Code review request: 7195426: kdc_default_options not supported correctly
Xuelei Fan
xuelei.fan at oracle.com
Fri Aug 31 09:51:39 UTC 2012
On 8/31/2012 3:08 PM, Weijun Wang wrote:
> Please take a look at the change
>
> http://cr.openjdk.java.net/~weijun/7195426/webrev.00
>
According to ASN.1 spec, "The leading bit of the bit string is
identified by the "number" zero, ..." [X.680]
124 private static final int KDC_OPT_RENEWABLE_OK = 0x00000010;
The position of renewable-ok is 27. I think the mask is 0x0000,0100.
125 private static final int KDC_OPT_FORWARDABLE = 0x40000000;
The position of FORWARDED is 2. I think the mask is 0x2000,0000.
Personally, I would like to use (1<<(31-n)) as the mask. It looks more
straightforward.
Xuelei
>
> It seems we confused the mask and the position.
>
> Thanks
> Max
>
>
>
> -------- Original Message --------
> 7195426: kdc_default_options not supported correctly
> http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7195426
>
> Product: java
> Category: jgss
> Subcategory: krb5plugin
>
> === *Description*
> ============================================================
> kdc_default_options is a hex number for krb5.conf to define the
> KDCOptions flags in a single integer where each bit of it represents one
> of 32 flags.
>
> If you want to find out if the n-th flag is turn on, you should check for
>
> kdc_default_options & (1<<(31-n))
>
> However, java currently checks for
>
> kdc_default_options & n
>
More information about the security-dev
mailing list