RFC 4121 (Kerberos 5 V2 - GSSAPI) - RRC
Srinivas Cheruku
srinivas.cheruku at gmail.com
Thu May 6 06:37:03 EDT 2010
Hi,
According to RFC 4121 on RRC Field:
Excluding the first
16 octets of the token header, the resulting Wrap token in the
previous section is rotated to the right by "RRC" octets. The net
The Wrap token should be rotated to the right by count specified in RRC
field, where as looks like MIT Kerberos (1.8.1) is rotating to left (when
gss_unwrap() is called). Is this right?
Code shown from krb5-1.8.1/src/lib/gssapi/krb5/k5sealv3.c, function
gss_krb5int_unseal_token_v3().
if (toktype == KG_TOK_WRAP_MSG) {
if (load_16_be(ptr) != KG2_TOK_WRAP_MSG)
goto defective;
if (ptr[3] != 0xff)
goto defective;
ec = load_16_be(ptr+4);
rrc = load_16_be(ptr+6);
seqnum = load_64_be(ptr+8);
if (!gss_krb5int_rotate_left(ptr+16, bodysize-16, rrc)) {
no_mem:
*minor_status = ENOMEM;
return GSS_S_FAILURE;
}
Thanks,
Srini
More information about the Kerberos
mailing list