[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.6.[34] ticket forwarding or GSSAPI delegation,tickets have wrong address

To: Love Hörnquist Åstrand <lha@kth.se>
Subject: Re: heimdal 0.6.[34] ticket forwarding or GSSAPI delegation,tickets have wrong address
From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
Date: Mon, 23 May 2005 13:27:58 -0400
Cc: Brandon Allbery <allbery@ece.cmu.edu>, heimdal-discuss@sisc.se
In-Reply-To: <amd5rnjgzt.fsf@nutcracker.it.su.se>
References: <1115214301.1015.10.camel@pyanfar.ece.cmu.edu> <1115919819.1014.1.camel@pyanfar.ece.cmu.edu> <amd5rnjgzt.fsf@nutcracker.it.su.se>
Sender: owner-heimdal-discuss@sics.se

On Thu, 2005-05-19 at 18:52 +0200, Love HÃ¶rnquist Ã…strand wrote:
> "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> writes:
> > On Wed, 2005-05-04 at 09:45 -0400, Brandon S. Allbery KF8NH wrote:
> >> Basically, if I forward tickets, either via krb5 or via GSSAPI, the
> >> forwarded tickets have the originating host's address instead of the
> >> target system's address, making them quite useless.  See the attached
> >> sample (typescript from "telnet -F").
> >
> > So, do I infer this behavior is an intentional feature?
> 
> I can't reproduce it. Can you tell me what the krb5_get_forwarded_creds
> ends up putting in addrs ?

Getting a debugging build proved difficult; I'm not sure why...

(gdb) n
203         if (paddrs != NULL) {
(gdb) n
205             ret = getaddrinfo (hostname, NULL, NULL, &ai);
(gdb) n
206             if (ret) {
(gdb) n
213             ret = add_addrs (context, &addrs, ai);
(gdb) n
214             freeaddrinfo (ai);
(gdb) print addrs
$10 = {len = 1, val = 0x6b250}
(gdb) print addrs->val
$11 = (HostAddress *) 0x6b250
(gdb) print addrs->val[0]
$12 = {addr_type = 2, address = {length = 4, data = 0x6aec0}}
(gdb) print addrs->val[0].address.data
$13 = (void *) 0x6aec0
(gdb) print addrs->val[0].address.data[0]
Attempt to dereference a generic pointer.
(gdb) print ((char *)addrs->val[0].address.data)[0]
$14 = -128 '\200'
(gdb) print ((char *)addrs->val[0].address.data)[1]
$15 = 2 '\002'
(gdb) print ((char *)addrs->val[0].address.data)[2]
$16 = -120 '\210'
(gdb) print ((char *)addrs->val[0].address.data)[3]
$17 = -124 '\204'
(gdb) print ((unsigned char *)addrs->val[0].address.data)[2]
$18 = 136 '\210'
(gdb) print ((unsigned char *)addrs->val[0].address.data)[3]
$19 = 132 '\204'

...which looks right for tully.ece.cmu.edu (connection is from hilfy.ece
to tully.ece).  Nevertheless the tickets received on tully still have
hilfy's address.

-- 
brandon s. allbery   [linux,solaris,freebsd,perl]      allbery@kf8nh.com
system administrator      [WAY too many hats]        allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon univ.         KF8NH

References:
- heimdal 0.6.[34] ticket forwarding or GSSAPI delegation, ticketshave wrong address
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
- Re: heimdal 0.6.[34] ticket forwarding or GSSAPI delegation,tickets have wrong address
  - From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
- Re: heimdal 0.6.[34] ticket forwarding or GSSAPI delegation,tickets have wrong address
  - From: Love Hörnquist Åstrand <lha@kth.se>

Prev by Date: Re: Current ideas on kerberos requirements for Samba4
Next by Date: Re: Heimdal on the samba build farm
Prev by thread: Re: heimdal 0.6.[34] ticket forwarding or GSSAPI delegation,tickets have wrong address
Next by thread: heimdal and kaserver
Index(es):
- Date
- Thread