[Heimdal-source-changes] [heimdal/heimdal] 5b223c: roken: do not require use of rk_mkdir on all platf...

GitHub noreply at github.com
Sön Juli 28 03:18:19 CEST 2013 

  Branch: refs/heads/master
  Home:   https://github.com/heimdal/heimdal
  Commit: 5b223c2caa98068bb51d9c15123cadfe87b13297
      https://github.com/heimdal/heimdal/commit/5b223c2caa98068bb51d9c15123cadfe87b13297
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2013-07-27 (Sat, 27 Jul 2013)

  Changed paths:
    M lib/roken/Makefile.am
    M lib/roken/mkdir.c
    M lib/roken/roken-common.h
    M lib/roken/roken.h.in
    M windows/NTMakefile.config

  Log Message:
  -----------
  roken: do not require use of rk_mkdir on all platforms

Although rk_mkdir can be provided on all platforms there is no
reason to require that it be used by unconditionally mapping

  mkdir -> rk_mkdir

Change-Id: Ic149500037abf446434332bf6ba67dfb3906cd72


  Commit: 37ca3d35a9a0fc239e9a0d04164f41dd82ce493a
      https://github.com/heimdal/heimdal/commit/37ca3d35a9a0fc239e9a0d04164f41dd82ce493a
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2013-07-27 (Sat, 27 Jul 2013)

  Changed paths:
    M windows/NTMakefile.config

  Log Message:
  -----------
  Windows: use roken's rk_rename

Windows CRT rename does not unlink the target if it exists.

Change-Id: Id7bdf5729d418bb22b59ab11d0d5f31ccb7e3577


  Commit: 71fb56309c63f51ce9a4e0b6d454b60ff3ea786b
      https://github.com/heimdal/heimdal/commit/71fb56309c63f51ce9a4e0b6d454b60ff3ea786b
  Author: Jeffrey Altman <jaltman at secure-endpoints.com>
  Date:   2013-07-27 (Sat, 27 Jul 2013)

  Changed paths:
    M kdc/kerberos5.c

  Log Message:
  -----------
  _kdc_find_etype consolidation

The 'use_strongest_session_key' block and its alternate should
have similar behavior except for the order in which the enctype
lists are processed.  This patchset attempts to consolidate the
exit processing and ensure that the inner loop enctype and key
validation is the same.

Bugs fixed:

1. In the 'use_strongest_session_key' case, the _kdc_is_weak_exception()
   test was applied during the client enctype loop which is only
   processed for acceptable enctypes.   This test is moved to the
   local supported enctypes loop so as not to filter out weak keys
   when the service principal has an explicit exception.

2. In the 'use_strongest_session_key' case, the possibility of an
   enctype having keys with more than one salt was excluded.

3. In the 'use_strongest_session_key' case, the 'key' variable was
   not reset to NULL within each loop of the client enctype list.

4. In the '!use_strongest_session_key' case, the default salt test
   and is_preauth was inconsistent with the 'use_strongest_session_key'
   block.

With this consolidation, if no enctype is selected and the service
principal is permitted to use 1DES, then 1DES is selected.  It doesn't
matter whether 'use_strongest_session_key' is in use or not.

Change-Id: Ib57264fc8bc23df64c70d39b4f6de48beeb54739


Compare: https://github.com/heimdal/heimdal/compare/1826106ff4be...71fb56309c63

More information about the Heimdal-source-changes mailing list