Code review request: 8016594: Native Windows ccache still reads DES tickets

Weijun Wang weijun.wang at oracle.com
Wed Aug 7 10:58:26 UTC 2013



On 8/7/13 5:23 PM, Dmitry Samersoff wrote:
> Weijun,
>
> nativeccache.c:
>
> 322: Could you change strlen("krbtgt") to sizeof("krbtgt")-1 to save a
> bit of computer power?

Sure.

>
> NativeCreds.c:
>
> (a)
> 478: As it doesn't have sence to process ticket if
> KERB_TICKET_FLAGS_invalid is set, it might be better to move
>
> if (msticket->TicketFlags & KERB_TICKET_FLAGS_invalid)  out of loop to
> ll. 462

Good. I'll also move the time compare out of loop.

>
> (b)
> Original code always ignore RC4 & MD4 combination, but changed code not.
> Is it intentional? if yes, could you add an appropriate comments?

That's because KERB_ETYPE_RC4_MD4 is a MS-private etype we don't 
support. Now that we pass in default_tkt_enctypes explicitly as an 
argument it seems no need to hardcode or comment on anything.

Thanks
Max

>
> -Dmitry
>
> On 2013-07-15 15:02, Weijun Wang wrote:
>> Please take a look at
>>
>>     http://cr.openjdk.java.net/~weijun/8016594/webrev.00/
>>
>> Instead of always reading tickets with session key of DES/RC4 etypes, it
>> should accept any ticket in the default_tkt_enctypes setting.
>>
>> No reg test, needs a SQE test running with Windows 2008 as server.
>>
>> Thanks
>> Max
>
>



More information about the security-dev mailing list