svn rev #25706: trunk/src/lib/krb5/asn.1/
ghudson@MIT.EDU
ghudson at MIT.EDU
Tue Feb 21 23:00:11 EST 2012
http://src.mit.edu/fisheye/changelog/krb5/?cs=25706
Commit By: ghudson
Log Message:
ticket: 7092
Correct fix for #7092
Changed Files:
U trunk/src/lib/krb5/asn.1/asn1_k_encode.c
Modified: trunk/src/lib/krb5/asn.1/asn1_k_encode.c
===================================================================
--- trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2012-02-22 03:34:57 UTC (rev 25705)
+++ trunk/src/lib/krb5/asn.1/asn1_k_encode.c 2012-02-22 04:00:10 UTC (rev 25706)
@@ -173,8 +173,20 @@
DEFPTRTYPE(ptr_seqof_host_addresses, seqof_host_addresses);
DEFOPTIONALEMPTYTYPE(opt_ptr_seqof_host_addresses, ptr_seqof_host_addresses);
+/*
+ * krb5_kvno is defined as unsigned int, but historically (MIT krb5 through 1.6
+ * in the encoder, and through 1.10 in the decoder) we treat it as signed, in
+ * violation of RFC 4120. kvno values large enough to be problematic are only
+ * likely to be seen with Windows read-only domain controllers, which overload
+ * the high 16-bits of kvno values for krbtgt principals. Since Windows
+ * encodes kvnos as signed 32-bit values, for interoperability it's best if we
+ * do the same.
+ */
+DEFINTTYPE(kvno, krb5_kvno);
+DEFOPTIONALZEROTYPE(opt_kvno, kvno);
+
DEFFIELD(enc_data_0, krb5_enc_data, enctype, 0, int32);
-DEFFIELD(enc_data_1, krb5_enc_data, kvno, 1, opt_uint);
+DEFFIELD(enc_data_1, krb5_enc_data, kvno, 1, opt_kvno);
DEFFIELD(enc_data_2, krb5_enc_data, ciphertext, 2, ostring_data);
static const struct atype_info *encrypted_data_fields[] = {
&k5_atype_enc_data_0, &k5_atype_enc_data_1, &k5_atype_enc_data_2
More information about the cvs-krb5
mailing list