[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Time to Display My Ignorance, or What Is This Packet Anyway?
If the desire is to just send back an error it would be simpler to
patch the maybe_version4() routine in kerberos4.c to accept the packet.
That's just the first block in my patch.
- return len > 0 && *buf == 4;
+ return len > 0 && (*buf == 4 || *buf == 99);
+ /* 4 is the first byte of standard Kerberos 4 messages. */
+ /* 99 is the first byte of Transarc Windows Kerb 4 messages. */
The redundant check in do_version4() would then reject the Transarc
request with that same error anyway. No further changes needed.
I'd like one of the three possible patches in 0.7, so I don't have to
keep track of this in the long run. Obviously I'm voting for my patch
(until convinced otherwise), but any one should work.
> On Sep 16, 2004, at 4:52 AM, Love wrote:
>
>> So there is a patch, now that I remember who wrote it.
>>
>> http://www.e.kth.se/~mattiasa/patches/heimdal/4_decode.patch
>>
>> That solved the problem for us/them, its kind of strange how it works
>> though. It makes the code accept the broken request, detect the error
>> in
>> the patch (not version 4), and send back an error. This will make the
>> client try again, this time, it send a correct packet.
>>
>> At least that is how Mattias and I rememeber how it worked.
>>
>> Good luck,
>> Love
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu