Mar 1998 22:22:01
-0500, <199803100322.WAA00564@rt-11.MIT.EDU>
Date: 09 Mar 98 19:00:27 -0800
From: "HNELLORE.US.ORACLE.COM" <HNELLORE@us.oracle.com>
This is regards to the unparsing of the component part and the realm
in the function
krb5_unparse_name_ext
When I have the string as oracle/hdang-sun.cisco.com@CCO.CISCO.COM
, then when krb5_unparse_name_ext parses this , it adds a '\'
character to the component part and the resulatant string for the
function who called it , (the service provider ) would look like
oracle\/hdang-sun.cisco.com@CCO.CISCO.COM
which is not the expected behaviour , Has this been fixed ?
This isn't a bug -- at least, not in krb5_unparse_name.
The backslash is escaping the forward slash character, presumably
because the principal you entered has one component, which is the string
"oracle/hdang-sun.cisco.com".
When you see something like "host/dcl.mit.edu@ATHENA.MIT.EDU", that
represents a principal with two components: "host" and "dcl.mit.edu",
and which is in the "ATHENA.MIT.EDU" realm.
I suspect that the bug is in your code that actually constructed the
krb5 principal; it generated a name with one component, when what you
really wanted was a krb5 principal name with two components, with the
first being "oracle", and the second being "hdang-sun.cisco.com".
Another way of putting this is that the "/" character is used to
separate components in Krb5 principal names. If the / character in an
actual component, it must be escaped with a backslash. Both krb5_parse
and krb5_unparse obey this convention.
So, if you passed the string "oracle\/hdang-sun.cisco.com@CCO.CISCO.COM"
to krb5_parse(), you would get the same krb5_principal that you had
started with before you called krb5_unparse(). However, the
krb5_principal represented by "oracle\/hdang-sun.cisco.com@CCO.CISCO.COM"
and "oracle/hdang-sun.cisco.com@CCO.CISCO.COM" are quite different. The
first has only one component, which contains '/' character, and the
second has two components, and the '/' character serves as a component
separator.
- Ted
